MSE letting me down

being the goto guy in my circle of friends, i usually recommend MSE. its easy, low on resources, no pop-ups, and no registration (no-one registers it seems).
but lately i've been getting calls for infected computers. all with alureon/tdss or some other rootkit. most of these machines are windows xp, some with windows security updates actually up to date.
i want my free time back, any recommendations?

 

add Geswall or Sandboxie (both free) or Defensewall.

 

for prevention free avira and for no-stress removal hitman pro totally worth the $20

 

It's always amazing that people get surprised antimalware applications are not 100% effective.

So, the question you truly should be making yourself is: "How did they become infected in the first place?".

Adding more security to their systems won't do a damn thing, if they are not careful.

You mention they run Windows XP. Admnistrator account? If so, Internet facing applications have their rights reduced?

There are many factors having into account. Never just blame the security. 99% of infection occurs due to one single problem, and that problem is placed between chair and computer.

 

Personally i'd use AVG Free 2011 instead. It's much faster than MSE, better protection (imo) and can be set to clean the mess automatically. No registration needed at all.

 

adding DefenseWall should keep them safe, also not a bad idea to set them on ClearCloud DNS, no slowdowns, and it's free!

 

i didn't say i was surprised. merely asking for a better solution. these are everyday users that probably click whatever buttons happen to pop up. widows xp default setup is administrator account, i cant hold everyones hand.

i should also mention that MSE has been able to identify the rookit but fails to eradicate it.

i'm thinking i should start sending them back to avira. used to recommend avg but it got bloated and started slowing systems down, is it still heavy?

 

I do understand you. I have people like those at home. And, unfortunately, the systems are theirs, so I can't truly apply what I'd like. I can't restrict them.

All I can do is to protect them the best way I find to mitigate threats from the Internet.

Considering they're using Windows XP, and I'm guessing they wouldn't handle something like SuRun, from within a limited account?, perhaps the best approach is to, and starting with what already has been suggested by user atomega, you could change the DNS servers to ClearCloudDNS, which is run by Sunbelt, and will protect against malicious domains, if it manages to block, of course. The same goes for any other DNS service alike this one, I guess.

Then, I'd make use of DropMyRights for Internet facing applications, so that they are executed with lower rights than Administrator.

A good choice would be to install along side the antivirus you choose (At some point they all will fail either to detect/prevent, so you'll be in a game mouse cat by changing everytime any one of them fails.. I'd stick with MSE to be honest, or change to avast! 5, considering it allows to protect setttings
with a password, unlike MSE. AVG won't allow it either, unless something has changed with version 2011.), AVG Linkscanner, that's for sure. For so many times it has saved my family members.

You could also give a try to PC Tools Browser Defender, which will also work similar to Linkscanner, and a great combination, because according to my home tests, most of times when one does not detect anything, the other will.

Both will prevent users from accessing malicious domains. I know for sure that Linkscanner will, and that Browser Defender will in case the domain hosts exploits. I got it confirmed by PC Tools yesterday.

You haven't mentioned which web browser they make use of?

Edit: I could have mentioned things like Sandboxie, etc., but if they're the sort of people who like to click everything, if for some reason something fails when they click, they will request to be able to do it so... It happened here... Might be different with you, doubt. Not everyone is hard to change their minds.

Edit 2: By the way, if you opt by avast! 5, first make sure to install Linkscanner, if going down that road, otherwise Linkscanner will ask you do uninstall avast! due to conflicts (which do not exist, at all!!).

 

+1 I agree.

 

But, how can he advise such product, when he states the following here https://www.wilderssecurity.com/showpost.php?p=1758184&postcount=107

Makes no sense to suggest such product, in my honest opinion. At least, not as it is right now.

 

saw that.

thanks m00nbl00d for the ideas about dropmyrights and avg link scanner(i never realized this was a separate program from the antivirus.

 

I would say avast over mse as it has web shield too...
rest is upto the user..no product is 100 % effective
u have to use ur brains also !

 

Yes, indeed. For such users it's better to prevent them from downloading in the first place. If they can't download, because it spots infected files, then they don't run them, no bigger problems occur.

Actually, in one of the systems, I've installed MSE and avast! 5 only with web and behavior shield.
Sort of a hybrid.

 

Ditch AVG LinkScanner and get Web of Trust set it to block on very protective for the warning settings and install Returnil.

 

Evey Antivirus will have it's good and bad days to protect and to remove malware. Even AVG,Avast,mAcfee etc. will sometimes miss to protect,detect and remove everything they find. I have been using MSE for for a long time without getting infected while surfing even the dark side of the net. NO Anti Virus is capable of 100% detection and removal. MSE is lite ,will not slowdown the internet as much as some others. For me, it has been good with some other small layers of security added to it.