Microsoft Security Essentials

I disagree, try looking at the official tests.

 

I'd still like to see MSE results on an on-demand test with AV-Comparatives.
Microsoft One Care scored 'Standard' on the last two on-demand tests.

 

I uploaded a couple of files to there online submission webpage. If you sign in you can track the submission. My first file was detected next day and I received a reply. I am quite impressed with there submission system.

Cheers

Jlo

 

With regards to the last AV-C test, IBK has said MSE scored the same as OneCare.

 

AVs companies to be effective, they must have consistent high detections results all the time no matter what the circumstances are (if they are tested as a group with the same parameters).

For MS to launch a free AV that is very promising in the beginning and becomes less than average as time goes by, it doesn't seem to make any sense from a marketing point of view. Time will tell, and for users(the ones who don't care about security) who buy a new computer with MSE installed by default, it will make a tremendous difference on the internet community's general health.

 

With respect, OneCare came 2nd on the proactive test earlier this year. It is also scoring 2/3 (arguable) in the proactive/reactive VB tests. But no one is saying there isn't room for improvement, I'd much like to see the detection on the normal tests rise by at least 5%.

 

I'm actually a supporter and believer in the future of MSE (I have Avira Premium on one machine and MSE on my main laptop, I'm still undecided though whether to keep it or not). Among the the free AVs, MSE is potentially the most promising.

I think there is no reason for MS to embark into the AV business with a product that is average(let's not forget that average nowadays means high detection within the the AV Comparative parameters). One full year of tests, and various reviews are probably required to find out if MS is serious about it.

 

Without web scanning, dangerous URLs blocking and behavior blocking MSE can offer only basic (essential) protection. I think that overestimation of MSE could be dangerous and that the antivirus testing by on-demand scanning of a vast number of malware samples does not give a true picture of strenght of the modern antivirus software.

 

Hi,

I've been running MSE for the third day now, and I ran its full scan today, picking up nothing However, I always run a SAS scan as well to be sure, and sure enough, it picked up a "atdmt" logged as adware.

Is this normal? Is "atdmt" a false positive? I googled it and it doesn't seems the case. So I take it that MSE doesn't pick up adware? Or is there a good technical explanation for this that a non-computer savvy person like me cannot comprehend?

Oh by the way, my MSE did automatically update itself! Thanks elapsed

 

Sounds like a cookie detection to me.

Cookies pose a very marginal privacy threat. They are best handled by your browser NOT accepting 3rd party cookies.

 

I thought cookie are there to help speed up internet browsing speed? Or is that cache...? Anyway, thanks, I'll try disabling cookies for my browser.

 

Don't disable cookies, disable 3rd party cookies. This means when you visit a website only cookies from that website can be stored, instead of lots of cookies from other websites.

Heh you sound like a Norton employee giving a speech! Cmon man, everything you visit online is stored in cache where it can be suspended and removed. MSE has handling for exploits only from dangerous websites including Javascript and PDF, it's more than capable of blocking threats you mentioned.

 

Thanks man! My English improved a bit since I write on forum

It may be or may be not. Who knows and who can claims when thousands of new malware appears every day. So, I rather choose antivirus that can block access to dangerous domains or suspicious web pages or that can block malware files before they are found on my pc, than to rely solely on its ability to deal with malware (and all annoying traces that malware could left on pc) that are found (or even executed) on my pc.

Modern antivirus software must have multiple layers of defense (malicious URLs blocking, web traffic and local files scanning, behavior blocking etc...) Therefore, antivirus which has only one layer, imho, can not be considered the best, no matter how good it is.

Simplicity and small usage of pc resources can not be an excuse for the lack of different layers of defense. There are antiviruses that have all that I mentioned and that are as light as the MSE.

 

You're kind of biting yourself here, you're saying "who really knows" that tons of new malware appears every day, as if you don't trust these sources. It's the exact same sources that tell you that you need multiple layers of defense. So you don't trust them but you trust them? Understand what I mean?

MSE has multiple layers of defense, they just aren't abundantly obvious simply because of the light approach it takes, and no you don't need "url blocking" in your AV. Especially considering nearly every browser does this already. MSE scans all web traffic because web traffic ultimately lands on your pc where it is scanned, it scans local files also.

You have yet to mention any real problem with MSE.

 

Not to mention MSE defence is augmented in most cases by the Internet Explorer 8 feature SmartScreen filter, and in Vista/7 by the Protected mode (assuming what I'd call 'normal home user' scenario).

 

Yes, I need URLs blocking in my antivirus because Avira and Avast block access to dangerous URLs when Firefox did not do it for many, many times.

I shall mention the two most important. MSE has not any advanced antimalware protection (except generic detection ) therefore can not blocks access to malware or scans on-the-fly, before malware being downloaded to pc. But my biggest problem with MSE is to discover at least one really good reason why I should use it at all in addition to free antivirus software such as Avast, Avira or AVG?

I think that MSE has yet to prove that it is better than competition and that you (as MSE fanboy) have yet to convince other people that the MSE is better than the other antiviruses and not vice versa.

 

Blocking the URL/webpage completely is an added bonus provided by browsers and completely unnecessary to keep you protected. If the page contains a malicious file or script the most important thing is blocking the script or file which MSE does excellently.

Are you being serious? What exactly is "advanced antimalware protection". You know what it is? A marketing gimmick, snake oil, you've bought your heart into.

You seriously think if one product advertises antimalware protection and another advertises advanced anti malware protection it's better? You're very wrong my friend..

To correct you, MSE's heuristics are one of the best in the area, just look at the proactive tests(AVC/VB), even OneCare was high in proactive.

Obviously you have not tested it, because yes, it can.

Why would you use multiple AV's?

Correct!

Uh... I'm not getting paid by Microsoft to convince you to use it's products, so why exactly should I bother? You're not getting paid by another product to make false statements about MSE, so why are you bothering?

The point I'm making, again.. is that you STILL have said *nothing* that MSE lacks that would pose a security risk to the user, only come up with fancy words that mean nothing.

 

Obviously, we will never agree about URLs blocking.

This is the simplest and most effective way that user stay protected. For example, there are sites where the malware (usualy, rogue antivirus software) are changed on a hourly bases. One of the ways in which the user can be effectively protected is to use the antivirus which blocks access to such a page. MSE can not do that unlike many other antiviruses, so that users completely depend on the ability of MSE to identify and remove malware which is much riskier than blocking access to the page.

This is a simple and very effective way to protect less experienced users (who are most vulnerable) and Alwil, Avira, Eset, Malwarebyte and others do not expect that browsers provide such protection to its users.

 

You are correct that busy malware sites that are changing files regularly are better blocked by URLs. But I have never come across a website such as this that's online longer than a day serving malware and not been blocked by browsers.

In this first day the most important thing is heuristics/etc which is what Microsoft (and other AV vendors) is attempting to master.

 

If you really want to see MSE in action against rogue antivirus you can go to, for example, this topic on Avast Beta forum and use link published in post #4. After that you can compare how MSE handled with the malware compare to Avast, Avira or Malwarebytes, for example.

MSE has a pretty good generic detections but generic detections is not very useful when it comes to rogue antivirus software, so, modern antivirus software, imho, must have some advance (or extra) protection beside giant signature base and good generic detections. In the cases of rogue antivirus software it is URLs blocking, in some other cases malware behavior blocking module etc ...

 

You're seriously basing the AV world on 1 URL? Well congratulations you prove my point! The first thing that happened when I browsed to that website? My browser (firefox) blocked the URL.

Unfortunately no MSE does not detect the file, but we all know no AV detects 100%. Also, MSE DOES need to improve their detection rate. But yet again I've been protected by my browser WITHOUT the overhead of using a "web shield".

EDIT: lol? Avast! does NOT detect this file either. So your point is completely invalid.

 

As has been said a few times before, the problem with rogue AV/AS software is that many respected AV vendors may mark the files as clean because there's no malicious code therein. Since that is the case, it stands to reason the URL won't be blocked either under any URL blocking measures the AV product employs. This is changing albeit slowly; the difficulty is files change rapidly and in some cases URLs change too.

 

It could be argued Firefox is using a form of web shield since when using that option, it downloads a database of known attack sites/forgeries. Providing those lists are kept up to date, you're protected.

 

Yup it could be in a way just that it's blocking on a list instead, but this is kind of my point, it's already there in your browser, so why would one think MSE is a failure for not having one? Infact I'm sure the real reason it doesn't have one is because of the protection implemented in IE8.

 

Well, you are one very lucky guy because Firefox (3.5.3) does not block the URL on my PC (nor Opera 10 and Internet Explorer 7).

MSE did not recognize the rogue antivirus but Avast did (I am using Avast 5 beta). MBAM stopped the malware by blocking the URL. In some other cases Avast protects PC by blocking the whole url without tempts its heuristics (Avast 5 will have Behavior blocking shield but it is still not implemented in the latest beta. With behavior blocking Avast will have one more layer for great PC protection).

So, this is just an illustration of what I want to emphasize and that is that more layers of antivirus software provides more, not less protection for users.