Why You Should Replace Microsoft Security Essentials With A Proper Antivirus

Gah... finally got my internet back! EDIT: Nope, I lost it again right when I was writing this post, so I had to save it in notepad until my internet is connected again. Damn it!

@aztony
I won't even recommend anyone to use XP anymore, unless compatibility is a priority.

@wtsinnc
Well, you said "anti-malware", so I applied it in general term. =V

While it's true that MSE is a very basic AV, for people with medium-low risk it will work in most situations. Then again, if we want a very effective anti-malware solution, we shouldn't use AVs since the first place.

@snerd
Of course EMET (or mitigation techniques to be exact) can be bypassed, nobody says it's/they're invincible. But bypassing EMET is harder and requires more effort.

@Victek
There are a lot of examples which showed us that an AV increases our attack surface. But all other software can increase out attack surface as well. Hungry Man in his blog had wrote about some 3rd party AV software don't implement mitigation techniques properly (I have given you some links previously if I'm not being mistaken). Then there's PatchGuard/KPP which weakens 3rd party security software and, as a result, reduces their effectiveness even more. And third, from what I've learnt so far, AV software are vulnerable by design. Guillible Jones made an exploit works through Panda AV (if I understand his tests properly). Lastly, some AV vendors love to include components which are not related to security at all, such as registry cleaner and disk defragger, which load more unnecessary components in the software.

----------------------------------------------------

There, finally I can post it. >=V

 

thanks victek
well.....typically adwares are malwares:



MS claims their product can protect you from malwares


so it should be able to block them,but it s weak at that point.

secondly,I just gave an example of how the user can be vulnarable against new threats while he is just finding a file,more internet wandering and more threats can encounter so,using a strong security program is a MUST.

 

That's not a conflict. Just adware/malware of the shoot yourself in the head variety instead of the drive by variety.
zapjb, Apr 13, 2014 at 1:11 PM

Sorry lad
But I cant understand what u re getting at
Thay claim their product is mainly for novice players but,the novitiates are more vulnerable to cyber attacks.
phyniks, Apr 13, 2014 at 3:15 PM

zapjb is trying to differentiate between two malware vectors? This thread, "Why You Should Replace Microsoft Security Essentials With A Proper Antivirus", discusses how a proper antivirus should cope with either, but your post raises the matter of how noobs get themselves into trouble by going where they should not go, and doing things which they should not do.

At post 20 [phyniks, Apr 13, 2014 at 6:53 AM], you show an image of a page at zippyshare.com where zippyshare.com is claiming:

You have requested the file:
Name: adobe_flash.rar

This page is a splendid example of two things; first, being presented with fake "download" buttons which have nothing to do with adobe_flash.rar, and little, or nothing, to do with zippyshare.com. The second point is getting software from third party sites instead of the website which the software authors use for distributing their software.

The first issue was addressed by Malwarebytes at their blog [And is worth bookmarking?]; and the second issue should be explained by the retailer who sells the computer in the first place. The noob should not be left to "Google it" whenever something predictable actually happens.

The image of a page at zippyshare.com shows that someone [i.e. a noob who clicked on something found in a search results page?] has gone to zippyshare.com to find something? Adobe Flash? Why go to zippyshare.com rather than adobe.com?

Why adobe_flash.rar instead of install_flashplayerNNx32ax_gtbd_chrd_dn_aaa_aih.exe? [NN being the Flash player version number]

This is one way that malware distributors hook the noobs, and is what zapjb means by "shoot yourself in the head variety instead of the drive by variety"; avoidable self-infliction versus being shot at while travelling along the turnpike or the freeway. A proper antivirus should do much in either case, but it helps if the surfer knows about risks, and what to expect from the thousands of websites.

Because the "consumer electronics" retailers leave their customers to Google everything, these customers won't know what folk here probably know. Where to find the website which is the official source of Adobe Flash Player and Adobe Reader. Though Wikipedia should be a safer choice than a search engine.

If the noob but knew it, the software and "crapware" which the retailer loaded on their machine will attempt to update from the correct source, and will often let the user find out where to go if a problem arises. It should not be necessary to use a search engine to find a list of unknown servers which might have the appropriate brand name somewhere on the indicated page.

As for zippyshare.com, the Web of Trust suggests that the website management are trustworthy, but those uploading files might not be. AVG Threat Labs does not make that distinction. All of which highlights zapjb's point.


Pick a Download, Any Download!
Various download sites have been plastering ads all over their pages for years, some of which are just for other types of software and some of them are for services. However, a new trend among these ads has emerged, adding an extra download button where there should not be one.
http://blog.malwarebytes.org/intelligence/2012/10/pick-a-download-any-download/

Pick A Download… Part 2
Last week I wrote a blog post on the dangers of ads posing as fake download buttons on various download web sites. Since then I received a lot of feedback from our readers and other security researchers on different tools available to help users avoid these dangers by blocking the ads entirely.
http://blog.malwarebytes.org/intelligence/2012/10/pick-a-download-part-2/


Web of Trust Reputation Scorecard
https://www.mywot.com/en/scorecard/zippyshare.com


AVG Threat Labs
30-day safety report for: zippyshare.com
Surf with caution
During the last 7 days potentially active malware was detected on a subdomain. However, no threats were detected on the main website.
(Updated Apr 14, 2014)

Types of Malware Found: 49
Compromised Pages: 419
Website Popularity: Very popular

Website Safety Report & Reviews For zippyshare.com
http://www.avgthreatlabs.com/website-safety-reports/domain/zippyshare.com

 

Yes, I understand that adding any security software potentially increases the attack surface simply because a way might be found to exploit the security software itself. That's a given, but it doesn't mean anything without specifics. I was asking elapsed for specific information demonstrating that 3rd party AVs increase the attack surface more than MSE. It's not logical to believe that MSE is somehow better/safer just because it's minimal. What needs to be demonstrated with all security software is that using it makes the system safer than not using it.

 

@ Ivor Samoza
Welcome to Wilders. And thank you for simplifying what I thought was obvious. Oh btw best 1st post ever! LOL.

 

Thanks for the greeting.
4456 bytes stretching the thread sideways! Sorry about the bulk. [Doesn't look that much on A4]
I hope phyniks now understands.
[Back to how Microsoft Security Essentials and a Proper Antivirus differ?]

 

I've just installed MSE on a W732 machine w/2G ram, along with MBAM2 and Unchecky. MSE is light on the system and helps to balance out MBAMs heaviness on a Pentum D 840.

 

I've used MSE for over three years on three machines. In those years I have never been infected. It is light, simple to use and unlike the rather clever Panda Cloud Free didn't have a load of false positives on first scan. It does its job.

 

Yes it is.

lol no, that's not the logic behind it. I could go into how MSE uses official API rather than hooking everything, implements proper mitigation techniques, doesn't install a thousand drivers for each and everything, how Windows 8 introduced new API specifically for Defender to use, etc, but I just can't be bothered. It's been covered enough over the years.

It's a fact that MSE (Defender in win8 even more so) is safer than other AV's in regards to attack surface, and probably also quality of code. If you think otherwise you're free to believe incorrectly.

 

Yes, but unfortunately most malware doesn't exploit AVs with larger attack surface or lower quality of code. IMO when talking about better AV, detection and prevention have to be considered also.

hqsec

 

Which brings us back to my original post about rubbish tests and malware priorities.

Also the neglect of other protection features such as browser based URL blocking and OS based app reputation. MSE complements what the OS and browser already provides along with EMET which needs to be added to the Windows control panel.

 

@ GrafZeppelin

A bit OT, but after reading a lot about KPP, I´m not so sure if it really weakens security software.

I´ve tested SpyShelter and Comodo Firewall, and they seem to be just as strong as on Win 32 bit.
So I think that M$ has beefed up the PatchGuard APIs´s.

An old article:

http://www.computerworld.com/s/article/9006251/Microsoft_releases_first_draft_of_PatchGuard_APIs

 

This thread discuss the matter why MSE is not a good solution anymore .
You can follow the link on the first post...
As I said before my example was just a case to show how dangerous ,surfing is nowadays(and u wrote an article about zippyshare )
Offcourse updating adobe flash pl. should be done via its own site.
I just uploaded the picture to show howmany links to adwares are there in a site and a novice user can click on of then by mistake.
Imagine a user seaches an mp3 song and he finds it in zippyshare.. or any other download website.
You truely analysed the links,but what about a novitiate?
What about a school boy just looking for a song and he comes across these sites?!!

That s why your system's security must be strong.. .I know there is no 100% protection,but it can be better than what MSE is providing.

I think the answer is very simple.the user must choose:
1.MSE...Free...light...nonaggressive,but
-The security level is basic...weak against
PUPs,not good against zeroday threats

-you have to bear other MS products if you wanna improve your s.level(such as internet explorer) and your windows should be updated
.


2.there are other alternatives(luckily some of them are Free).they have more features.they re improving version by version.you can find light ones.and
They will provide you a better protection level....you can use chrome,IE,FF.
they re not dependant on windows update(offcourse w update has its own advantages).they will give u better support
(e.g just send a suspicous file to Avira and you will receive the analysis report for free)


I think that s enough(for me) to discuss .there are lots of sites that have shown MSE's weakness (the sites that were recommending it when it was strong.)

There are lots of comparative analysis and MSE is one of the weakest but some people are trying to say it is still relieble....maybe they re right

 

Oh just if people know that most AVs these days are still suck at PUPs. I'd love to tear up everyone's statements about zero-day protection but that'd be just not going anywhere anyway.

I dunno, I got less popups from OA in 64-bit compared to the 32-bit, both with the same settings. Some features are also not available in the 64-bit systems (I'm not only talking about OA about this one BTW). From what I can understand, Windows API was offered as an alternative way for security software developers. But it still won't be as effective as kernel hooking. There are some tasks which can't be done just simply by using Windows API if I'm not being mistaken.

 

Feeling a little jealous here, as I coveted the 'BPY award' (best post of the year award).... LOL
The point is MSE is not the best choice amongst free AV's, most agree, those that don't, have a biased prejudice towards M$. Would you choose, the lowest rated dog food, given same cost, for your dog? How about would you choose the least nutritious (food) for your child, given equal cost?

EMET is good, but off topic! MSE & Other antimalware software is off topic.

 

Only in one perspective.

I'll take it as biased positive prejudice, a.k.a. fanboyism. If this is the case, then I can't say anything other than "some of those so-called total protection AVs have half-faced so-called advanced zero-day protection that do nothing much in terms of protection". And don't we have at least two active discussions about AVs being vulnerable? If they can't protect themselves, how are they supposed to protect the users PCs?

Those super quality food have arsenic as one of their ingredients and the factory is located in an area which is contaminated with nuclear radiation.

What? We can put Kaspersky's anti-exploit or EAM's BB in, but not MSE w/ EMET? If it wasn't because of the innovations the vendors put in their AVs so they don't rely only on pure blacklisting, AV businesses has been canned long time ago. MSE sticks with this concept, but there are also other tools built-in or provided by Microsoft to take care of other jobs in which MSE (or AVs in general) was not designed for. Let me say this again: AVs were never meant to handle zero-day malware. They can prevent some of them, but that still doesn't change their weaknesses. Malware has to exist first, then the vendors create database of it. Zero-day prevention doesn't work that way.

 

Hi Graf,

Respectfully I disagree with your last post! Your reply Quote #1, is not based on my assumptions, but based on the whole or (mostly hole antimalware community) opinion!

Your Post #2 (above). Like what? No fan-boyism, just look at the plethora of negative comments, by professionals, regarding MSE, are they all lying? As I stated before, I remove bugs for a 3000 plus member club, my experience is: MSE is disabled > cleanup > MSE is active again. This is consistent with the 2011, test regarding AV self protection. see post#25 this thread

Your last - "What? We can put Kapsersky's anti-exploit or EAM's BB in, but not MSE w/ EMET? If it wasn't because of the innovations the vendors put in their AVs so they don't rely only on pure blacklisting, AV businesses has been canned long time ago."

I'm not quite sure what your saying here, but my take is this is about the the merits (or lack of ) regarding MSE,

 

I said in one perspective, not in one's opinion. Even 2.908.836.127.196.204 people can have the same one perspective. I was saying, that if we just look at independent AV test results, then MSE might not shine in there. But barely anyone discuss about (here we go again) AV components which are protected by ASLR. MSE does an excellent job in this one. Other AVs have tons of non-protected components. Then there are silly software bugs (lol BD), aggressive behavior manipulations, high false positives rate, etc which more often encountered in 3rd party security software. MSE is better in these terms.

Who knows? Maybe they all are paid by AV vendors for their writings. At least their argumentations are not satisfying enough for me.

Because they turned it off, intentionally or not. Set UAC on max, put them all in LUA, and password protect the admin account. You get basically the same protection on the surface.

I was referring to AVs in general, which heavily rely upon blacklisting method. Those highly rated AVs implement more than just blacklisting which makes them score high on tests. EMET and other tools by Microsoft complement MSE to do an overall job of malware protection. Thus, my objection.

 

Some good news about MSE on adwares:

http://www.neowin.net/news/microsofts-anti-malware-team-to-have-new-adware-rules-july-1

 

The only time I've seen MSE recommended is when people get BSODs and then a Microsoft advocate on a forum would recommend they swap out their AV for MSE. Instead they should be pointing these people in the direction of their AV's support site/forum if they're really getting system issues cause of their AV.