MSE 4

Discussion in 'other anti-virus software' started by stratoc, Apr 24, 2012.

  1. zerotox

    zerotox Registered Member

    Joined:
    Jul 16, 2009
    Posts:
    419
    Thanks a lot, I saw an update today which very much looked like it but wasn't 100% sure.
     
  2. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    He did have Smart Screen turned on - that vid was at my request.
    Check your PMs.
     
    Last edited: Aug 13, 2013
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    He's using IE8, it uses an older version of SmartScreen which doesn't include AppReputation. It is a file reputation feature, and looking at the file sources he's downloading from, all of them would be blocked.
     
  4. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Wrong! McLovin did a vid that tested MSE + IE9.
    http://www.youtube.com/watch?v=58t8ylXeaGQ
    Check your PMs.
     
  5. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I watched it. Everything malicious was blocked and everything not malicious was not blocked.

    The only flaw here is his sample list. That much is overly obvious from watching the video. He thinks files from mylanviewer and a genuine Chinese software download site are malicious. Sorry to break it to you, but SmartScreen worked perfectly.

    The only unfortunate thing here is the download site he chose to download a file from, similar to other free download sites, bundles adware with their installers.

    As you can see in the MWB scan at the end, everything detected was the adware bundled with the installer. Everything in the temporary internet files were the blocked malicious files.

    I think people watch these videos without the slightest clue of what these links are, and automatically assume that most Chinese links and software are malicious.

    edit: Just to clarify I am not saying MSE did its job here, MSE failed. It should detect such adware and remove it. My point here is that SmartScreen worked, it blocked ALL the malicious links. However, you cannot expect them to block links from free download sites such as Softpedia or Brothersoft. Whilst download sites may choose to bundle adware with their installers, the download itself is still genuine.
     
    Last edited: Aug 15, 2013
  6. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Uh, there were several trojans and other malware that it let in - see HMP results. Smart Screen on or not, that stuff went through. And, where's MSE/SS's banking, shopping, financial protection? Waking up with $50,000 gone from my bank account while trying to save paying a few bucks for an AV....no thanks.
    Bty - McLovin gets his malware packs from the Virus Exchange at MalwareTips,com
     
    Last edited: Aug 15, 2013
  7. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    There was 0 malware. This much is obvious by:
    1) Comparing the HMP names to MWB names, the latter clearly shows it was all adware.
    2) Looking at the HMP results themselves. If you let the video scroll down there are 2 results in the EXACT SAME directory. One is labelled "riskware" and the other is labelled a "Trojan". Seems like a simple misidentification to me.

    Do you actually buy in to that marketing talk? :x Buy our product, it has special banking, shopping, and financial protection! Ugh..

    The video should be completely disregarded solely on the fact that not all the files are malware links, the author clearly doesn't know what actual malware is and probably just grabs random links posted on a website. Leave the malware testing to the professionals, which funnily enough, have already proven SmartScreen to be extremely effective.
     
  8. geekatlarge

    geekatlarge Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    66
    Location:
    Searching for $Windows.~BT folders
    Just read a bit of this thread. MSE may be O.K. for the technically aware, but for much of its target audience it provides a false sense of security. MSE does a terrible job with adware, riskware and the like. That leads to bigger problems. Once search results are hijacked, malware and rogues get downloaded next as an unsophisticated user looks for solutions to the adware using the shady search engine. I've seen it over and over and over again. Microsoft has had ample time to improve detections and repair. I sincerely hope they step up to the plate someday, but for now there are vastly superior free choices.

    Regarding SmartScreen, I use and recommend a different browser, but I tried to download LibreOffice with IE10 today for a client. It was flagged by SmartScreen. Hmm. That's one way to push Office2013/365/SkyDrive. Not cool, MS. :thumbd:
     
  9. phyniks

    phyniks Registered Member

    Joined:
    Jun 3, 2011
    Posts:
    258



    I checked what I have been submitting to Microsoft(with signing),but non of the files have feedback.some files are 6 months old!!!

    Any idea.....?
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,032
    Location:
    Texas
  11. phyniks

    phyniks Registered Member

    Joined:
    Jun 3, 2011
    Posts:
    258
    This is what I found under feedback button:

    so,submitting (along with signing) does nt change anything
     
  12. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,729
    Location:
    Germany
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,065
    I really wish microsoft would issue detailed changelogs.
    Also for those of us on windows 8 like myself is there a windows defender pre release?
    I could test mse on my windows 7 laptop if not.
     
    Last edited: Sep 10, 2013
  14. phyniks

    phyniks Registered Member

    Joined:
    Jun 3, 2011
    Posts:
    258
  15. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
  16. phyniks

    phyniks Registered Member

    Joined:
    Jun 3, 2011
    Posts:
    258
    Thanks,how long does it take for MS to check the samples
    I ve seen other vendors analyse within 1 to three days,but I think MS is somewhat slow....
     
  17. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,410
    Location:
    U.S.A.
    phyniks, you're welcome!

    In my experience, any online submission that I have sent to them, results in a new MSE definition file within hours, or at the most, one day.

    Your mileage may vary. ;)
     
  18. Sprocket

    Sprocket Registered Member

    Joined:
    Dec 24, 2012
    Posts:
    75
    Trying this on W7 SP1 x64, comparing it to W8.1 Preview's Defender (Defender 4.3.9431). Same engine (1.1.9800.0) , same Network Inspection System Engine, too (2.1.9900.0). So I would expect the overall effectiveness of the program to be the same. Some differences in the client UI - for example, unlike Defender in W8.1, with this MSE 4.4.207 you can schedule scans.

    I have not compared it to the MSE 4.3.216 version for W7 - maybe it already has those engines. If so, MSFT is making changes to the client UI, not the underlying antimalware capabilities. Ho hum.
     
  19. anon

    anon Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    7,980
  20. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    Do you know why MSE is now performing poorly in tests?

    Because they have stopped trying to fool you like almost everyone does:

    Previously, Microsoft would spend resources trying to improve Security Essentials' performance in tests. "We used to have part of our team directed towards predicting test results and figuring out what might be in someone’s test. There’s always a cost to that," she said. "If they are doing that work they are not looking at those threats that are affecting our customers. We always felt that was wrong. There’s something not right about that – we’re not doing the best job for our customers."

    The company decided to stop that practice and put its effort elsewhere.
    "We put half of those people on focusing on what we call prevalent threats. We developed this new telemetry to look for emerging threats - sort of an early notification system that new threats were emerging. We had this group of folks start focusing on those threats and we saw that it increased our protection service level for our customers."


    http://www.pcpro.co.uk/news/securit...signed-to-be-bottom-of-the-antivirus-rankings



    Something that Symantec also began to do some time ago:

    The question does come up—why couldn't they adjust the product so it does what they think it should and also passes all the tests? Indeed, rumor has it that some vendors assign as many as a dozen engineers specifically to the task of ensuring good test scores. My Symantec contacts say doing so would just encourage retention of what they consider to be bad testing styles; they don't want to be enablers.

    http://www.pcmag.com/article2/0,2817,2424118,00.asp


    Do you need more proof that all those on-demand-scan 99.99% detection tests are futile? It's a shame that developers that are doing the right thing get bashed by some people for doing so every time that a new on-demand test is released.
     
  21. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    If most vendors really cheat in advance for detection tests by guessing which malware will probably come up, I'd say it's easier to cheat when the tests keep being carried out regularly. Don't know whether it would be legitimate or not, but IMO testers should just catch them all off guard with these kind of tests.
     
    Last edited: Sep 26, 2013
  22. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,926
    Re: Do you know why MSE is now performing poorly in tests?

    Based on this logic, all SAT, GRE tests are ~ Snipped as per TOS ~ because exam-takers can guess what will be in the exam. Theoretically, yes, you can guess. In reality, no way, because there are too many question sets to do any meaningful guess, and as a result, the test results will be a real reflection of their performance level.

    The same as for antivirus test. In theory, yes you can guess what types of virus samples will be in the tests. In reality, no way, because there are literally hundreds of thousands of new malware entries each single day. So if anyone can do well in tests, then it generally means that AV software has a higher level of protection.

    Please, for companies such as MS and Symantec, assuming they put a dozen of software engineer working exclusively for improving their test score, the salaries of a these people are nothing. I don't understand what the fuss about a dozen software engineers. I don't believe MS or Syamntec or any large firm's research ability will hurt if they hire 12 ppl oversee test performance; and I don't think their research ability will hugely improved if they divert these 12 ppl for "real antivirus research". Seems to me their logic is flawed, although I agree that the current AV test results sometimes are too good to me true.


     
    Last edited by a moderator: Sep 26, 2013
  23. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Re: Do you know why MSE is now performing poorly in tests?

    But even if they're honest, lots of students doing well in these tests go on to fail at their jobs and/or forget whatever they had learned while many less successful ones who might have even failed at school can have a better future, which nobody is ruling out.

    OTOH, the most famous and respected AV tests are definitely expected to be more reliable than their academic counterparts (at least on paper). The consequences of cheating are more pronounced here than cheating in an exam - the vendor is able to fool consumers into thinking their product is better than it actually is, giving them a false sense of complacency.
     
    Last edited: Sep 27, 2013
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Tests are always going to be imperfect, but if they're done often by different labs then I feel the performance/score of products over all is valid. The alternative, which is to believe whatever the vendors say, doesn't seem like a better option. Vendors typically overstate the effectiveness of their products and downplay their weaknesses. MSE has been no different in that regard. It is a good thing that Microsoft has stated that MSE is basic protection because many people have wanted to believe otherwise.
     
  25. escalibur

    escalibur Registered Member

    Joined:
    Jun 29, 2013
    Posts:
    118
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.