Discussion in 'other anti-virus software' started by stratoc, Apr 24, 2012.
Thanks a lot, I saw an update today which very much looked like it but wasn't 100% sure.
He did have Smart Screen turned on - that vid was at my request.
Check your PMs.
He's using IE8, it uses an older version of SmartScreen which doesn't include AppReputation. It is a file reputation feature, and looking at the file sources he's downloading from, all of them would be blocked.
Wrong! McLovin did a vid that tested MSE + IE9.
Check your PMs.
I watched it. Everything malicious was blocked and everything not malicious was not blocked.
The only flaw here is his sample list. That much is overly obvious from watching the video. He thinks files from mylanviewer and a genuine Chinese software download site are malicious. Sorry to break it to you, but SmartScreen worked perfectly.
The only unfortunate thing here is the download site he chose to download a file from, similar to other free download sites, bundles adware with their installers.
As you can see in the MWB scan at the end, everything detected was the adware bundled with the installer. Everything in the temporary internet files were the blocked malicious files.
I think people watch these videos without the slightest clue of what these links are, and automatically assume that most Chinese links and software are malicious.
edit: Just to clarify I am not saying MSE did its job here, MSE failed. It should detect such adware and remove it. My point here is that SmartScreen worked, it blocked ALL the malicious links. However, you cannot expect them to block links from free download sites such as Softpedia or Brothersoft. Whilst download sites may choose to bundle adware with their installers, the download itself is still genuine.
Uh, there were several trojans and other malware that it let in - see HMP results. Smart Screen on or not, that stuff went through. And, where's MSE/SS's banking, shopping, financial protection? Waking up with $50,000 gone from my bank account while trying to save paying a few bucks for an AV....no thanks.
Bty - McLovin gets his malware packs from the Virus Exchange at MalwareTips,com
There was 0 malware. This much is obvious by:
1) Comparing the HMP names to MWB names, the latter clearly shows it was all adware.
2) Looking at the HMP results themselves. If you let the video scroll down there are 2 results in the EXACT SAME directory. One is labelled "riskware" and the other is labelled a "Trojan". Seems like a simple misidentification to me.
Do you actually buy in to that marketing talk? :x Buy our product, it has special banking, shopping, and financial protection! Ugh..
The video should be completely disregarded solely on the fact that not all the files are malware links, the author clearly doesn't know what actual malware is and probably just grabs random links posted on a website. Leave the malware testing to the professionals, which funnily enough, have already proven SmartScreen to be extremely effective.
Just read a bit of this thread. MSE may be O.K. for the technically aware, but for much of its target audience it provides a false sense of security. MSE does a terrible job with adware, riskware and the like. That leads to bigger problems. Once search results are hijacked, malware and rogues get downloaded next as an unsophisticated user looks for solutions to the adware using the shady search engine. I've seen it over and over and over again. Microsoft has had ample time to improve detections and repair. I sincerely hope they step up to the plate someday, but for now there are vastly superior free choices.
Regarding SmartScreen, I use and recommend a different browser, but I tried to download LibreOffice with IE10 today for a client. It was flagged by SmartScreen. Hmm. That's one way to push Office2013/365/SkyDrive. Not cool, MS.
I checked what I have been submitting to Microsoft(with signing),but non of the files have feedback.some files are 6 months old!!!
This is what I found under feedback button:
so,submitting (along with signing) does nt change anything
Microsoft Security Essentials 18.104.22.168 Prerelease
I really wish microsoft would issue detailed changelogs.
Also for those of us on windows 8 like myself is there a windows defender pre release?
I could test mse on my windows 7 laptop if not.
Besides online submission,can we send samples through this address?
phyniks, yes, if it's a virus, worm, or trojan horse submission. For spyware or other malware, the submission goes to email@example.com
FYI. See Report a Computer Security Vulnerability, under the I want to submit a malware sample to Microsoft question.
Thanks,how long does it take for MS to check the samples
I ve seen other vendors analyse within 1 to three days,but I think MS is somewhat slow....
phyniks, you're welcome!
In my experience, any online submission that I have sent to them, results in a new MSE definition file within hours, or at the most, one day.
Your mileage may vary.
Trying this on W7 SP1 x64, comparing it to W8.1 Preview's Defender (Defender 4.3.9431). Same engine (1.1.9800.0) , same Network Inspection System Engine, too (2.1.9900.0). So I would expect the overall effectiveness of the program to be the same. Some differences in the client UI - for example, unlike Defender in W8.1, with this MSE 4.4.207 you can schedule scans.
I have not compared it to the MSE 4.3.216 version for W7 - maybe it already has those engines. If so, MSFT is making changes to the client UI, not the underlying antimalware capabilities. Ho hum.
Microsoft: Security Essentials provides "baseline" protection
26 Sep 2013
Microsoft: Security Essentials is designed to be bottom of the antivirus rankings
25 Sep 2013
Do you know why MSE is now performing poorly in tests?
Because they have stopped trying to fool you like almost everyone does:
Previously, Microsoft would spend resources trying to improve Security Essentials' performance in tests. "We used to have part of our team directed towards predicting test results and figuring out what might be in someone’s test. There’s always a cost to that," she said. "If they are doing that work they are not looking at those threats that are affecting our customers. We always felt that was wrong. There’s something not right about that – we’re not doing the best job for our customers."
The company decided to stop that practice and put its effort elsewhere.
"We put half of those people on focusing on what we call prevalent threats. We developed this new telemetry to look for emerging threats - sort of an early notification system that new threats were emerging. We had this group of folks start focusing on those threats and we saw that it increased our protection service level for our customers."
Something that Symantec also began to do some time ago:
The question does come up—why couldn't they adjust the product so it does what they think it should and also passes all the tests? Indeed, rumor has it that some vendors assign as many as a dozen engineers specifically to the task of ensuring good test scores. My Symantec contacts say doing so would just encourage retention of what they consider to be bad testing styles; they don't want to be enablers.
Do you need more proof that all those on-demand-scan 99.99% detection tests are futile? It's a shame that developers that are doing the right thing get bashed by some people for doing so every time that a new on-demand test is released.
If most vendors really cheat in advance for detection tests by guessing which malware will probably come up, I'd say it's easier to cheat when the tests keep being carried out regularly. Don't know whether it would be legitimate or not, but IMO testers should just catch them all off guard with these kind of tests.
Re: Do you know why MSE is now performing poorly in tests?
Based on this logic, all SAT, GRE tests are ~ Snipped as per TOS ~ because exam-takers can guess what will be in the exam. Theoretically, yes, you can guess. In reality, no way, because there are too many question sets to do any meaningful guess, and as a result, the test results will be a real reflection of their performance level.
The same as for antivirus test. In theory, yes you can guess what types of virus samples will be in the tests. In reality, no way, because there are literally hundreds of thousands of new malware entries each single day. So if anyone can do well in tests, then it generally means that AV software has a higher level of protection.
Please, for companies such as MS and Symantec, assuming they put a dozen of software engineer working exclusively for improving their test score, the salaries of a these people are nothing. I don't understand what the fuss about a dozen software engineers. I don't believe MS or Syamntec or any large firm's research ability will hurt if they hire 12 ppl oversee test performance; and I don't think their research ability will hugely improved if they divert these 12 ppl for "real antivirus research". Seems to me their logic is flawed, although I agree that the current AV test results sometimes are too good to me true.
Re: Do you know why MSE is now performing poorly in tests?
But even if they're honest, lots of students doing well in these tests go on to fail at their jobs and/or forget whatever they had learned while many less successful ones who might have even failed at school can have a better future, which nobody is ruling out.
OTOH, the most famous and respected AV tests are definitely expected to be more reliable than their academic counterparts (at least on paper). The consequences of cheating are more pronounced here than cheating in an exam - the vendor is able to fool consumers into thinking their product is better than it actually is, giving them a false sense of complacency.
Tests are always going to be imperfect, but if they're done often by different labs then I feel the performance/score of products over all is valid. The alternative, which is to believe whatever the vendors say, doesn't seem like a better option. Vendors typically overstate the effectiveness of their products and downplay their weaknesses. MSE has been no different in that regard. It is a good thing that Microsoft has stated that MSE is basic protection because many people have wanted to believe otherwise.
Separate names with a comma.