Microsoft Security Essentials Released; Rivals Mock It 465
Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."
Pot, meet Kettle! (Score:5, Informative)
Symantec's products aren't exactly admired for security and effectiveness in recent years. Pot, meet Kettle,
Unbiased review? (Score:5, Informative)
So let's see, independent groups give positive reviews. One of the main competitors give it a negative review. Who to believe?
I like it and will recommend it to anyone. (Score:5, Informative)
It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.
If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.
Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.
Comment removed (Score:5, Informative)
Re:Unbiased review? (Score:4, Informative)
Re:It's working great for me (Score:5, Informative)
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
That's not a false positive at all. It's a well known "exploit" called a Zip Bomb [wikipedia.org]. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive
You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?
Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.
Re:"Free" protection is a trojan horse for Onecare (Score:5, Informative)
DRM and Sliverlight down your throat (Score:5, Informative)
Just read the license.
Doh!
Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.
Re:[citation needed?] Re:It's working great for me (Score:3, Informative)
No kidding (Score:4, Informative)
Besides if you want to blame anyone for the death of QEMM other than themselves, well you'd be blaming Intel. The writing was on the wall for memory managers when the 80386 came out. Protected mode meant that all that shit would no longer be necessary since apps would get flat virtual memory spaces presented to them, no segmentation or tricky BS needed. All memory would be equal.
QEMM continued to sell after memmaker came out because it did work far better. Its sales started dying with Windows, since it didn't do anything for you. Windows 95 was when it was all over.
Please remember that the conventional memory/640k thing was NOT a Microsoft creation. It was a combination of Intel and IBM. The 8088 had 20 bits of addressing, giving it 1MB of addressable memory. Now on a system, actual RAM itself isn't the only thing that needs memory addresses. Hardware, notably video memory but other things as well, need to have memory addresses to be used. So IBM divided the addressing as 640k for system RAM, 384k for other usage. At the time they made the system, this was not a problem as you couldn't get 640k of memory. Later the limit got hit.
Thus whenever you ran an Intel processor in 16-bit mode, this is how addressing was done. Still true to this day. Modern Intel and AMD CPUs boot up in 16-bit real mode and they still address memory in this fashion. However the OS boot loader switches them over to protected or long mode and then it isn't an issue.
You still can run in to similar issues though, at least on 32-bit systems. You discover that on 32-bit systems you hit the 3.something GB limit. You knock 4GB of memory in to it, yet only 3.something (the something varies) are available to the OS. Why? Hardware that uses memory mapped IO. Your video card, sound card, etc. They all need memory addresses in the 4GB space the CPU can use. As such it can't actually address all 4GB of physical RAM. Wasn't a problem for a long time as 4GB was way more addresses than a system would have RAM, but no longer.
64-bit systems don't have this problem, as they have 16 exabytes of total address space. Plenty for whatever RAM you've got, plus all the addresses for hardware. However, if in the future we ever do have computers with that much RAM, the same issue will again reappear.
Re:Bad reviews by... (Score:3, Informative)
Symantec? Ha! I would rather have nothing at all than Norton products.
Norton products are great. They've just all been replaced by crappy Symantec products.
Re:Symantec shouldn't talk (Score:3, Informative)
This may account for another 30%, which does make it usually.
Re:When pressed... (Score:4, Informative)
You probably don't remember when Microsoft came out with their own antivirus package as part of DOS 6, do you? I do. It was nice, for a while. Support fell off when MS decided to change their focus.
Yes I do. It was made for MS by Central Point Software. Then Symantec bought them out to essentialy kill off MSAV by choking off support for it.
Re:[citation needed?] Re:It's working great for me (Score:3, Informative)
The link provides it. Symantec knew what that POS software was doing and yet it did nothing to identify it. In fact, I recall other mainstream AV never flagged it as malware.
Ref 12: http://www.symantec.com/security_response/writeup.jsp?docid=2005-110615-2710-99 [symantec.com]
More damning from Schneier (from the Wikipedia link)
Ref 13: http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html [schneier.com]
Re:It's working great for me (Score:3, Informative)
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it
Kind of a nitpicky thing, but the XP and Vista security centers don't "recognize" anything. Windows has an API to talk to security center - you have to call IAmInstalled32(), IAmOutOfDate32(), IAmDisabledEx(), etc.
Vista isn't conspiring to make your software not work - Avira evidently just doesn't bother to tell Vista's security center that it's installed. Just click "I have a security program that I'll monitor myself."
Re:Very slow on single core CPU (Score:3, Informative)
According to the Ars Technica link in the summary, MSE is a superset of Windows Defender, to the point where the MSE installer will disable Windows Defender completely if detected.
Not really true. It uses the same malware definition database as Defender, and of course it disables Defender, since it completely replaces its functionality. But the engine is very different - it's rather a cousin of that one used in Microsoft Forefront Security [wikipedia.org].