Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."
Doesn't bug, silent updates, fast scans, no noticeable performance hit. I can finally get my parents off of their annoying Norton or whatever they paid $50 to use for 12 months.
It might not be perfect protection, but if it's going to be used by all the mum and dad users with zero tech skills, then it's a good thing.
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it. This is a nice step between.
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.
Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.
AV only works because there are multiple options out there... If a single product becomes dominant, then the code required to defeat it simply becomes a standard component of any malware... It effectively just becomes an extension of the os which any malware needs to get round in order to function. Currently any malware that wants to do that, has to deal with multiple different av possibilities which is a lot more work for the malware authors.
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.
Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.
I regularly end up helping people who've bought a new PC which comes infested with the Norton malware. If you don't rip it out before the free trial ends it is virtually impossible to get rid of it. And, of course, if you wait until the trial expires, you've probably caught some nasty - their package is, to put it bluntly, a bloated and useless piece of shit.
It sounds like Microsoft's offering is considerably less obtrusive, and end users will not be hit with the problems I've seen with my preferred solution, Avira [free-av.com].
I've used, and recommended Avira for years, it is completely free for non-commercial use and all you have to put up with is a once-a-day popup advert for their paid products. This is a good thing for non-technical users, it gives them a reminder that their anti-virus has just updated and is still working.
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it. This means that unless you're reasonably technically savvy you will get constant nagging that you have no antivirus product. I wonder if that had anything to do with their plans to release this new product.
Could you provide a link for this which involves a "serious" anti-virus company (Norton/McAfee/Kaspersky/BitDefender etc.) and an actual released to the field piece of malware. "There are cases" could include the "anti-virus" packages advertised via online ads which actually are malware.
Installed without approval or authorization. Not removable by normal, non-invasive means. Reduces performance and functionality of the infected PC.
Sounds like Malware to me.
i was poorly designed and implemented and allowed malware to hide using the same techniques used to hide the XCP system.
So it was poorly designed malware. Noted.
In itself, it was not a program designed to adversely affect the operation of the computer
What are you, an idiot? Widespread crashes aren't adversely affecting the operation of the infected machines? Not to mention that, BY DESIGN, it adversely affects the operation of the CD drive.
MS discontinued OneCare around a year ago genius (see here [live.com]). The free Security Essentials release we're discussing in TFA is what the OneCare team got spun off into..
I have to agree. If the independent review is truly independent, I would have to question Symantec's comments. I have to wonder if they are stating such from a professional opinion, or simply in fear for their bottom line. I would take an independents opinion long before I considered a direct competitors negative comments as trustworthy.
by Anonymous Coward
on Tuesday September 29, @10:55PM (#29589081)
How about false positives? Antivirus software that checks nested encrypted archives often crashes, or marks as a false positive, files that contain a large amount of compressed data. For example:
42.zip [unforgettable.dk] contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
selfgz.gz [maximumcompression.com] is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive, since it was unscannable.
Most of these files were developed to break mail scanners, so it's logical that they get marked as malware. E-mail may not be the best way to move files that are designed to be harmful to mail servers.
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
That's not a false positive at all. It's a well known "exploit" called a Zip Bomb [wikipedia.org]. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive
You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?
Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.
Yes, any anti-virus is better than no anti-virus, but it won't take long before malware authors discover how to circumvent the Microsoft tool.
Microsoft bought out an antivirus company a couple of years ago. This is simply the rebranding and current version of that company's software.
And you know that virus-writers have figured out how to circumvent more expensive antivirus programs like McAfee, Norton, and PC-Cillin, right? This is why you update the virus database... so that it detects viruses that can disable your antivirus before they get that chance.
Give MS a chance. They could actually have stumbled onto a good product, and it could be something that actually helps the world at large.
I won't be installing it myself, but that's because I'm quite happy with the Avast that I have running. I'll wait for the next report over at av-comparatives [av-comparatives.org] before I pass judgement on it. Interesting to note that for the last several reports, several free options have been in the top 5 and occupied the top spot over all. In the latest report (August 2009), AntiVir had a 99.4% trap rate, Avast has a 98.0% trap rate. (Norton and McAfee had 98.7% and 98.4% trap rates, by comparison) But here's the rub... Avast had the lowest false positive rate of any of the top 5 antivirus programs. Norton had almost 3x as many false positives as Avast. AntiVir had more than 4x as many. And McAfee had more than 8x as many false positives. Out of the top 4 antivirus solutions, I'll stick with Avast.
But they do those tests on a regular basis, and you have no idea how well Microsoft's offering will fare in the next one. It could actually do very well. I wouldn't hold my breath, though... on the most recent testing, while MS's pay-for service tied Avast in false positives, it had a pretty lousy 90% trap rate... Still, that's nowhere near the worst offering out there.
Anyway... do your research before you decide that something is automatically bad just because it comes from Microsoft. Even if it just ties the other software, a 90% trap rate on viruses is better than a 0% from not having antivirus at all. And suggesting that it won't be long before virus writers figure out how to circumvent the software is completely ignoring the fact that virus writers figured out, a long time ago, how to circumvent commercial offerings like Norton and McAfee, and that hasn't actually hurt their trap rates at all.
You know a product is good if competitors start shaking in their boots running to government agencies for protections!
If that were the case, IE would be the best browser ever made.:)
You DO know that they're scared, though, if they have to trash it like this. You _should_ be scared if Microsoft enters your segment with a free product. It may not be the best, but that's never stopped Microsoft from crushing competitors in the past.
You probably don't remember when Microsoft came out with their own antivirus package as part of DOS 6, do you? I do. It was nice, for a while. Support fell off when MS decided to change their focus.
Yes I do. It was made for MS by Central Point Software. Then Symantec bought them out to essentialy kill off MSAV by choking off support for it.
Sorry to throw Symantec under the bus, but the AV program and AV mentality that they have created amounts to a CPU tax. We don't have 4 core machines, we have 3 cores plus for one for Symantec, which manages to have the deadlock everything while it scans a single file.
My father, also in IT, has the theory that Symantec's goal is to consume your computer's resources to the point where a virus would give up and realize that your computer isn't worth being used in a botnet or for extortion.
Around the computer shop's i've worked at we joke that we'd rather have a virus than norton on our machines, at least the virus won't charge you a fee to mess up your OS.
You joke about it, but I say it with a straight face.
I don't do a lot of virus removal - maybe one per week, just as a service for friends and friends of friends - but about 30% of those "virus" removals are actually tossing out Antivirus and Firewall products.
Ethernet broken? Programs taking 4 minutes to start and 30 minutes to install? Horrible graphical lag, and start menu lockups? Can't shut down the computer or open IE?
First thing I do is disable the AV already on the computer, to check if that's causing it. 30% isn't "usually", but it's high enough that I can't help but want to scream "WTF" at these AV vendors.
Jens Meggers, Symantec's vice president of engineering, dismissed MFE as a "poor product" that will "never be up to snuff." [CC] [GC] Meggers added, "Microsoft has a really bad track record in security."
Symantec's products aren't exactly admired for security and effectiveness in recent years. Pot, meet Kettle,
Last I checked some of the highest detection rate AV solutions also happen to be free.
I use Avira AntiVir, which came in #2 in the last comparative study I read. It's gratis, with the sole "cost" of a popup-ad every 24h, disabled in the paid version (or for free, if you know how to set up a local security policy under windows and don't mind breaking the EULA).
It's kdawson, if Microsoft somehow cured the common cold his headline would be "Microsoft technology responsible for deaths of trillions of living organisms".
It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.
If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.
Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.
/not an MS fanboi but when they get one right, they deserve praise, and they got this one right folks.
I've used Avast Antivirus (free), Malwarebytes Anti-Malware (free) and Comodo Firewall (free) for a couple of years now. I've never had a virus and various other types of malware are promptly and efficiently dealt with.
Trust the inventors of Windows Genuine Advantage with my security? Or freakin' Symantec? I won't bore you with the horrible, hellish experience of getting Norton Antivirus off my machine. It was harder to get rid of than the virus it failed to catch.
Fat chance. I'll stay with something that works, thank you very much.
I just formatted and installed XP SP3 on a machine running an Intel 2.4Ghz CPU (Northwood and non-HT). I've noticed that installing applications take about four times as long after having installed this program. The culprit seems to be a running process "MsMpEng.exe" pushing CPU utilization to a total of 100%. I did not have Windows Defender installed, but it's interesting to note this is the same file that it uses too. I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.
Other than that, it seems to stay out of the way under general computing. But for those looking to do a format/reinstall of Windows, I recommend installing this program AFTER you get finished with everything else on your to-do install list.
I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.
According to the Ars Technica link in the summary, MSE is a superset of Windows Defender, to the point where the MSE installer will disable Windows Defender completely if detected.
As for the single core issue, quite possible. I noticed for example that Vista's Windows automatic update detection check utilized 100% CPU of my (then) single-core machine for several seconds, affecting performance considerably. But when I moved to a dual-core, the effect was completely unnoticeable. Seems as if single-core is no longer considered when testing software performance and impact on the rest of the system.
"Norton" Utilities started to go downhill the moment it was acquired by Symantec, and after just two years I could no longer stand to use the product. Not only did the "utility" of the product steadily decrease, I found the virus / malware detection to continually be substandard compared to cheaper and even freeware products.
I am aware that there are people who still swear by Symantec products, and I do not wish to argue with them. But I was with that family of products ever since Peter Norton put them together into a package, and is is simply not up to the standards that his personal software met... no matter how big their corporation is today.
Boo, Symantec. I use Kaspersky and a few other tools now, and even though it takes several separate tools, I find the whole to be both superior in performance and also less intrusive into my system than Norton Utilities and other Symantec products.
Microsoft purchased Komoku, a developer of RootKit Detection software with clients like the usual government and military suspects, banks, that kind of thing. Komoku's technology has been rolled into Microsoft Security Essentials.
I would think that right there is a good reason to check it out, and possibly implement it in your XP/Win7 system, especially since MS probably had a chance to do some tweaking on the RootKit detection engine using their proprietary knowledge of some of the more obscure aspects of Windows file systems, the still unpublished NTFS specification, etc.
Of course, if you have no RootKits installed, it might be more of a pain than necessary... after all, every AV app you now have running says nolo problemo, si?
Then again, how would you know?
if you do have a RootKit lurking, I find it very difficult to believe that Norton or Symantec would tell you so... the whole point of RootKits are to avoid detection, whether by conventional AV applications or otherwise, and to avoid removal by the usual removal tools available to AV product users.
Some RootKits are even stealth-installed by law enforcement, and the "person of interest" isn't supposed to have Norton go all five-alarm on them, if you get my drift. Not that we can be sure this will either... I'm just sayin' they are not trivial to detect, is all.
It remains to be seen exactly what MicrosoftSecurityEssentials does turn up, but in at least one aspect, you are getting (for free) security software that cost thousands of dollars had you contracted with the original developer prior to Microsoft's acquisition (March 20 2008) and prior to MS's adding at least some of that same software to this new app.
There will be plenty of people who will jump in right away and download MicrosoftSE. If you're one of them, fine; don't change for my sake.
But, the best advice might be wait a week or so, as the prudent should, to see if major issues develop once widespread deployment exposes the suite to a wider set of configurations. If all is well, I say "run her". When MS offers you the equivalent of "free money" I say take it. I never see them refuse mine.
Not happy with forcing WGA and automated WindowsUpdate when you install this antivirus, MSE also forces DRM and Silverlight down your throat. Oh... and you are not authorized to talk about MSE without written consent from Microsoft.
Just read the license.
Doh!
Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.
Actually they are just trash talking MS in the true spirit of corporate competition. It is like brushing teeth in the morning for them. You are not taken seriously as a competitor if you don't issue some form of short press conference where you can say how bad everything but your own products is.
The truth is, through my "fixing" of countless laptops ridden with Symantec products, I can honestly say, disregarding their security track record, I despise and resent their products as much as I ever could. Large, monolithic but with 10 services to get rid of, poorly uninstalling or not uninstalling at all, horrible user interfaces - at least Microsoft products are benign compared to Symantec, use FAR FEWER resources to the point where you don't notice them (but they still do the job), have usually quite well designed GUIs and remove themselves without question. Thing is, Microsoft has different divisions, and clearly divisions that work on Windows Defender, Windows OneCare Live, and now Windows Security Essentials are, by evidence, not the same division that work on builtin Windows security, although situation seems to be improving on the latter.
Symantec and those corporate benemoths have been preying on customer fear for malware, and feeding us crap for more than ten years now. There was once Peter Norton and his Norton Commander, ever since that it went downhill with all things related to him and his company. Symantec has a lot of fat around the waist now. And they are afraid Microsoft is onto them.
Symantec? Ha! I would rather have nothing at all than Norton products. They are bloated resource hogs, and any script kiddie's concoction can disable them. People who know nothing about computers, but still own one for their work or their kids' school buy Norton crap purely on name recognition. All they are buying is a false sense of security.
You are implying that these viruses/spyware aren't being installed by people clicking 'Yes' to "Do you want to run setup.exe from codecs.xxx_teens.com" prompts.
This 'hole' will never be closed. The only option is to develop software which scans for and intercepts these installs for people that can't make an informed judgement for themselves. (i.e 90% of computer users).
Long ago, we had Norton Antivirus for Windows 95. I guess this was when online updates were a new thing. The box said something like "never buy antivirus software again!" and boasted about how it would always be updated and current. Then one day it stopped updating. Our reply from the customer support people was "this product is no longer supported". They told us we had to buy the new version. Let them die.
Besides if you want to blame anyone for the death of QEMM other than themselves, well you'd be blaming Intel. The writing was on the wall for memory managers when the 80386 came out. Protected mode meant that all that shit would no longer be necessary since apps would get flat virtual memory spaces presented to them, no segmentation or tricky BS needed. All memory would be equal.
QEMM continued to sell after memmaker came out because it did work far better. Its sales started dying with Windows, since it didn't do anything for you. Windows 95 was when it was all over.
Please remember that the conventional memory/640k thing was NOT a Microsoft creation. It was a combination of Intel and IBM. The 8088 had 20 bits of addressing, giving it 1MB of addressable memory. Now on a system, actual RAM itself isn't the only thing that needs memory addresses. Hardware, notably video memory but other things as well, need to have memory addresses to be used. So IBM divided the addressing as 640k for system RAM, 384k for other usage. At the time they made the system, this was not a problem as you couldn't get 640k of memory. Later the limit got hit.
Thus whenever you ran an Intel processor in 16-bit mode, this is how addressing was done. Still true to this day. Modern Intel and AMD CPUs boot up in 16-bit real mode and they still address memory in this fashion. However the OS boot loader switches them over to protected or long mode and then it isn't an issue.
You still can run in to similar issues though, at least on 32-bit systems. You discover that on 32-bit systems you hit the 3.something GB limit. You knock 4GB of memory in to it, yet only 3.something (the something varies) are available to the OS. Why? Hardware that uses memory mapped IO. Your video card, sound card, etc. They all need memory addresses in the 4GB space the CPU can use. As such it can't actually address all 4GB of physical RAM. Wasn't a problem for a long time as 4GB was way more addresses than a system would have RAM, but no longer.
64-bit systems don't have this problem, as they have 16 exabytes of total address space. Plenty for whatever RAM you've got, plus all the addresses for hardware. However, if in the future we ever do have computers with that much RAM, the same issue will again reappear.
It's working great for me (Score:5, Insightful)
Re:It's working great for me (Score:5, Insightful)
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it. This is a nice step between.
Parent
Re:It's working great for me (Score:5, Insightful)
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.
Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.
Parent
Re:It's working great for me (Score:5, Funny)
Parent
Re:It's working great for me (Score:5, Insightful)
Never attribute to malice what you can attribute to shoddy engineering.
Parent
Re:It's working great for me (Score:4, Interesting)
AV only works because there are multiple options out there...
If a single product becomes dominant, then the code required to defeat it simply becomes a standard component of any malware... It effectively just becomes an extension of the os which any malware needs to get round in order to function.
Currently any malware that wants to do that, has to deal with multiple different av possibilities which is a lot more work for the malware authors.
Parent
Re:It's working great for me (Score:5, Interesting)
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.
Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.
I regularly end up helping people who've bought a new PC which comes infested with the Norton malware. If you don't rip it out before the free trial ends it is virtually impossible to get rid of it. And, of course, if you wait until the trial expires, you've probably caught some nasty - their package is, to put it bluntly, a bloated and useless piece of shit.
It sounds like Microsoft's offering is considerably less obtrusive, and end users will not be hit with the problems I've seen with my preferred solution, Avira [free-av.com].
I've used, and recommended Avira for years, it is completely free for non-commercial use and all you have to put up with is a once-a-day popup advert for their paid products. This is a good thing for non-technical users, it gives them a reminder that their anti-virus has just updated and is still working.
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it. This means that unless you're reasonably technically savvy you will get constant nagging that you have no antivirus product. I wonder if that had anything to do with their plans to release this new product.
Parent
[citation needed?] Re:It's working great for me (Score:4, Insightful)
Could you provide a link for this which involves a "serious" anti-virus company (Norton/McAfee/Kaspersky/BitDefender etc.) and an actual released to the field piece of malware. "There are cases" could include the "anti-virus" packages advertised via online ads which actually are malware.
Parent
Re:[citation needed?] Re:It's working great for me (Score:4, Insightful)
The XCP copy protection system is not malware,...
Installed without approval or authorization.
Not removable by normal, non-invasive means.
Reduces performance and functionality of the infected PC.
Sounds like Malware to me.
i was poorly designed and implemented and allowed malware to hide using the same techniques used to hide the XCP system.
So it was poorly designed malware. Noted.
In itself, it was not a program designed to adversely affect the operation of the computer
What are you, an idiot? Widespread crashes aren't adversely affecting the operation of the infected machines? Not to mention that, BY DESIGN, it adversely affects the operation of the CD drive.
Parent
Re:"Free" protection is a trojan horse for Onecare (Score:5, Informative)
Parent
Re:It's working great for me (Score:5, Insightful)
Parent
Since I don't need a graph or pop-ups (Score:5, Insightful)
To tell me it's working, it sounds like pretty much the best thing out there.
When the CEO of your competition derides your product publicly, you know it's got to be good shit.
Parent
Re:It's working great for me (Score:4, Interesting)
How about false positives? Antivirus software that checks nested encrypted archives often crashes, or marks as a false positive, files that contain a large amount of compressed data. For example:
42.zip [unforgettable.dk] contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
selfgz.gz [maximumcompression.com] is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive, since it was unscannable.
Parent
Re:It's working great for me (Score:5, Insightful)
Probably none.
Besides, technically those aren't "false positives", as in the AV isn't matching a signature...the files are unscannable, so the AV plays it safe.
Parent
Re:It's working great for me (Score:5, Insightful)
Parent
Re:It's working great for me (Score:5, Insightful)
Most of these files were developed to break mail scanners, so it's logical that they get marked as malware. E-mail may not be the best way to move files that are designed to be harmful to mail servers.
Parent
Re:It's working great for me (Score:5, Informative)
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
That's not a false positive at all. It's a well known "exploit" called a Zip Bomb [wikipedia.org]. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive
You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?
Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.
Parent
Re:It's working great for me (Score:5, Insightful)
Microsoft bought out an antivirus company a couple of years ago. This is simply the rebranding and current version of that company's software.
And you know that virus-writers have figured out how to circumvent more expensive antivirus programs like McAfee, Norton, and PC-Cillin, right? This is why you update the virus database... so that it detects viruses that can disable your antivirus before they get that chance.
Give MS a chance. They could actually have stumbled onto a good product, and it could be something that actually helps the world at large.
I won't be installing it myself, but that's because I'm quite happy with the Avast that I have running. I'll wait for the next report over at av-comparatives [av-comparatives.org] before I pass judgement on it. Interesting to note that for the last several reports, several free options have been in the top 5 and occupied the top spot over all. In the latest report (August 2009), AntiVir had a 99.4% trap rate, Avast has a 98.0% trap rate. (Norton and McAfee had 98.7% and 98.4% trap rates, by comparison) But here's the rub... Avast had the lowest false positive rate of any of the top 5 antivirus programs. Norton had almost 3x as many false positives as Avast. AntiVir had more than 4x as many. And McAfee had more than 8x as many false positives. Out of the top 4 antivirus solutions, I'll stick with Avast.
But they do those tests on a regular basis, and you have no idea how well Microsoft's offering will fare in the next one. It could actually do very well. I wouldn't hold my breath, though... on the most recent testing, while MS's pay-for service tied Avast in false positives, it had a pretty lousy 90% trap rate... Still, that's nowhere near the worst offering out there.
Anyway... do your research before you decide that something is automatically bad just because it comes from Microsoft. Even if it just ties the other software, a 90% trap rate on viruses is better than a 0% from not having antivirus at all. And suggesting that it won't be long before virus writers figure out how to circumvent the software is completely ignoring the fact that virus writers figured out, a long time ago, how to circumvent commercial offerings like Norton and McAfee, and that hasn't actually hurt their trap rates at all.
Parent
When pressed... (Score:5, Funny)
Re:When pressed... (Score:4, Insightful)
You know a product is good if competitors start shaking in their boots running to government agencies for protections!
If that were the case, IE would be the best browser ever made. :)
You DO know that they're scared, though, if they have to trash it like this. You _should_ be scared if Microsoft enters your segment with a free product. It may not be the best, but that's never stopped Microsoft from crushing competitors in the past.
Parent
Re:When pressed... (Score:4, Informative)
You probably don't remember when Microsoft came out with their own antivirus package as part of DOS 6, do you? I do. It was nice, for a while. Support fell off when MS decided to change their focus.
Yes I do. It was made for MS by Central Point Software. Then Symantec bought them out to essentialy kill off MSAV by choking off support for it.
Parent
Symantec is a bunch of crap (Score:5, Insightful)
Sorry to throw Symantec under the bus, but the AV program and AV mentality that they have created amounts to a CPU tax. We don't have 4 core machines, we have 3 cores plus for one for Symantec, which manages to have the deadlock everything while it scans a single file.
Re:Symantec is a bunch of crap (Score:5, Funny)
If you aren't being harassed by a mouth-breathing subnormal, you aren't secure.
Parent
Re:Symantec is a bunch of crap (Score:5, Funny)
My father, also in IT, has the theory that Symantec's goal is to consume your computer's resources to the point where a virus would give up and realize that your computer isn't worth being used in a botnet or for extortion.
Parent
Symantec shouldn't talk (Score:5, Funny)
Around the computer shop's i've worked at we joke that we'd rather have a virus than norton on our machines, at least the virus won't charge you a fee to mess up your OS.
Re:Symantec shouldn't talk (Score:5, Interesting)
You joke about it, but I say it with a straight face.
I don't do a lot of virus removal - maybe one per week, just as a service for friends and friends of friends - but about 30% of those "virus" removals are actually tossing out Antivirus and Firewall products.
Ethernet broken? Programs taking 4 minutes to start and 30 minutes to install? Horrible graphical lag, and start menu lockups? Can't shut down the computer or open IE?
First thing I do is disable the AV already on the computer, to check if that's causing it. 30% isn't "usually", but it's high enough that I can't help but want to scream "WTF" at these AV vendors.
Parent
Pot, meet Kettle! (Score:5, Informative)
Symantec's products aren't exactly admired for security and effectiveness in recent years. Pot, meet Kettle,
Get what you pay for? (Score:5, Interesting)
Last I checked some of the highest detection rate AV solutions also happen to be free.
I use Avira AntiVir, which came in #2 in the last comparative study I read. It's gratis, with the sole "cost" of a popup-ad every 24h, disabled in the paid version (or for free, if you know how to set up a local security policy under windows and don't mind breaking the EULA).
Unbiased review? (Score:5, Informative)
So let's see, independent groups give positive reviews. One of the main competitors give it a negative review. Who to believe?
Re:Unbiased review? (Score:5, Funny)
It's kdawson, if Microsoft somehow cured the common cold his headline would be "Microsoft technology responsible for deaths of trillions of living organisms".
Parent
Re:Unbiased review? (Score:4, Informative)
Parent
I like it and will recommend it to anyone. (Score:5, Informative)
It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.
If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.
Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.
"You get what you pay for"? (Score:5, Insightful)
I've used Avast Antivirus (free), Malwarebytes Anti-Malware (free) and Comodo Firewall (free) for a couple of years now. I've never had a virus and various other types of malware are promptly and efficiently dealt with.
Trust the inventors of Windows Genuine Advantage with my security? Or freakin' Symantec? I won't bore you with the horrible, hellish experience of getting Norton Antivirus off my machine. It was harder to get rid of than the virus it failed to catch.
Fat chance. I'll stay with something that works, thank you very much.
Very slow on single core CPU (Score:5, Informative)
I just formatted and installed XP SP3 on a machine running an Intel 2.4Ghz CPU (Northwood and non-HT). I've noticed that installing applications take about four times as long after having installed this program. The culprit seems to be a running process "MsMpEng.exe" pushing CPU utilization to a total of 100%. I did not have Windows Defender installed, but it's interesting to note this is the same file that it uses too. I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.
Other than that, it seems to stay out of the way under general computing. But for those looking to do a format/reinstall of Windows, I recommend installing this program AFTER you get finished with everything else on your to-do install list.
Re:Very slow on single core CPU (Score:5, Insightful)
According to the Ars Technica link in the summary, MSE is a superset of Windows Defender, to the point where the MSE installer will disable Windows Defender completely if detected.
As for the single core issue, quite possible. I noticed for example that Vista's Windows automatic update detection check utilized 100% CPU of my (then) single-core machine for several seconds, affecting performance considerably. But when I moved to a dual-core, the effect was completely unnoticeable. Seems as if single-core is no longer considered when testing software performance and impact on the rest of the system.
Parent
Leave it to Symantec (Score:5, Funny)
Yeah, like Symantec has room to talk. (Score:4, Interesting)
I am aware that there are people who still swear by Symantec products, and I do not wish to argue with them. But I was with that family of products ever since Peter Norton put them together into a package, and is is simply not up to the standards that his personal software met... no matter how big their corporation is today.
Boo, Symantec. I use Kaspersky and a few other tools now, and even though it takes several separate tools, I find the whole to be both superior in performance and also less intrusive into my system than Norton Utilities and other Symantec products.
Rootkit Detection (Score:5, Interesting)
Microsoft purchased Komoku, a developer of RootKit Detection software with clients like the usual government and military suspects, banks, that kind of thing. Komoku's technology has been rolled into Microsoft Security Essentials.
I would think that right there is a good reason to check it out, and possibly implement it in your XP/Win7 system, especially since MS probably had a chance to do some tweaking on the RootKit detection engine using their proprietary knowledge of some of the more obscure aspects of Windows file systems, the still unpublished NTFS specification, etc.
Of course, if you have no RootKits installed, it might be more of a pain than necessary ... after all, every AV app you now have running says nolo problemo, si?
Then again, how would you know?
if you do have a RootKit lurking, I find it very difficult to believe that Norton or Symantec would tell you so ... the whole point of RootKits are to avoid detection, whether by conventional AV applications or otherwise, and to avoid removal by the usual removal tools available to AV product users.
Some RootKits are even stealth-installed by law enforcement, and the "person of interest" isn't supposed to have Norton go all five-alarm on them, if you get my drift. Not that we can be sure this will either ... I'm just sayin' they are not trivial to detect, is all.
It remains to be seen exactly what MicrosoftSecurityEssentials does turn up, but in at least one aspect, you are getting (for free) security software that cost thousands of dollars had you contracted with the original developer prior to Microsoft's acquisition (March 20 2008) and prior to MS's adding at least some of that same software to this new app.
There will be plenty of people who will jump in right away and download MicrosoftSE. If you're one of them, fine; don't change for my sake.
But, the best advice might be wait a week or so, as the prudent should, to see if major issues develop once widespread deployment exposes the suite to a wider set of configurations. If all is well, I say "run her". When MS offers you the equivalent of "free money" I say take it. I never see them refuse mine.
DRM and Sliverlight down your throat (Score:5, Informative)
Just read the license.
Doh!
Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.
Symantec trash talking (Score:5, Insightful)
Actually they are just trash talking MS in the true spirit of corporate competition. It is like brushing teeth in the morning for them. You are not taken seriously as a competitor if you don't issue some form of short press conference where you can say how bad everything but your own products is.
The truth is, through my "fixing" of countless laptops ridden with Symantec products, I can honestly say, disregarding their security track record, I despise and resent their products as much as I ever could. Large, monolithic but with 10 services to get rid of, poorly uninstalling or not uninstalling at all, horrible user interfaces - at least Microsoft products are benign compared to Symantec, use FAR FEWER resources to the point where you don't notice them (but they still do the job), have usually quite well designed GUIs and remove themselves without question. Thing is, Microsoft has different divisions, and clearly divisions that work on Windows Defender, Windows OneCare Live, and now Windows Security Essentials are, by evidence, not the same division that work on builtin Windows security, although situation seems to be improving on the latter.
Symantec and those corporate benemoths have been preying on customer fear for malware, and feeding us crap for more than ten years now. There was once Peter Norton and his Norton Commander, ever since that it went downhill with all things related to him and his company. Symantec has a lot of fat around the waist now. And they are afraid Microsoft is onto them.
Re:Microsoft Security Essentials... (Score:4, Interesting)
A virtual virus can be as bad as a real virus. Deleted files and pirated bandwidth are the same either way.
Parent
Re:Microsoft Security Essentials... (Score:4, Insightful)
And what, use a fresh drive image every time you boot up the virtual machine?
It's still the same problem except it's possible to detect virtual rootkits from the host OS.
Parent
Re:Microsoft Security Essentials... (Score:4, Interesting)
Maybe he finally figured out that the part of the ladder theory [laddertheory.com] he occupies means he will never get the nookie.
Parent
Re:Pot/Kettle (Score:4, Insightful)
Parent
Re:Bad reviews by... (Score:5, Insightful)
Parent
Re:Symantec aside... (Score:4, Insightful)
Execuse me if I'm missing something here but shouldn't they fix the security holes to prevent the problem in the first place?
You want MS to block everyone's access to shady porn sites?
Parent
Re:Symantec aside... (Score:4, Insightful)
Parent
Re:Ah...my favorite conspiracy theory. (Score:4, Insightful)
You are implying that these viruses/spyware aren't being installed by people clicking 'Yes' to "Do you want to run setup.exe from codecs.xxx_teens.com" prompts.
This 'hole' will never be closed. The only option is to develop software which scans for and intercepts these installs for people that can't make an informed judgement for themselves. (i.e 90% of computer users).
Parent
Re:Microsoft about to kill another industry? (Score:5, Insightful)
Parent
No kidding (Score:4, Informative)
Besides if you want to blame anyone for the death of QEMM other than themselves, well you'd be blaming Intel. The writing was on the wall for memory managers when the 80386 came out. Protected mode meant that all that shit would no longer be necessary since apps would get flat virtual memory spaces presented to them, no segmentation or tricky BS needed. All memory would be equal.
QEMM continued to sell after memmaker came out because it did work far better. Its sales started dying with Windows, since it didn't do anything for you. Windows 95 was when it was all over.
Please remember that the conventional memory/640k thing was NOT a Microsoft creation. It was a combination of Intel and IBM. The 8088 had 20 bits of addressing, giving it 1MB of addressable memory. Now on a system, actual RAM itself isn't the only thing that needs memory addresses. Hardware, notably video memory but other things as well, need to have memory addresses to be used. So IBM divided the addressing as 640k for system RAM, 384k for other usage. At the time they made the system, this was not a problem as you couldn't get 640k of memory. Later the limit got hit.
Thus whenever you ran an Intel processor in 16-bit mode, this is how addressing was done. Still true to this day. Modern Intel and AMD CPUs boot up in 16-bit real mode and they still address memory in this fashion. However the OS boot loader switches them over to protected or long mode and then it isn't an issue.
You still can run in to similar issues though, at least on 32-bit systems. You discover that on 32-bit systems you hit the 3.something GB limit. You knock 4GB of memory in to it, yet only 3.something (the something varies) are available to the OS. Why? Hardware that uses memory mapped IO. Your video card, sound card, etc. They all need memory addresses in the 4GB space the CPU can use. As such it can't actually address all 4GB of physical RAM. Wasn't a problem for a long time as 4GB was way more addresses than a system would have RAM, but no longer.
64-bit systems don't have this problem, as they have 16 exabytes of total address space. Plenty for whatever RAM you've got, plus all the addresses for hardware. However, if in the future we ever do have computers with that much RAM, the same issue will again reappear.
Parent