Take my advise - Microsoft security software (MSE, WD...) doesn't cost a $

Discussion in 'other anti-malware software' started by Abcd1234, Nov 15, 2013.

Thread Status:
Not open for further replies.
  1. Abcd1234

    Abcd1234 Registered Member

    Joined:
    Nov 15, 2013
    Posts:
    2
    Microsoft security programs cannot protect anybody.

    I really don't know what happened to Microsoft and why are they changing stuff. First, it was the great Windows XP, Vista and cool improvements in Windows 7 which are gone for the sake of Windows 8 / 8.1 Metro stuff.

    Now is the anti-malware. MSE and co. were very good in may be 2 years ago. Now it totally sucks. I work in the IT support field, now I am support engineer at a IT company. I deal with security products (from Symantec, McAfee, Sophos, Checkpoint, Microsoft) everyday and also in my free time. I regularly test protection software (on my own). Windows Defender=MSE=System Center=Forefront, etc. all the same sh*t.

    To be honest with one thing - Microsoft security products are very light, very stable - they are the only ones that do NOT cause a single false positive, there are ABSOLUTELY *no* compatibility issues with 3rd party code, no problems from stability, BSOD or anything like that.
    But, malware protection is totally close to zero. Only known malware might be detected, absolutely NO zero day protection, no cloud, no heuristics, which causes lots of infections.

    Whenever I submit sample to MMPC via regular channel, it either never gets detected, or is detected with huge delay (too many days after submission). Never get a response (after the initial email). This was not like that - may be year or two ago - things were different.

    McAfee, Symantec - they can cause slow downs, they can cause troubles with 3rd party software but they do protect and detect more (especially McAfee).

    Even Malwarebytes' Anti-Malware (PRO) - this cheap tiny little program protects and gets a lot more than WD/MSE/SCEP/ MS and many others.

    I am starting to believe what was written in the media (the article-interview) - MS products are now at the bottom line and will remain like that. I think MSE/SCEP will disappear after some years when Windows 7 support ends in max year 2020.

    And Windows Defender in Win 8 and newer will survive but will turn into Win Defender in Win 7 (like something you have there that nobody will run because this things cannot protect at all from anything). I don't really trust testing organizations, I run tests on my own.

    I do know and understand that Microsoft kind of trusts in combo-protection - like use all of them Windows Firewall, Automatic Updates, UAC, DEP, IE Smart Screen filter, Windows Smart Screen filter but still this is not enough - there are many threats that bypass all these, that come from removable media, that Microsoft protection cannot detect at all but many other vendors can.
    Additionally, not everybody run the latest Windows 8/8.1 It is absolutely unacceptable to have slow response and to have 36 out of 42 programs detect a sample (in VirusTotal) but Microsoft misses it.


    And now something important - to those who still use MS security products - there seems to be a huge bug (problem design) in all Microsoft AV products (I repeat - in ALL of them - in WD, MSE, SCEP, Intune, etc....) I found this by accident. You can try it on your own.
    I can reproduce it on Windows 7, on Windows 8 and on Windows 8.1 with MSE 4.3 , 4.4 , WD in Win 8/8.1 and with SCEP 2012 R2

    - When it picks up a threat (even EICAR.com test file) and quarantines it, if the user goes to Restore the sample using the interface and the Restore button, this sample never again gets detected again - not detected by manual scan, not detected in real -time, not even on-execute - it seems like that the Restore button whitelists the MD5 of the file and it never gets detected again. PC restart does not help.
    Sometimes (not always) when WD/MSE/SCEP updates itself - after the update the sample gets detected again, but something this does not happen. The Restore button in the MS products clearly says "Restore" , it doesn't say "Restore and exclude" . In all other AV programs when you restore a sample, it will get detected immediately after that, or if "Restore and exclude" is used, then the file's path is places in the Allowed items or in the Exclusions. But this is not the case with MS products. The hash number of the file is whitelisted somewhere where users have no access and voilla, malware is free to go. This could easily get exploited by hackers or malware writers.

    P.S. Windows Firewall and BitLocker are fine now and work good - don't destroy them , Bill Gates, please ,don't ! I trusted your company.
     
  2. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    Though I am not usually one to defend Microsoft AV products... This is exactly what I would expect it to do. I get really irritated if I click on a restore button only to have my file immediately deleted again. There is no point to that functionality.
     
  3. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    The problem with MSE is that it hasn't really evolved for years. It's still the same old file scanner with pretty much zero cloud capability, no proactivity in terms of advanced technologies offered by pretty much everyone else.

    It's easy to use, granted, but with that comes the limitation.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    It depends how a user gets infected. some people will always get infected no matter what they use.
    there are better options available but it is better than people using an expired trial that came with the computer that the user thinks is protecting them. the amount of times I have needed to cleanup malware simply because their anti virus expired and they never renewed it.

    I am surprised of what you said about mcafee. I have cleaned up tons of machines running mcafee and I even tried there standalone tools such as stinger and it detected infections but only as Artemis which is a heuristic detection so it didnt have any cleanup options available for the infections.

    I do know that some users do disable their antivirus because they want the free software that their antivirus is blocking and then complain afterwards that they are infected.

    I have had good success using windows defender offline rescue disc to remove fake antivirus/ ransomware after users being infected using other antivirus.

    Thing is even thou windows defender is free you can get paid antivirus for not much a year and for people doing online shopping and or banking I feel that around £20 a year is not a bad deal.

    Also how many people are still running an old version of the security software they are paying for and simply adding the new code? the newer versions provide better protection. Somepeople do windows updates but not 3rd party software updates such as flash player,adobe reader,java etc. You can prevent alot of malware by keeping all software up to date. it doesnt help that dell and other major oems install so much rubbish on the machine that ends up vulnerable. java 5 and older versions of java 6 are a good example. The amount of machines I have seen around 6 different versions of java 6 installed as well as one version of java 5.

    I am not sure I have ever sent a sample to microsoft before. Most of the major vendors respond very quickly to sample submissions.
     
    Last edited: Nov 15, 2013
  5. Abcd1234

    Abcd1234 Registered Member

    Joined:
    Nov 15, 2013
    Posts:
    2
    Hello, Problem is that once the file is restored, it is allowed and there is no sign anywhere in the program that this file will from now on be allowed to run.
    Any other antivirus will place the file in the exclusions or allowed list. Microsoft doesn't do this and file is allowed to run. This could be a problem if is file is by mistake restored - this is what I did and how I found it (by accident). I was about to click Remove and in a hurry I clicked Restore. These 2 buttons are right next to each other. And there are other scenarios, so the button should be "Restore and exclude" and file should really be placed in the allowed items (but by path, not by hash).
     
  6. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,050
    Location:
    USA
    MSE is not made for the advanced user. Options are minimal. It is inconvenient if you mistakenly click the wrong button, but if you want advanced options then I highly recommend you use another product. Just about any other one.
     
  7. Solarlynx

    Solarlynx Registered Member

    Joined:
    Jun 25, 2011
    Posts:
    1,915
    What can you say about EMET? Did you test it?
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    In my book, that is a plus, but it is not enough to make me switch from my current AV :)
     
  9. brainrb1

    brainrb1 Registered Member

    Joined:
    Mar 15, 2010
    Posts:
    474
    I have been using Microsoft MSE and now using windows defender since it was available atleast on one of my computers.Never had a problem.To judges a product so harshly is immature judgement.
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    I don't think you have a clue what year you're living in let alone judging security software.
     
  11. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    How exactly is that a plus? MSE doesn't do any serious cloud lookups, doesn't seend anything for evaluation, deosn't even check HTTP stuff. Most other AV's block at least 50% of stuff with HTTP scanning alone. The server can churn out billions of modified versions but for as long as they are on the same address, they will be blocked. Instead, MSE would just fail badly against such malware generation...
     
  12. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    My view/experience with MS security products is totally opposite of yours. They started as virtually useless protection programs that have been slowly evolving and steadily improving to what we have today, to the point in my case that I'm running WindowsDefender as my sole security app on my both computers with Windows 8.1.
     
  13. Inside Out

    Inside Out Registered Member

    Joined:
    Sep 17, 2013
    Posts:
    421
    Location:
    Pangea
    Pretty sure it's better than at least a few other AVs tested on AVC and AVT.
     
  14. guest

    guest Guest

    It works RejZoR, it works. If one is not happy with MSE/WD then get EMET.

    P.S.: And to hell with cloud. 24/7 cloud services won't protect the users from everything either.
     
    Last edited by a moderator: Nov 15, 2013
  15. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Thanks for the warning, I have set everything to delete, not quarantaine.

    On the plus site with a whitelist/deny execute/deny download/deny USB execute I really don't need an AV. With MSE set to scan only downloads (yes not possible with V4 user interface, but possible using ADM template), it uses less than 0.2% CPU on an old dual core E5200 at 3GHZ.
     
  16. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    No not everything obviously ;) , but without the assistance of the cloud several AV's would only be half as effective as they are with the cloud powered tech. With the cloud a product could proactively detect and block a threat even before the product get's an sig update for it, to mention one example :)
     
  17. guest

    guest Guest

    If I say what I was about to say then people will think I'm bashing AVs. But I think you know what that would be. Point is, there are other methods which give more accurate protection than 24/7 cloud service.
     
  18. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    You won't hurt me graffy I promise :D (but yes I think I know ;) )
     
  19. gaslad

    gaslad Registered Member

    Joined:
    Feb 18, 2007
    Posts:
    116
    Location:
    Toronto, Ontario
    "Microsoft security programs cannot protect anybody."
    Now that is a sweeping condemnation! And IMHO, an extreme and unwarranted evaluation.

    I speak as one who has used MSE and/or Windows Defender on XP and Win 7 systems for years with no malware infections. But my experience is only an N=1 experiment.

    AV-Comparatives found in their latest Real-World dynamic tests in September and October that MSE 4.3 blocked between 92 - 96% of more than 850 active threats not blocked by other fully patched programs (Java, Adobe Reader, etc). Probably these were not all zero-day threats, but they were all recent, and still active.

    Admittedly these protection rates were less than the best of other paid and free AVs, by a few percent, but certainly do not represent "totally close to zero" protection by MSE.

    By comparison, protection rates against 100 threats reported recently from Dennis Technology Labs, were 82% for MSE, but their test platforms included unpatched systems and 3rd party programs. Again, this is not anywhere near "zero" protection.

    The OP freely admitted the advantages of MSE (free, simplicity, zero false positive detections, light footprint and guaranteed compatibility). I suspect there are many who really do appreciate these advantages, and are willing to accept the small drop in protection rates as a reasonable trade-off.
     
    Last edited: Nov 17, 2013
  20. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Just goes to show that in many instances the AV is only as effective as the judgment/choices made by the person tapping on the keyboard.
     
  21. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    OP since you do testing yourself how about backup your claims with some scientific data. How many files have you tested MSE against? How many files were detected by a better AV solution? False Positives?
     
  22. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    OP has vanished, it seems ;)
     
  23. MultiVisions2013

    MultiVisions2013 Registered Member

    Joined:
    Mar 25, 2013
    Posts:
    61
    Location:
    Canada
    Do you have Screen shot proof that Windows 8 is vulnarable without 3rd party protection?

     
  24. Seven64

    Seven64 Guest

    Mediocrity is the new norm, just have to get use to it.:'(
     
Loading...
Thread Status:
Not open for further replies.