Microsoft Security Essentials

In my opinion the lack of web scanner is the bigest flaw for the MSE. MSE scans only those files that are downloaded to disk. It is risky because in case of, for example, drive-by exploit MSE detects exploit when it is downloaded. Unfortunately, very often it is too late.

I would rather choose an antivirus that has web scanner and that can detect malware coming from the web before data actualy reache to disk. Many times I was in situation when Avira Free (which has no web scanner) detected malware too late. In the identical situation Avira Premium, thanks to the web scanner, protected pc without difficulty.

I would really like to see MSE with web scanner and capability for blocking dangerous IPs / URLs. I think that MSE then really would be probably the best choice among antiviruses.

 

Incorrect, for the script to take advantage of the exploit it needs to be saved to cache, in most cases, this download to cache is suspended before the exploit script can even finish downloading and it's detected by MSE during download. In cases where the whole file needs to be scanned, newly created files are always suspended for scanning and are harmless.

 

Besides if you use a program like Sandboxie it will/Should be contained already.

 

Sandboxie was not even brought up. Lets try not to RE Hijack a thread as it just got back on track in the first place. We don't need to start going down the same path we just got off in the first place, Nor do you want this thread closed due to A vs B which it will eventuality turn into if this keeps up ;(

 

Vista Home Premium SP1 question! I've always had Windows Updates set to inform me but not download and install. Do I need to have it set to download and install to keep MSE's strictures updated? Thank You!

 

No, you don't.

 

I ask for an explanation and will be glad to learn something from you.

If I understood well, you claim one of these things:

a) MSE has some special features (detecting and removal technics or whatever to be called), which enables to MSE to be as effective (in detecting and removing exploits and other malware coming from the web) as antiviruses that have a web scanner?

b) There are no big differences between antiviruses that have web scanner and antiviruses that do not have a web scanner, that both of them, under some circumstances, can be equally effective and that the whole story about the importance of web scanners is just a snake oil?

@ Fajo

You're so funny (in a positive sense).
Will you write something about MSE finally?

 

The main useful thing behind web scanners is URL blocking which is what browsers do, the actual scanning of files in transit is about as useful as POP3 scanning (not very useful, but some people really like these features). Everything eventually ends up on your drive where it can be suspended and removed before it is even run.

But you need to be careful, some AV's will keep detection of scripts/etc in a separate module (MSE does not do this, MSE has detection for everything in 1 module so you're safe) and disabling the web module in those AV's can potentially reduce your protection. I believe this is where the main belief that having a web scanner increases your protection comes from, especially if the AV company wants to have slightly increased heuristics on their web module (which can be argued to create more FPs from downloaded files), rather than their standard scanning module. With MSE, the heuristics are the same throughout the program (and we already know from tests they are really good), so again, it does not need detection of scripts/etc in a separate module.

 

Hello, if you hit the update now button it will delay the auto udate, I suggest you leave it alone for a few days and you should start noticing it updating itself.

 

Anyone ?

 

Vista/7 = ProgramData\Microsoft\Microsoft Antimalware

 

I can not agree with your claim because I know that everything comes from the Internet may not be saved in the browser's cache before, eventually, it is used. But, since I do not take my opinion on this matter for particularly relevant, I put here the link to very interesting explanation posted on this forum by Vlk (Vlk is antimalware expert and member of the Avast's team).

Vlk's post best explains why the web scanner is very useful addition to any anti-virus which aims to provide not only basic antimalware protection.

 

A question, not just specifically related to MSE. Without a web shield, does MSE (or other AVs) scan files only after they are written to disk? Not when code/malware just resides in memory (RAM) ?

 

You seem to misunderstand again, I wasn't explaining the use of a cache, but for you to see something on your screen, it NEEDS to be downloaded, where it is scanned before it is run, it's not a mater of "agreeing" with me it's a matter of FACT, it does NOT matter where it is downloaded, it WILL be downloaded so your computer can run it and you see the effect. You cannot escape having a file scanned.

 

bottom line, MSE is the best AV out there. Time will tell but they are going to sink vast resources into making it stay that way. Or at least that is what a little birdie out west told me.

 

Not really a fact as much of a hope I'd assume

 

will be in time for next round of testing, take my word on that. Detection is the key that resources are being aimed at.

 

Did anyone else get an email yesterday from MS about beta testing the new build?

 

Yes. I did about 4 days ago.

Ice

 

What's new in the beta?

 

Nope, how does one get it?

 

https://connect.microsoft.com/site/sitehome.aspx?SiteID=981

 

Just thought I'd point something out in case some MSE users missed it: If you log in with your Windows Live ID before submitting malware samples at the Microsoft Malware Protection Center, the site will keep track of your submissions.

 

I think the Vlk presented slightly different facts (here is the source):

Would you be so kind to comment Vlk's explanation, because, if I understood it well, there is malware that can compromize pc security completely independent of whether the malicious file is written to the browser's cache (or anywhere else on the hard disk) and intercepted by the AV file system scanner.

This is the main reason why web scanners are invented. Why would antiviruses have web scanners at all if they could be equally effective without them?

I think that it is very important question for understanding the comprehension of protection provided by MSE.

 

Yeah, got one on the 23rd, but I think I'm going to pass on any further beta testing and just stick to the releases.