Main Area and Open Discussion > General Software Discussion
Windows Security Essentials
Lashiec:
All antivirus are a security threat, so to speak. One day they delete your svchost.exe, another they get an update to patch some serious vulnerabilities in the engine... you never know.
But security threats in the true sense of the word? Never, except for rogue programs, of course.
So, it looks like MSE suffers from the same flaws as Defender. Bad news. I was thinking in replacing it (according to Microsoft, MSE supersedes Defender, making it useless) but if memory usage doesn't match the advertised numbers, and has performance problems, replacing a turd with another turd doesn't look like a sound idea.
EDIT: Yes, it may be a good antivirus, but I already have avast! for that. I simply wanted a better HIPS.
Bamse:
Ive used Avira which is very light and overall cant tell difference to MSE besides those strange events and when checking Task Manager. Cant reproduce mini-freezes since they seem random, and rare, but if I boot up and immediately enter a folder with 100s of downloads it often seem to think a bit too long. Sometimes same issue when right clicking a file. Would be strange if MSE will not get a changelog of fixed bugs, no reason to be surprised. When they do first update of program Im more calm, are they in this as part of a greater policy or just an experiment they might lose interest in? Can never tell. If they use brain they better follow up on release and fix problems. Cant imagine they wont, either that or total failure. Was bad enough with Defender. Strangely enough I never ever noticed any problems in beta versions. Ram usage has always been high though. Personally I dont care as long as everything else is great but since Ive seen requests for easy closing of Avira processes due to "resource-usage" I know many will. Some stuck in Win9x thinking but numbers are high no doubt. If Task Manager numbers are important forget about MSE.
Btw, run MpCmdRun.exe /? to see what can be done in batchfiles :) /SignatureUpate fixes issue with updates being part of WU. Can update away every 1 hour or whatever via Scheduler.
Advertised numbers? There have never been any I think. Users claiming 6-10mb are wrong, MsMpEng.exe (Antimalware Service Executable) is overlooked. Might add that Malwarebytes use about 45mb when resident but yeah MSE can get as high as 150mb on my computer, depending on what it is doing. Right now only about 70mb, quiet night :) (I look at Private Working Set). If in a MS-is-cool-mood I would say it scales to ram available or something "advanced" or simply say it does not matter - if used to Avira numbers I would scream pig!, heh.
Dont forget anyone installing MSE becomes member of MS Spynet. What they will use all that info for time will tell. Keeping up with heuristic magic with solid and massive amount of signatures? If MSE catches on perhaps biggest cloud security feature ever :) No option of disregarding Spynet. Probably also used in IE8, Basic and obligatory membership says "including where the software came from".
sajman99:
http://www.grc.com/sn/sn-216.htm
In Steve Gibson's Security Now podcast (with Leo Laporte) he takes a generally optimistic viewpoint on MSE. Among his comments he says... it's small and lightweight, it has thorough scanning which isn't prone to fps, it's as good as anything else he's seen, and he plans to recommend it to his friends.
While Gibson does acknowledge that MSE's full scan mode is very slow, he apparently sees that problem as a necessary byproduct of a thorough and effective scan. Patience is a virtue, it seems. :-\
To me, reading the transcript was a bit like watching a movie trailer (ie. designed to evoke a "can't wait for it" type of feeling). Without a doubt, the Microsoft bandwagon is rolling--among the questions are "who's gonna jump aboard?" and "who's gonna get run over?".
Bamse:
Gibson have noticed paranoia in his newsgroup and wonder where it come from? 8) Is it not the same guy who disable scripting in browsers?
The other dude saying Quick scan is also slow should compare a bit more I think. Seems very fast to me, even if looking at packed files like UPX. Possible Full scan is a pain - same goes for most scanners. MSE does not seem to cheat and full scan will rarely be used. Dont think on-demand speed is much of an issue. Resident problems more noticeable and annoying.
I was looking at c:\programdata\microsoft\microsoft antimalware folder. 93 files in 59 folders, 442 MB (464.109.568 bytes) :D Signatures is about 45-50mb but then there is backup folder of them of course, same size. So close to 100mb just for sigs. 1 Quarantine files is 255mb! Have 15-20 infections quarantined. After removal data folder is down to 165mb 8) All in all I guess around 200mb should be expected. There is another Microsoft Security Essentials folder under data, then comes program files.
Check their forums http://social.answers.microsoft.com/Forums/en-US/category/mse where MVPs and moderators insist that MSE does use heuristics scanning method. http://news.zdnet.co.uk/security/0,1000000189,39778759,00.htm or just the quote
Cliff Evans, Microsoft UK's security chief, said MSE uses the same engine as OneCare, but added that the new product was "better, in the sense that it's a later iteration of that engine". The new software does not include the non-security features, such as automated PC tuneups, provided by its subscription-based predecessor.
MSE uses a higher amount of heuristic detection techniques than OneCare, Evans said. The software studies the behaviour of suspicious applications, then reports back to a central server to check the behaviour against that of known malware.
The Dynamic Signature Service technology uses the most recent virus definitions to check applications for risks, rather than relying on the last batch of definitions downloaded, Microsoft said.
The suite also emulates programs before they complete their execution, and looks for behaviour such as carrying out operations without user permission, Owen said. If a program is behaving suspiciously, MSE will ping the Dynamic Signature Service to see whether the program should be submitted for analysis or terminated.
In addition, Owen said that MSE offers a performance boost over OneCare because it is not a "big suite" like its predecessor.
--- End quote ---
app103:
I decided to take MSE for a spin, and one of the things I always do when testing out a new antivirus/anti-malware is to do a full system scan.
This took almost 60 hours! Yes, I do have a lot of files, but no other antivirus (with the exception of McAfee 6-7 on a P3 with 2565mb RAM) ever took that long for a full scan.
No, I don't have an old slow computer. I have a Q6600 with 2G RAM running WinXP.
Yes, it did find the malware samples I keep hidden away for such testing, and it asked for me to submit a copy of one particular file I am pretty sure isn't malware.
The things that did bother me was the report at the end didn't list everything that it found and thought was malware. Not sure if it was something in the settings, but it only showed a partial list and went and took automatic action on a number of files that wasn't in the list, some of them being deleted and not quarantined, others being "cleaned" so there would be some difficulty in restoring them if you didn't have a backup.
The tab where it shows the history showed the additional files and the actions taken (this was how I quickly knew about it). Luckily, the files it decided to delete were no big deal, just some setup files for ancient software that I had no clue what it was and turned out to contain adware. The cleaned files were .txt files for a tutorial in batch file programming that it thought had some sort of batch file trojan (it's possible).
The other thing that bothered me was how it listed what it found. It did it in groups according to they type of malware found in the file and there was only an option to take action on the entire group and not individual files. In the case of a false positive mixed in with accurate results, you would have to choose if you wanted to get rid of it all including the good file, or keep it, malware files and all.
I have it all backed up any way, so I didn't really lose anything except a lot of time waiting for it to finish so I could reboot into Ubuntu and get some work done.
I really would like an antivirus to ask me what to do for every file individually (not groups) and not just some and taking automatic action on others, considering that all of them can be prone to false positives and I wouldn't want it to delete something important without asking.
Considering this experience, I will be returning to using Avira. Maybe I'll try MSE again in a few years when it's faster and asks permission before deleting/cleaning anything.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version