small test of MSE

Discussion in 'other anti-malware software' started by ako, Oct 22, 2009.

Thread Status:
Not open for further replies.
  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    I tested Microsoft's MSE with several 0-day exploits and malware. It did not impress me at all, the PC got several times infected, and MSE often failed to clean it.

    This poll shows that many already trust on it here, is it justified? https://www.wilderssecurity.com/showt...06#post1561406

    I had very similar experience as AVtest.org in these two articles:
    http://www.theregister.co.uk/2009/10...ntials_review/
    http://news.techworld.com/security/3...s-tester/?pn=2

    -problems with cleanup
    -poor heuristics, cloud seems powerless to compensate -> 0-day malware detection rate is low
     
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Unfortunately, links do not work for me.
     
  3. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Nor do they work here.
     
  4. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    It wont clean much if it does not have a clue but no reason to be surprised. Test tomorrow with other AVs in this segment and you get similar result, or test again next day or week. Eventually you must conclude they are not foolproof. Also why they have a submit feature, I have send quite a few already and not really done much testing except visiting lists of malwaredomains, just click click test - apparently such public info is not used by MS. A few clicks dont say much other than it is not perfect, not surprised. While you are at it be sure to check IE8, same experience and conclusion I think. Seem to remember something about a fantastic 80+% hitrate by SmartScreen when clicking on links leading to bad executables at social websites. May be they used a social chat site for elderly or something. Perhaps good but not that good.

    Nothing is perfect and so on make sense while for example Malwarebytes catch a lot more?, likely IP to whatever is already blocked. I think it does if they are more tuned into digging up those links/malware. If MS rely on slower sources, including user submitted files, are not actively looking for new ones there will be more delay if we assume new undetected stuff is only found on certain lists. Same goes for IE8 vs. WOT for example. Doing more research as to avoid FPs is BS at least with SmartScreen but probably play some role with MSE. Default settings are to automatically remove at least "severe" infections. Imagine a FP then :eek: MSE is designed to be foolproof, for those without AV at all they say..., but may be it hurts detection of latest and greatest?
     
    Last edited: Oct 22, 2009
  5. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
  6. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes i agree here i also personaly tested this application and to tell you that alot of malware were running in memory undetected after i run a MBAM scan and detect/remove all malware including those runing in memory;)
     
  7. lifetweaker

    lifetweaker Registered Member

    Joined:
    Jun 24, 2009
    Posts:
    63
    Location:
    127.0.0.1
    Same o_O
     
  8. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    idk, im sure MSE is adequate, but it didnt really impress me in any way, nor did it go above and beyond many other free products already on the market, the only thing i really see going for it, is its simplicity.
     
  9. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    What about combination of Avast and MSE? Have you tried? I would think that must be the optimal 100% (nag)free AV solution. Also only one apparently officially supported. Avast claim full compatibility with MSE. Im not sure that means Avast is installed as on-demand only or what? They cant both be resident? From what I can tell from browsing MSE forum that is absolutely and without a doubt not recommended, even says so during installation - but Avast do not care :D
     
  10. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I have heard that advice too.o_O
    No way I'd ever run two av's in real-time.
     
  11. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Well I think it is sweet :eek: , they even stack! - in a Virtualbox for now. I installed MSE first then Beta 2 of Avast 5 on Vista sp2. Avast do a full installation from what I can tell. Not sure behavior blocker is even working yet. I think MSE dudes at their forum warns against anything not having MS in the name, thoughts go out to the clueless user. Brave of Avast to declare compatibility though. 2-3 months after Avast 5 is final there will be a more clear answer if this really is "recommended". Remember Defender? ;) So if on Vista this logic of only 1 resident scanner means no one has installed AV or related stuff since 2006? We will see how it goes. Must be tested by maker as seems to be the case with Avast, random persons using weird bundle and getting bsod in 20min dont count. In the pic MSE only detected 1 infection, the other one was not yet dealt with eicar.com - jumps ahead of Avast.
     

    Attached Files:

  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    this is BAD advice, vlk himself said, the programs will RUN fine together, but he said himself that they NEVER tested against what happens wen the programs fight over a detection/removal which culd cause the potential BIG issues eg. BSOD.
     
  13. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Same VLK who writes

    at their blog? If so you better ask them to explain what flawlessly means, dif. between running and scanning also. I doubt they are that stupid. A bit easier and safer to repeat the same old. Wait for final until requesting too much explanations. Could still change but I see nothing at their forum indicating this is impossible or not meant to be. Would be cool if they went upstream. MSE has plenty of exclusions options btw.
     
  14. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    well if u read the forums ud know a little better instead of making urself wrong, yes they RUN together fine, but when it comes to detection conflicts, thats wen the problems arise, if u read their forums, ill find vlk saying this.
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I think VLK also just said recently in their forums that running 2 AVs is not a good idea. They can actually cancel each other out. Some companies like I posted have found a happy ground for doing it. G-Data and F-Secure.
     
  16. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Yes and some AVs did not like Defender and others did not care. They declare compatibility and then it is BAD advice because they say so. Hmm, may be wait until final. Im sure many will test, are testing, so they better figure out what they mean. You are not supposed to race around on forums for random statements. Regarding betas perhaps but not final so this will be cleared up. Distinction between having both installed and having both running, eh scanning is not clear to anyone. May be they make it so that AVast disable resident parts when detecting MSE and that is what they mean by compatibility? Still some drivers installed right? Well, should be one or the other to rule out complications I think - unless of course it does not really matter because setup works :) Time will tell.
     
    Last edited: Oct 22, 2009
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    and you want to run that one by me again please. A tad bit slower. If you are referring to me, I have not bailed on Avast. VLK knows I am waiting on the suite.
     
  18. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    its a pretty simple rule of thumb that almost any average user even knows... dont run 2 AV's EVER... thats all u need to remember and ull be fine :)
     
  19. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    But not a rule without exceptions, like Avast vs. Defender.
     
  20. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Exactly.
    It's just asking for conflicts/problems.
     
  21. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    I respectfully disagree. It is all in how a vendor enables their ability. Yes for a user it is bad, but there are vendors who can do it, and do it right.
     
  22. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Some vendors have done it successfully with multiple engines- F-Secure, G-Data, A-Squared etc..
    They obviously did a lot of compatability testing in-house before combining them.

    Running two different av programs in real-time is another story imo.
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    thers a big difference between multi-AV engine products and using multiple AV's at the same time.
     
  24. Bambo

    Bambo Registered Member

    Joined:
    Dec 10, 2006
    Posts:
    194
    Oh no then no rules! :eek: Back to MSE - I hope no one follow their forum "rules" of avoiding any other "security" product that is for sure. They seem to be specific on that issue when asked. Not needed, overlapped, blah blah. Heard before, like on any annoying company channel. I think this Avast, MSE combo is interesting only because they have hinted it might work, be it double resident or whatever. Just allowing to install below MSE is pretty cool. Any combo is possible until bsod or similar. May be AVG on top will also work? But this seems likely in one way or another regardless of old rules.

    They wont be generic "multiple avs" but tested and proven to work multiple avs. If not it is only experimental and not interesting. Might as well try with AVG then.
     
  25. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    lol do whatever u like...
     
Loading...
Thread Status:
Not open for further replies.