topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 11:20 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Windows Security Essentials  (Read 105186 times)

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #25 on: October 03, 2009, 03:30 PM »
MSE does not have excellent virtual "standing" but is a lot better than your email indicate Innuendo. Actually just an average AV which any Grandma can use is enough to reach "approved" status if you ask me. I doubt MSE will ever get gold medal in whatever "test" but on the other hand less than at least average should not be optional. All depends on how much Microsoft can be bothered. They did relax a bit too much with Defender I think. Let us reevaluate in 3-4 months time. Im pretty confident it will stand public testing though very much aware not all welcome this new player - for obvious monetary reasons. They are prepared... Symantec especially and who have the biggest market share? ;) This is more math and accounting than concern for secuirty that is for sure. Microsoft is trying to sneak in by saying it is mainly for those without any AV, yeah right. Hardly anyone notice, hush, hush. They go for maximum market share as always. In this area I welcome MS lust for high numbers since alternatives are worse in one way or the other.

Which reminds me of an exception. Avast just released an almost completely functional beta 5.
« Last Edit: October 03, 2009, 04:49 PM by Bamse »

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #26 on: October 04, 2009, 11:41 AM »
MSE does not have excellent virtual "standing" but is a lot better than your email indicate Innuendo. Actually just an average AV which any Grandma can use is enough to reach "approved" status if you ask me.

I think you misread my message. I was replying to sajman99 who was saying that *I* was in excellent standing, not MSE. As I have said all along, it's too early yet to see how well MSE's standing will be in independent tests. If it's anything like my friend's experience, however, it will not be suitable for recommending even to Grandma...unless you like going over to Grandma's once a month to clean up what MSE lets through.

Which reminds me of an exception. Avast just released an almost completely functional beta 5.

I hope they have fixed the bug that interferes with the operation of some programs that write a lot of data to the hard drive.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #27 on: October 04, 2009, 12:16 PM »
No I did not misread, was not directed at you but anyone putting faith in "standings" on an internet forum  8) You are probably a fantastic human being without such praise.

Well you were sure not to recommend MSE because of an email. Only time will show if it is worth anything. Whole point of MSE are those Grandmas - reliability is more important than whatever test unless really crappy result. Made your friends bug-report interesting. There are bugs for sure but this type must not be among them, why they did all the beta testing naturally. If reproducible he should complain at their forum.

Beta or not, bugs are close friends of security products. Dont know if Avast has one about not handling high hd traffic. I doubt it is a universal one. Would say Bugs for such old and proven to work program are usually more subtle but of course annoying for those who suffer. Avast 4 is no speed king, will expect 5 to be better in that discipline as well. Check their forum. Not sure they bother fixing 4 but if complaint has meat on it I think there is good chance they listen. Advantage of small company. Microsoft has been fairly open with MSE but again time will show if they go zzzz when program is considered "done". No such thing as "done" with AVs. Only real problem I see with MSE is it becomes Defender or IE7. Dont think so but who knows.

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #28 on: October 04, 2009, 04:09 PM »
Bamse, all I meant with the comment about Innuendo's "standing" is that although his "email from a friend" is highly anecdotal evidence, I completely believe it and regard it as reliable info based upon his reputation here at DC. It's enough for me (I'm certainly not speaking for anybody else) to resist the software junkie urge to rush out and install Essentials since I am presently content with Avira AntiVir Personal.

I realize this is a judgment call, and others may wish to subpoena his email records or ransack his home. :P Just kidding, folks.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #29 on: October 04, 2009, 04:56 PM »
I have thin skin when it comes to conclusive statements about anything related to security. Check, double-check then wonder if it really could be true  8) Only facts counts. This seeking the truth and lack of trust might origin from my dark past as heavy user of cracks and such things. Educational though and sometimes I infect a Virtualbox just to get reminded of how things really work, or dont work. Everyone should do that.

Im not really interested in MSE as such but it has same effect as when Norton starts to make decent software. Like an world wide event which should be celebrated! Also free alternatives are not many and I have problems jumping on subscription idea. More so when we are at Windows 7, XP fading out. Seems right that MS offer an AV to make Windows complete. AV still a must for majority. Dont mind them taking market shares either so sympathy is towards MSE. You can be absolutely sure it will be thrashed if there are any problems. No risk of MS getting away with poor performance. Symantec had "report" prepared for release date, MSE is terrible "not enough!" they scream 8) A local security site, which also sell Kaspersky etc., do not recommend MSE based on a quick-test. Ready on release date. There will be much more of this and it will continue. MSE is a provocation to Symantec, Trend, Mcafee, all companies with interests in this field.
« Last Edit: October 04, 2009, 05:08 PM by Bamse »

sri

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 689
    • View Profile
    • Sridhar Katakam
    • Read more about this member.
    • Donate to Member
Re: Windows Security Essentials
« Reply #30 on: October 05, 2009, 01:28 PM »
Security Essentials fares well in AV-Test trial

Microsoft 's new Security Essentials software has passed at least one exam so far--a review by security testing firm AV-Test.org.

To check static known malware, AV-Test pitted Security Essentials against the most recent WildList, a sampling of 3,732 viruses and other threats compiled by the WildList Organization. Microsoft's product successfully detected and blocked all of the samples in both manual and active scanning.

AV-Test also threw its current set of 545,034 viruses, worms, Trojans, and other threats at Security Essentials. MSSE successfully caught 536,535 samples for an overall good detection score of 98.44 percent.

.....

http://news.cnet.com...9_3-10366232-83.html
<a href="https://sridharkatakam.com">My blog</a>

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #31 on: October 05, 2009, 08:44 PM »
I was just listening to a podcast by Leo LaPorte & Paul Thurrott earlier & they stated that while MSE has very good virus signatures it lacks any heuristic ability whatsoever. Heuristics, for those that aren't aware, is the part of the program that detects the bad stuff before the signatures get written. Without heuristics one is left vulnerable to 0-day exploits while waiting for a signature for a threat to be included in the daily download.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #32 on: October 05, 2009, 11:34 PM »
Which is why any other AV with "heuristics", most of them, are superb  8) I only know Avast 4 with no declared sniffing features, they say a "little". "HIPS" features are also needed for the many "drive-by" infections people suffer from - or the more you think about it the more you "need". Very messy, many dont know first thing of "safe computing" but they do know Windows firewall stink and a better is required. One of the many "truths" out there.

Time will tell if MSE is too simple as an AV.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Windows Security Essentials
« Reply #33 on: October 06, 2009, 12:50 AM »
Very messy, many dont know first thing of "safe computing" but they do know Windows firewall stink and a better is required.
I pity those people :)
- carpe noctem

mahesh2k

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,426
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #34 on: October 06, 2009, 02:30 AM »
I'll stick with NOD32 for now. MSE got long way to go.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #35 on: October 06, 2009, 03:11 AM »
I was just listening to a podcast by Leo LaPorte & Paul Thurrott earlier & they stated that while MSE has very good virus signatures it lacks any heuristic ability whatsoever. Heuristics, for those that aren't aware, is the part of the program that detects the bad stuff before the signatures get written. Without heuristics one is left vulnerable to 0-day exploits while waiting for a signature for a threat to be included in the daily download.

I think the big issue is that 1.6% of KNOWN viruses got through. That's nearly 10000 threats do not get stopped. That's before heuristics should kick in.

Personally I wouldn't want a bullet proof vest that lets nearly 1 in 50 bullets through!

By the way AVAST! does have heuristics (even in the free version). The biggest problem with heuristics are the number of false positives. Wth AVAST! I have never had an infection (or a false positive), with NOD32 I have had quite a few false positives over the years. Avira has the reputation of being the most secure AV but at the cost of many false positives.

IMHO too many false positives are nearly as bad as  no heuristics because users simply get to the point where they ignore most warnings (like over picky firewalls that constantly popup - people just click 'allow' without thinking)

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #36 on: October 06, 2009, 12:09 PM »
You sure about Avast and heuristics? I read on their blog they said something like most dont know we have implemented some heuristics in standard shield already, been quiet about it. Mail module have had it for years. 5 has everything.

There is a technical view on such "must-haves" and buzzwords and one of majority of users. Too easy to just recommend away, as so many experts too, since tools cant be handled. Much unstable crap as well, adds to requirements of user. All promoted as wonder tools of course. The more thinking is done the more risk of ending up with programs like Comodo or invest in mightiest of suites. Anything less is not safe, firewall story is oldest of those "truths", still going strong. For Mrs. Grandma and millions of other users that is highly irrelevant and MSE is a much better option. Some do need more because their computing is not normal or legal. Interest, paranoia counts too but separate. They still needs to manage tool of course. I would probably run an advanced firewall if I could find one that worked ok - to pad control freak on back. Nothing to do with security. Many sources try to build up demand besides everyones brain, all understand concept of "security" so interesting area to work with if into marketing. If my wet dreams come true MSE kind of stops the nonsense of weird offers for needed better security. Well, MSE and Vista, Windows 7 - even IE8 (SmartScreen) is part of this scheme.

Products that offer a new angle on how to better security are way cool of course, does not have to be freeware either. Malwarebytes with life time pro license, cost like 4-5 packs of cigarettes here. No subscription trick. Should support what works. Or take WOT, domain blocker version of Malwarebytes - which runs around the same companies crying about MSE. Block-list as useful in 2009  8) Who would have thought with all the new buzzwords. WOT can be more efficient than any AV. With Adblocking, Browser filters and WOT not much get through, is just not there. No heuristics required. If really scared for the big unknown or not able to see through scams I think WOT should be a must-have. Compare WOT with old offers from Norton, Mcafee, Trend - they are hardly functional in comparison when it comes to sites with malicious content, the red sites in WOT. Because they say they take care of bad web sites does not mean much is actually done. Just words. Annoying features about WOT is fixed by setting up plugin. Social chit chat about light or full yellow might not be interesting or make sense.

I dont know about programming but ram usage at 60-120mb+ for a not so advanced "basic" AV? Is it possible to make a pig look pretty by increasing ram usage to new heights? Would hope not and that numbers comes from tons of lovely signatures. There are slowdowns, cpu spikes when entering large folders, may be worse with archives. Actually some have complained about cpu spikes just out of the blue. Runs smoothly but then it take off for no apparent reason. Ive seen it a couple of times, sort of freezes - may be swallowing signatures? :) Can hopefully be swept under "will be fixed" carpet and not sign of MS putting too much faith in engine. Dont remember name but they did buy up a AV-company, like Giant with Defender. May be already used OneCare. Again a we will see issue, but, if otherwise functional!, you can certainly argue that MSE being simple and not so advanced is an advantage. As little as possible is better for majority people. Cant dismiss AV regardless of newer Windows improved security. Why they made it I guess. All MS. If we are all doing cloud computing in few years security will be top issue. So may be a good idea to start "managing" public today? Dont know if that is why they are so interested all of a sudden.

If Aviras heuristics is supergreat why are they beta-testing a new Pro-Active program? If whatever pass Avira today you are done for, so trying to make a system and user monitoring tool is new challenge. No one is close to safe with Avira or other scanner based tool with room for errors, not until you buy Pro-Active program. Simple logic because you are going for 100% safety not 75% and who does not run xxxxxx malware samples or has Rapidshare as most visited site. Or you fall in love with the can never be too sure, and better safe than sorry slogans - MSE have nothing to do with that but you can always argue it should since proven that blah blah.
« Last Edit: October 06, 2009, 12:18 PM by Bamse »

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,026
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #37 on: October 06, 2009, 12:18 PM »
Before you install Microsoft Security Essentials, you should disable or uninstall other security-related programs.
from the mse site

That's the dead-end for me with windows security essentials.
What if MSE is a security threat?

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #38 on: October 06, 2009, 12:27 PM »
Just same old story about not running 2 different resident AV programs at once. More than just AV category today, a "firewall" can have AV or Spyware module so they say "secuirty-related" to cover their butt  8)

Avast claims to be compatible with MSE btw. I dont get that but cool if so http://blog.avast.co...etings-from-redmond/ Their now boss, former Symantec employee, has an interesting article about MSE http://blog.avast.co...entials%E2%80%94mse/ Everyone is sooo interested, heh. And of course he link to a PCMag test which are completely unknown to mankind. Pretty good article though considering it comes from a competitor. MS tone down MSE but he know better as does anyone knowing MS :D
« Last Edit: October 06, 2009, 12:28 PM by Bamse »

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #39 on: October 06, 2009, 01:02 PM »
Before you install Microsoft Security Essentials, you should disable or uninstall other security-related programs.
from the mse site

That's the dead-end for me with windows security essentials.
What if MSE is a security threat?
Microsoft has never annoyed me or given me any reason to distrust them before (he said with uncontrollable laughter).  :D

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #40 on: October 06, 2009, 01:15 PM »
All antivirus are a security threat, so to speak. One day they delete your svchost.exe, another they get an update to patch some serious vulnerabilities in the engine... you never know.

But security threats in the true sense of the word? Never, except for rogue programs, of course.

So, it looks like MSE suffers from the same flaws as Defender. Bad news. I was thinking in replacing it (according to Microsoft, MSE supersedes Defender, making it useless) but if memory usage doesn't match the advertised numbers, and has performance problems, replacing a turd with another turd doesn't look like a sound idea.

EDIT: Yes, it may be a good antivirus, but I already have avast! for that. I simply wanted a better HIPS.
« Last Edit: October 06, 2009, 01:22 PM by Lashiec »

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #41 on: October 06, 2009, 01:37 PM »
Ive used Avira which is very light and overall cant tell difference to MSE besides those strange events and when checking Task Manager. Cant reproduce mini-freezes since they seem random, and rare, but if I boot up and immediately enter a folder with 100s of downloads it often seem to think a bit too long. Sometimes same issue when right clicking a file. Would be strange if MSE will not get a changelog of fixed bugs, no reason to be surprised. When they do first update of program Im more calm, are they in this as part of a greater policy or just an experiment they might lose interest in? Can never tell. If they use brain they better follow up on release and fix problems. Cant imagine they wont, either that or total failure. Was bad enough with Defender. Strangely enough I never ever noticed any problems in beta versions. Ram usage has always been high though. Personally I dont care as long as everything else is great but since Ive seen requests for easy closing of Avira processes due to "resource-usage" I know many will. Some stuck in Win9x thinking but numbers are high no doubt. If Task Manager numbers are important forget about MSE.

Btw, run MpCmdRun.exe /? to see what can be done in batchfiles :) /SignatureUpate fixes issue with updates being part of WU. Can update away every 1 hour or whatever via Scheduler.

Advertised numbers? There have never been any I think. Users claiming 6-10mb are wrong, MsMpEng.exe (Antimalware Service Executable) is overlooked. Might add that Malwarebytes use about 45mb when resident but yeah MSE can get as high as 150mb on my computer, depending on what it is doing. Right now only about 70mb, quiet night :) (I look at Private Working Set). If in a MS-is-cool-mood I would say it scales to ram available or something "advanced" or simply say it does not matter - if used to Avira numbers I would scream pig!, heh.

Dont forget anyone installing MSE becomes member of MS Spynet. What they will use all that info for time will tell. Keeping up with heuristic magic with solid and massive amount of signatures? If MSE catches on perhaps biggest cloud security feature ever :) No option of disregarding Spynet. Probably also used in IE8, Basic and obligatory membership says "including where the software came from".
« Last Edit: October 06, 2009, 02:55 PM by Bamse »

sajman99

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 664
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #42 on: October 06, 2009, 06:35 PM »
http://www.grc.com/sn/sn-216.htm
In Steve Gibson's Security Now podcast (with Leo Laporte) he takes a generally optimistic viewpoint on MSE. Among his comments he says... it's small and lightweight, it has thorough scanning which isn't prone to fps, it's as good as anything else he's seen, and he plans to recommend it to his friends.

While Gibson does acknowledge that MSE's full scan mode is very slow, he apparently sees that problem as a necessary byproduct of a thorough and effective scan. Patience is a virtue, it seems. :-\

To me, reading the transcript was a bit like watching a movie trailer (ie. designed to evoke a "can't wait for it" type of feeling). Without a doubt, the Microsoft bandwagon is rolling--among the questions are "who's gonna jump aboard?" and "who's gonna get run over?".

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #43 on: October 07, 2009, 07:30 AM »
Gibson have noticed paranoia in his newsgroup and wonder where it come from?  8) Is it not the same guy who disable scripting in browsers?

The other dude saying Quick scan is also slow should compare a bit more I think. Seems very fast to me, even if looking at packed files like UPX. Possible Full scan is a pain - same goes for most scanners. MSE does not seem to cheat and full scan will rarely be used. Dont think on-demand speed is much of an issue. Resident problems more noticeable and annoying.

I was looking at c:\programdata\microsoft\microsoft antimalware folder. 93 files in 59 folders, 442 MB (464.109.568 bytes) :D Signatures is about 45-50mb but then there is backup folder of them of course, same size. So close to 100mb just for sigs. 1 Quarantine files is 255mb! Have 15-20 infections quarantined. After removal data folder is down to 165mb 8) All in all I guess around 200mb should be expected. There is another Microsoft Security Essentials folder under data, then comes program files.

Check their forums http://social.answer...s/en-US/category/mse where MVPs and moderators insist that MSE does use heuristics scanning method. http://news.zdnet.co...0189,39778759,00.htm or just the quote
Cliff Evans, Microsoft UK's security chief, said MSE uses the same engine as OneCare, but added that the new product was "better, in the sense that it's a later iteration of that engine". The new software does not include the non-security features, such as automated PC tuneups, provided by its subscription-based predecessor.

MSE uses a higher amount of heuristic detection techniques than OneCare, Evans said. The software studies the behaviour of suspicious applications, then reports back to a central server to check the behaviour against that of known malware.

The Dynamic Signature Service technology uses the most recent virus definitions to check applications for risks, rather than relying on the last batch of definitions downloaded, Microsoft said.

The suite also emulates programs before they complete their execution, and looks for behaviour such as carrying out operations without user permission, Owen said. If a program is behaving suspiciously, MSE will ping the Dynamic Signature Service to see whether the program should be submitted for analysis or terminated.

In addition, Owen said that MSE offers a performance boost over OneCare because it is not a "big suite" like its predecessor.

« Last Edit: October 07, 2009, 07:55 AM by Bamse »

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #44 on: October 10, 2009, 10:37 PM »
I decided to take MSE for a spin, and one of the things I always do when testing out a new antivirus/anti-malware is to do a full system scan.

This took almost 60 hours! Yes, I do have a lot of files, but no other antivirus (with the exception of McAfee 6-7 on a P3 with 2565mb RAM) ever took that long for a full scan.

No, I don't have an old slow computer. I have a Q6600 with 2G RAM running WinXP.

Yes, it did find the malware samples I keep hidden away for such testing, and it asked for me to submit a copy of one particular file I am pretty sure isn't malware.

The things that did bother me was the report at the end didn't list everything that it found and thought was malware. Not sure if it was something in the settings, but it only showed a partial list and went and took automatic action on a number of files that wasn't in the list, some of them being deleted and not quarantined, others being "cleaned" so there would be some difficulty in restoring them if you didn't have a backup.

The tab where it shows the history showed the additional files and the actions taken (this was how I quickly knew about it). Luckily, the files it decided to delete were no big deal, just some setup files for ancient software that I had no clue what it was and turned out to contain adware. The cleaned files were .txt files for a tutorial in batch file programming that it thought had some sort of batch file trojan (it's possible).

The other thing that bothered me was how it listed what it found. It did it in groups according to they type of malware found in the file and there was only an option to take action on the entire group and not individual files. In the case of a false positive mixed in with accurate results, you would have to choose if you wanted to get rid of it all including the good file, or keep it, malware files and all.

I have it all backed up any way, so I didn't really lose anything except a lot of time waiting for it to finish so I could reboot into Ubuntu and get some work done.

I really would like an antivirus to ask me what to do for every file individually (not groups) and not just some and taking automatic action on others, considering that all of them can be prone to false positives and I wouldn't want it to delete something important without asking.

Considering this experience, I will be returning to using Avira. Maybe I'll try MSE again in a few years when it's faster and asks permission before deleting/cleaning anything.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #45 on: October 11, 2009, 07:40 AM »
The scan time thing is by design. The intent being that the computer is still usable during the scan (which does take awhile...), instead of being completely crippled for a few hours like most of the main stream AV suites out there.

My testing was done with a 600GB RAID 5 array that's divided into 3 partitions and has less then 200GB free space between them. File types are a mixture of all sizes from tons of plain text (code) files to multi GB DVD images.

The scan took close to 24 hours as I recall, but... the machine was at all points usable. If it wasn't for my having task manager running I'd have probably never know it was running. This is what MS was after with MSE; get people to run it, and then leave it running. Most people under normal circumstances will turn off the AV antics so they can get on with their lives. This is why AV companies started making their product harder & harder (if not impossible (NIS)) to disable.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #46 on: October 11, 2009, 10:20 AM »
Not sure if it was something in the settings, but it only showed a partial list and went and took automatic action on a number of files that wasn't in the list, some of them being deleted and not quarantined, others being "cleaned" so there would be some difficulty in restoring them if you didn't have a backup.

Unacceptable behavior. Every file that the scanner wishes to 'fix' should be in a complete itemized list with a level of user interaction that lets me decide what to do with the file. This behavior of "automatic action" on their part results in the behavior of "automatic recommend against using" on my part.

The other thing that bothered me was how it listed what it found. It did it in groups according to they type of malware found in the file and there was only an option to take action on the entire group and not individual files.

Again, unacceptable behavior. I have files that most scanners find to be "evil" to one degree or another that I want to keep & if I wish to keep them that behavior shouldn't result in my having to keep software I would rather be cleansed.

Considering this experience, I will be returning to using Avira. Maybe I'll try MSE again in a few years when it's faster and asks permission before deleting/cleaning anything.

MS is obviously tailoring this effort towards people with little or no computer knowledge who have no desire to change that.

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,266
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #47 on: October 11, 2009, 10:31 AM »
The scan time thing is by design. The intent being that the computer is still usable during the scan (which does take awhile...), instead of being completely crippled for a few hours like most of the main stream AV suites out there.

If that's by design then it should state that fact plainly before the operation starts. It's only polite behavior for a program to inform me of how long something is going to take if it is going to take over two and a half days (that's 60 hours) to complete.

Most people under normal circumstances will turn off the AV antics so they can get on with their lives.

And most people under normal circumstances upon starting an AV scan that informs them that the operation is going to take anywhere from 24 to 60 hours are going to quickly abort it so they can get on their lives. A scan time that long would definitely be what you would call an "AV antic" in my book. A lot of people don't leave their computers on 24/7 and anything over 8 hours is pushing it. Any of these people running MSE will never complete a full computer scan.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #48 on: October 11, 2009, 11:36 AM »
Any of these people running MSE will never complete a full computer scan.

Depends if it resumes where it left off after a reboot.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Windows Security Essentials
« Reply #49 on: October 11, 2009, 04:06 PM »
Default actions are decided in settings, all can be forced Quarantine if that is preferred. Recommended means alert level decide so at least severe and high is automated. False positives do not exist so not a problem 8)

I dont really get slow speed complaint. Full is full, quick is quick - like every other scanner. Same relationship to me in duration. No difference when they all scan every file which they rarely do. Will use "Smartscan" or other term unless forced, no reason to waste time so skip as much as possible.. MSE seems to scan everything unless exclude settings have been used. I have not noticed sleep-scanning either. Wonder if I have a genuine copy or it is a rouge :)

But weird scanner. I started a full scan 15 min ago, sprints away with 250000 items in 15 minutes. Then comes to a program folder with small video editor. Almost stops completely and use 4 minutes on that little program alone. Has 22 exe-files though but other exe-files are scanned fast so no explanation. Now sprinting again. I did not use cpu for other things so no idle trick to comfort computing, guess it just needed a break or to contact HQ! If such breaks are common time will stand still.

I guess missing pause button during full scan is explained by sleep/restore trick.

So a bit over 1 hour for 1.1 million items in 187.023 files. Not bad I think. If I use Kaspersky Virus Removal Tool it is not even half done at 1 hour. Will take 2.5 hours or so. No tricks from Kaspersky with on-demand scanner and files set to all :)

I had 2 severe infections (known) and could chose action for each one. May be because I use quarrantine and not "Recommended" as default action. What is tricky is if you dont chose an action within may be 3-4 minutes MSE does it for you. Not much time to research! And up pops a green windows, all cleared and now in history. So do not hesitate. This also points at qurrantine as best setting. I think auto-fix countdown comes from the setting under default action "Apply recommended actions: Help protect your computer by applying the actions above..." Not clear because they use the word "recommended" which is also an action. So Quranntine is new "recommended action" and will be applied automatically if that box is ticked? Which it is per default.

I still think main worry is resident behavoir. Diagnose with Process monitor, exclude stuff. Sooner or later it gets randomly greedy with cpu usage. I use Qsel and when I open up a new category window become white for may be 15-20 secs. Not always but often. Well not anymore because now qsels files are excluded. But not too convincing. Must have to do with shortcuts and MSE sniffing original folder/files. One of the severe infections I had was not even on C: but D: - file was placed as a recent file/shortcut on C:. So it take off when getting a hint. I also read on their forum that some had fixed cpu spikes by turning off desktop=shortcuts. Annoying.
« Last Edit: October 11, 2009, 04:10 PM by Bamse »