Author Topic: Windows Security Essentials (Read 112583 times)

Stoic Joker · « **Reply #50 on:** October 11, 2009, 07:02 PM »

The scan time thing is by design. The intent being that the computer is still usable during the scan (which does take awhile...), instead of being completely crippled for a few hours like most of the main stream AV suites out there.
-Stoic Joker (October 11, 2009, 07:40 AM)

If that's by design then it should state that fact plainly before the operation starts. It's only polite behavior for a program to inform me of how long something is going to take if it is going to take over two and a half days (that's 60 hours) to complete.
-Innuendo (October 11, 2009, 10:31 AM)

We really need more detail about how much of what was being scanned before deciding if 60hrs is too long. Granted MSE's behavior/performance on XP isn't stellar from what I've seen, but it's certainly not the worst either. It's behavior has been fine on my x64 Win7 box (E6600 CPU).

I too have some files that tend to make AV software panic ... all of which is stored in an area that in on the extremely easy to configure don't scan list.

Innuendo · « **Reply #51 on:** October 12, 2009, 11:46 AM »

Depends if it resumes where it left off after a reboot.
-Carol Haynes (October 11, 2009, 11:36 AM)

And does it? I'm really asking a genuine question as I don't use MSE.

Innuendo · « **Reply #52 on:** October 12, 2009, 11:52 AM »

We really need more detail about how much of what was being scanned before deciding if 60hrs is too long.
-Stoic Joker (October 11, 2009, 07:02 PM)

I don't think we need more detail about what was being scanned as what were the run times of all other scanners, i.e. if every other scanner can do it in 13 hours or less (number pulled out of my butt), but MSE takes 60 hours then there's a problem. If, however, every other scanner takes 50-55 hours (pulled those numbers out from next to the other one) then I wouldn't think MSE's results would be excessive.

A more specific example would be comparing MSE's scan time to someone like Kaspersky. Kaspersky is one of the most thorough scanners in the business able to scan inside most archive files and if Kaspersky can scan the same files in a significantly shorter time then MSE's scanner is flawed.

Now, having said all that, MSE is effectively a v1.0 product. There are going to be lots of rough edges and maybe even a serious flaw or two, but everything should get smoothed out over time.

sajman99 · « **Reply #53 on:** October 12, 2009, 01:53 PM »

Sheesh--60 hours? When Steve Gibson said (in that Security Now episode mentioned earlier) that MSE's full scan speed was slower than SpinRite, I just kinda figured he was exaggerating for effect (he loves to mention his software every chance he gets, anyways

). I mean, I ran SpinRite a few years ago for days on end.

Unfortunately for Microsoft, many folks will hear about this abysmal full scan speed and simply say...moving on.

Innuendo · « **Reply #54 on:** October 12, 2009, 05:01 PM »

Unfortunately for Microsoft, many folks will hear about this abysmal full scan speed and simply say...moving on.
-sajman99 (October 12, 2009, 01:53 PM)

At this stage of the game the only thing MSE has going for it is that it is free & without ads. If it cost something or was ad-ware I don't think anyone would be defending it or running it. It's simply just not that good yet.

f0dder · « **Reply #55 on:** October 13, 2009, 03:39 AM »

Sheesh--60 hours? When Steve Gibson said (in that Security Now episode mentioned earlier) that MSE's full scan speed was slower than SpinRite, I just kinda figured he was exaggerating for effect (he loves to mention his software every chance he gets, anyways ).
-sajman99 (October 12, 2009, 01:53 PM)

Yeah he does, doesn't he?

And I'll chirp in with the comment that always goes whenever somebody mentions his p.o.s application: friends don't let friends use SpinRite.

Bamse · « **Reply #56 on:** October 13, 2009, 10:31 AM »

Innuendo, next up must be a test on your computer

You read too much into random chitchat. A bit selective too, my impression is most like MSE. Much is hype but some know more than OneCare and still see the point. Which should be obvious if knowing security industry. See for your self but if shocked by less than 100% perfection you better not. Scanner does not become flawed because it is slower than another btw. - the opposite can easily make more sense. If you want to see MVPs saying other scanners cheat you can do that, heh. They have actually taken a paranoid route here. Not that it slow down scanning that much. I dont see much point in full scan but what do you think would be an issue if it skipped files? Some would say Grandma have no clue of changing settings to genuine full and so MSE is not safe. Think pros and cons instead of being definitive. You use Outpost Suite right?

What an interesting changelog for that program! Hopefully you have dug into settings or virus scanner work somewhat... Strange default settings for a HIPS but user can always learn and modify, also with Outpost. Again the only real problem I can see myself and others unite about is cpu spiking and that is mainly relevant when you know about it. There are many post about that on their forum but truth is most don't notice or don't care, not a showstopper at all. If they take complaints seriously or not is my test of MSE. Im already confident it works great as an AV which is its purpose in life. There is something weird going on, asking to be fixed I would assume - programmer problem not user. We will see. Majority dont post on their forum, join "wish-list" so this is a good test. Overall MSE don't really need defending unless MS stop developing of course or I have missed the many other free perfect AVs... Rest is really nothing in this area of software.

Innuendo · « **Reply #57 on:** October 13, 2009, 05:43 PM »

Innuendo, next up must be a test on your computer You read too much into random chitchat. A bit selective too, my impression is most like MSE. Much is hype but some know more than OneCare and still see the point.
-Bamse (October 13, 2009, 10:31 AM)

Dude, I don't need to test on my computer. I outlined my best friend's adventure with MSE and it failed miserably. You keep making excuses for MSE, but my opinion is backed up by real world "seen it for myself" facts. You keep talking about how well MSE does in your controlled test bed, but it has failed in real world testing & that's not hearsay. I saw my friend's computer myself. With my own eyes. Please forgive me if I don't want to "test on my computer" software. That. Does. Not. Work. We had to run MBAM, A-Squared, and something else I can't remember to clean all the stuff MSE let in while it was :: cough :: protecting :: cough :: his computer. BTW, this isn't a novice this happened to, either. He's very knowledgeable when it came to PCs. His only mistake was to trust a half-baked security program.

You use Outpost Suite right? Cool What an interesting changelog for that program! Hopefully you have dug into settings or virus scanner work somewhat...

With the miserable failures MS has had so far wtih MSE we'd be in for some very interesting changelogs from them as well, but as you know, MS never posts changelogs. And of course I dug into the settings of my security software. I hope everyone does no matter what they choose to run.

Stoic Joker · « **Reply #58 on:** October 13, 2009, 06:22 PM »

We had to run MBAM, A-Squared, and something else I can't remember to clean all the stuff MSE let in while it was :: cough :: protecting :: cough :: his computer.
-Innuendo (October 13, 2009, 05:43 PM)

Out of curiosity, was he running with Administrative rights when this happened?

Bamse · « **Reply #59 on:** October 14, 2009, 12:43 AM »

Well that is up to you Innuendo but dont think you test basing evaluation on random info. You are set on not liking MSE so use a different standard no security software can pass - including the one you use right now. Let us say your friend did not mess up, then what? There are personal disaster stories of every other program. This was just confirming what you want to hear. Which program you want me to fail? We are in free AV section so not that many to chose from. You think it is impossible to make exact replica of your friends story? Provoking problems is so easy! Forget about "reviews" or even the few "reputable" tests. They all have limitations, why should MSE be an exception?

There is no "of course I know settings" about this. This thread show that as well. Majority have no clue of them, expect program to work flawlessly from day 1. Default matters and probably also why MSE is designed the way it is. That is one of the definite good things about it if you think about how majority deal with such a program.

Im not a novice either and had to use Malwarebytes when testing microsoft_09.exe using Outpost Pro

- comodo too btw. Default settings are no good but why not accept that since program is not from MS? Threatfire worked. The others did work just not 100%. How it is. Im not shocked or feel a need to warn against anything. Grab another of the 10000s of files and situation might be opposite. I will appreciate HIPS power (set up to actually work) cause no other tool have an idea. If you dont understand that you should be careful with tests and fast conclusions, even feeling "secure". "Of course I know settings" save your butt but not all are so eager to tinker. Any other approach is being naive or paid by a company. You end up writing blog posts or rambling in a podcast

As Ive said before they do have forum and ways to report bug, even a wishlist so dig in with both eyes open...

What would you feel about MSE if it was years old and had "System Restore did not work under Windows Vista" in changelog for latest version? You dont mind Outpost so guess not a problem? MICROSOFT name on the box makes you shoot left and right

Bamse · « **Reply #60 on:** October 14, 2009, 06:13 AM »

Must say the MICROSOFT name triggering doubts is understandable (they should have made MSE when XP was released!) but not really if you feel there are many tiny Microsoft clones in security business. With some exceptions perhaps but generally my point of view, so I welcome MSE and hope it will do well. At least enough to make competition (not competition if you ask MS but BS) make an extra effort. Strange that both AVG and Avast just happens to put out new versions right about now

To make a reason for being alive they need to be better. MSE serves other purpose than just being a more than good enough scanner for GrandMa and family.

cmpm · « **Reply #61 on:** October 15, 2009, 12:20 PM »

Might want to be sure to have an uninstaller, before installing windows security essentials.

Like Revo.

http://www.revouninstaller.com/

Put it on "advanced" mode to get it all out.

Yeah, I tried it. Uninstalled it.
That's all I have to say about it.

Innuendo · « **Reply #62 on:** October 15, 2009, 01:53 PM »

Out of curiosity, was he running with Administrative rights when this happened?
-Stoic Joker (October 13, 2009, 06:22 PM)

I'll have to ask him and get back to you on that one. What I can tell you so far is that he was running Windows 7 and UAC was not disabled.

Innuendo · « **Reply #63 on:** October 15, 2009, 02:10 PM »

Well that is up to you Innuendo but dont think you test basing evaluation on random info.
-Bamse (October 14, 2009, 12:43 AM)

Prove to me how you know 100% how I test and what I do? Please don't assume to know me, my computing environment, or how I test. Also, please do not assume that if someone reaches different conclusions than you that they are wrong.

You are set on not liking MSE so use a different standard no security software can pass - including the one you use right now.

This is also a false assumption on your part. When I first heard about MSE I had high hopes for it & had told everyone I know that finally a free, easy-to-use security program had arrived & they should consider installing it immediately. I had even installed it on a few people's computers who were less worldly about computers & did not have very much experienced. To prevent another false assumption on your part, I embraced the idea of MSE & advocated its use to everyone who did not want to pay for security software.

This was before the test results came out that showed that MSE lets a lot of stuff through. This was before my knowledgeable friend's experience where MSE let numerous trojans install. This was before the information came out that MSE has no heuristics at all

Unfortunately, I'm having to eat crow & go back to everyone I recommended considering MSE to reconsider installing it due to its poor performance.

This was just confirming what you want to hear.

This is false. I did not want to hear this as I wanted an effective ad-free security program to recommend to friends and family. MS let me down. They usually don't, but this time they did.

You seem to think I have a vendetta against anything with Microsoft's name on it and that is simply an unfounded accusation. I have a bought and paid for version of every software package Microsoft has sold. My keyboard and mouse both were made by Microsoft. Somewhere in a dark corner of a closet I even have a Microsoft Phone System. Yeah, I'm one of the 6 people worldwide who bought one of those.

Releasing a security program without heuristics in this day and age is worthless. It would have been fine to release something like that when XP was released, but in 2009 it's silly as the malware comes to quickly to rely on signatures alone.

This is my last reply to you on this subject as you seem keen on liking to disagree with things you assume to be true and just simply aren't. So feel free to have the last word, but I don't see the point in discussing something with someone who *imagines* what the other person's viewpoint is rather than listening to the other's points without making assumptions.

Bamse · « **Reply #64 on:** October 16, 2009, 03:08 AM »

You dont even have it on your computer dude so how can you say you have done any testing? Are they releasing a security program without heuristics? No they are not. Rootkits also covered. You have more basic questions go look them up. This is pretty low. Im not assuming, just replying to your weird ideas of this little program. You sprint to negative conclusions at first chance. Start with getting facts right at least, you can still hate it. Just be a bit fair and informed. So now we have test results? from where? Ive not seen any. Is it the friend again, yes why not focus on 1 friend with a program being spread globally. We continue the if not as fast as Kaspersky MSE is flawed logic. If he was god you still cant hang your "flawed" idea on his experience, can never make sense - especially not if you say you run Outpost Security Suite. Seems like you are thrashing it to me. Zero interest for anything but picking up negative or false info is typically sign of that, then time stops since you have what you need for conclusion. Lets see 724 posts - ok so you know how that works... You wait for expected ??? or what did it do? and then you are off. Dont say you are testing anything dude. If you run Outpost you know how these programs work out in the real world and that issues are close friends to them. Ive pointed out at least one which might not be bug but at least an annoyance of the more severe. Others here and there have said the same, I have researched. Dont scream! Im not able to find any other problem unless we go down to GUI and such. Really. My offer of making any other free AV look silly still stands by the way. If you test AVs by not installing them, you could seek other sources, google it! Add and substract, some day do your own testing. Then you learn.

Well the MICROSOFT name being the major trigger I could understand. Some will feel that way. Those who think others should know about their position write just like you - but flawed and worthless label is explained and justified based on your knowledge, so not the case. Pro and con concept is not really your cup of tea I guess.

Btw, your friends story about MSE being transparent to infections is about the first time Ive seen that. Really. I might be close to 100% sure detection rate is not an issue, that I will do you the favor of suggesting putting focus on other matters. If Im right what will happen is your stories get old, very old. Im not sure you know how malware world works, but references to randomly picked incidents, which require a lot more info to be more than hmmm, and basing a thrashing on that is simply rambling. Unless whatever is just always crap it really is rambling. Thing is MS have not had bigger problems than so many others with the old OneCare for quite some time. MSE is supposed to be better and nothing indicate that is not the case. This fact you have figured out could be false, just trying to help...

MrCrispy · « **Reply #65 on:** October 16, 2009, 03:20 AM »

I've switched to MSE on all my pc's, from Avira/AVG etc. It is light, fast, the detection is at least as good if not better than any other free product (and many paid ones) and it includes rootkits, heuristics, dynamic updates and has o bloat or fluff. I run Vista/Win7 and have had no issues at all. I don't have any problems trusting Microsoft which seems to be a big issue for people.

And I'm willing to bet that if you combine a NAT router ($20), UAC on and running as normal user, IE protected mode, Win7/Vista firewall and MSE, you are not going to get infected unless you ignore any warning and run local files.

MrCrispy · « **Reply #66 on:** October 16, 2009, 03:29 AM »

http://blogs.technet...ntials-week-one.aspx

MSE has a huge potential advantage , as we can already see millions of people will use it and that will improve the signatures. I wish MS would make it a critical update in Windows Update, it would fix 90% of all pc's worldwide.

Bamse · « **Reply #67 on:** October 16, 2009, 04:49 AM »

Yeah but there is still room for improvement. Right now Im waiting for something to drop from the sky, like a "dynamic" signature. Have submitted to MS so looking at clock. http://www.virustota...219d78ca9-1255686179 Im careful about testing since cant do it in Virtualbox due to some validation problems but file definitely not recognized. I know it is not MSE engine they use but Im not running it to test "code emulation" or what they call it. 2 days old and shows how crappy situation is - if you happen to click on everything that moves. And dont use newer Windows properly, but it can potentially get crappy! Remember first thing to do in at least Vista is to turn off UAC and run as admin if not superadmin. As much common knowledge as the opposite and so then risk is much closer.

Bamse · « **Reply #68 on:** October 16, 2009, 04:58 AM »

Damn that was quick - and a disaster! Im not sure it is a good idea to post but must be fair...

Submitted Files
=============================================
update.exe [Not Malware]

That better be a FP but Im 99% sure it is not. Got it from a list of malwaredomain. Malware 1, MSE 0

I can feel a need to sign up for their forum coming on.

Stoic Joker · « **Reply #69 on:** October 16, 2009, 05:47 AM »

Submitted Files
=============================================
update.exe [Not Malware]

-Bamse (October 16, 2009, 04:58 AM)

update.exe doesn't tell anybody anything, what is its size, origin, & current location? There are several places one can get a file called update.exe QuickTime has one, (some of) HP's drivers have one; they're almost always persistent ... But that doesn't make them malicious.

Bamse · « **Reply #70 on:** October 16, 2009, 06:04 AM »

Is from a site listing malwaredomain so not HP. Should be a trojan, has ID and all. Content is all malware. When run it appears to be a Russian notepad.exe - no scanner seem to catch anything. Strange but I hope Kaspersky or other big names recognize it soon. Then back to the xbox playing dude at MS.

Not sure Im allowed to give links to that site, there are several of them, very public - used by Malwarebytes and others, but not all like them in forum posts. Like those who write forum rules. Can say so much site listed is Chinese and other content is labeled pdf exploit, Liberty Exploit System kit, trojan. I put money on infection for now.

Bamse · « **Reply #71 on:** October 16, 2009, 06:24 AM »

Here is MSE in action when I enter domain holding that update.exe so Im a bit cheap on the links... Not all are so well protected

Windows Security Essentials

Innuendo · « **Reply #72 on:** October 16, 2009, 11:21 AM »

Out of curiosity, was he running with Administrative rights when this happened?
-Stoic Joker (October 13, 2009, 06:22 PM)

Here's that information I promised to get you, Joker. He was running as as a user in the administrator group. The OS was Win7 and it was running at the stock UAC level (which I have since told him he needed to bump all the way up which he did) and the browser he used was Firefox v3.5.3 with no extensions.

He used to run Eset software before, but when his subscription lapsed he thought he'd try to save some money and give MSE a try. After his big adventure he couldn't get his credit card information to Eset fast enough.

Bamse · « **Reply #73 on:** October 16, 2009, 01:42 PM »

The big unknown adventure with no clicks involved, just happened, ooops... Ok I stop but details, details, the more the better. Must know what went wrong, can nearly always be found out. If he has given you detailed and convincing reports of infection he also know where it came from. Check Malwarebytes log if nothing else is avialable, PM me link and such if you have it please. May be he got hit but Im sure of one thing - he DID click and that will be confirmed by a reconstruction. Most conveniently forget but unless you run unpatched XP with IE6, a few old browser plugins will help too, chances are not so clever clicks are involved. Like every time. Nothing to do with MSE, should stop whatever anyway but MSE was not alone of failure or you can slap me silly. If an infection race through your knowledgeable friends supposedly fully functional setup we have a major history to tell the world. Closest you will get to I did not do anything!! is infection from an usb drive with autorun enabled. That is entirely up to scanner and Windows to stop. He cant do much about that. I think MS just released a tool to permanently disable autorun on all removable drives, not the worst idea if unknown drives are used.

Well seems like that MS was right about that Russian update.exe which is in fact notepad.exe. I guess malware collector must have bundled it with all the other nasty Flash exploits and exe-files on that site. First time Ive seen that. Comodo now also flag it but I dont know. 3 out of 40+ I or scanners cant see any sign of infection so give up, is just sitting there. Went through strings in Process Explorer, looks like a Russian notepad to me. Had hoped it would trigger suddenly, nothing happens. Besides apparently being right response time of 16 min. is extremely fast. Makes people submit more, less than 6 hours or so is great.

Does not take more than a Google search do find those lists of malware but if anyone wants the handful I have they are avail. Next after Vista/7 getting computer infected is the most effective defense ever. Spend time removing too. Also good test of browser filters, Ive been told by MS IE8 have a 80+% detect rate in "social engineered" malware downloads = links! Try 30 tops. Strange world this is. Goes a bit up and down because those site of course does not list in real time, bundle and present. How that match MS filter machinery is perhaps random, no where near 80% hitrate that is for sure. Not ahead of Google filter either but nm that, another battle... If infection is good, like you cant figure out how to remove - done for!, it will stick in memory for a while. Must be done in Virtualbox/VMware or what else there is. No shared folders either. Get a 120 days free XP with IE6 from MS if none available. MSE require legit Windows, I assume it will work on those free versions. Guess easiest to set up in MS Virtual PC, don't remember if Virtualbox convert automatically.

Stoic Joker · « **Reply #74 on:** October 16, 2009, 05:16 PM »

Out of curiosity, was he running with Administrative rights when this happened?
-Stoic Joker (October 13, 2009, 06:22 PM)

Here's that information I promised to get you, Joker. He was running as as a user in the administrator group. The OS was Win7 and it was running at the stock UAC level (which I have since told him he needed to bump all the way up which he did) and the browser he used was Firefox v3.5.3 with no extensions.
-Innuendo (October 16, 2009, 11:21 AM)

I just had a funny feeling that was going to be the case (which proves f0dder's UAC recommendations again). I truly believe that the permissions reduction strategy is the only really effective defense. HIPS/Heuristics can do their part, but even they miss, FP, or just annoy you into screwing up. If a user is logged into a machine, with an account that has permission to break said machine, then the whole thing really just turns into a contest to see who blinks first. *Shrug* ...The question becomes how much of the systems resources are you willing to sacrifice on something that is only 98% effective.

Every single Anti-EvilWare solution on the market today is at best (just like birth control) only 98% effective. Why? (lawyers, true) Because (sh)IT happens...and there just isn't (cycle) time to check for every little thing right down to the very last detail so everybody just picks their best rendition of hitting the high-spots and calls it good.

A bit nihilistic of me perhaps true, but I don't care. I'm not about to pay (Peter) massive amounts of my systems resources to pay (Paul) for my right to do something stupid (Hay we all have off days...). So far MSE has managed to remain light enough to not annoy me resource usage wise (which is difficult I'll admit), so I'm letting it run to see what it does. I also have UAC enabled.

...No real specific point here, I'm just kinda sharing/thinking out loud...

Interesting side note on security trends, apparently there has been enough losses on the (high-end) border router defenses front that they are coming up/out with some entirely new "border-less" network paradigm. ...Cripes, that should be a hoot...