Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is microsoft security essentials really that bad?


  • Please log in to reply
21 replies to this topic

#1 acerts04

acerts04

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 AM

Posted 26 April 2013 - 11:42 PM

hey guys, i read some reviews from earlier this year about MSE and how it failed alot of tests, but recently i have read some new reviews that microsoft was working on that and making MSE better since then. whenever i fix some computers up for family members and friends i usually always install MSE with malwarebytes to give them an initial free wall of protection to work with, should i not be using MSE?? should i be using avast instead, since i have read good reviews about avast, but also some bad. do you guys recommend something different or better? any input is greatly appreciated. i personally like MSE, but if its protection is crap, then of course id switch.

 

thanks everyone

alex


"In real life, the hardest aspect of the battle between good and evil is determining which is which."


BC AdBot (Login to Remove)

 


#2 jonstonx64

jonstonx64

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nashville, TN
  • Local time:08:56 AM

Posted 26 April 2013 - 11:51 PM

You hear good reviews and bad reviews on nearly everything. I personally use Avast on my laptop. I have AVG on my desktop, and it runs great as well. I installed Microsoft Security Essentials on another computer, and you hardly notice it's running. I've read reviews as Avast being the best free AV, but I like AVG more than Avast. Avast does tell you, like literally through the speakers, that it updated virus definitions which can be cool sometimes, but could easily be disabled if you want. I probably didn't help much, but any free AV will work decently. I haven't heard anything bad about MSE though.



#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:56 PM

Posted 27 April 2013 - 05:56 AM

Hi alex -
I have used MSE almost since it was released, and it still updates and scans by itself daily.
Yesterday it caught a Trojan as I was searching for an answer, and quarantined it in 1 second flat -
Due to the research I do, there are some suspect sites I visit, but MSE has always caught any infections very quickly.

 

You can read many things about almost any Antivirus programs (even AVG has lost its high rating recently). This may only be for a short while, and they may lift their game in the next few updates. Also Avast is having problems by adding "shields" to the program that many users do not fully understand how to use.

Choosing an Anti-Virus Program < This topic by quietmam7 is a good basic help to most people.

 

Thank You -



#4 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 27 April 2013 - 06:15 AM

MSE uses a reactive method of identifying malware and Avast is proactive in the identification of malware. So, do you want to block malware (proactive) before it is downloaded and becomes resident on your PC or do you feel comfortable that MSE will catch the downloaded malware in time (reactive) before it can do any damage? Your choice...

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:56 PM

Posted 27 April 2013 - 08:03 AM

 

anyrepli, on 27 Apr 2013 - 9:15 PM, said:

MSE uses a reactive method of identifying malware and Avast is proactive in the identification of malware.

I find that MSE is also acting in a "Proactive" way, since you can not stop the infection unless it hits your system, and then it is halted or found by the Antivirus program or Firewall, and there is no way to compare this by "normal" channels.

Your Antivirus program is unable to forecast that you will hit an infected site prior to hitting it -

I use WOT and other methods so that I never hope to hit a suspect site, but we can never foretell that a site is infected.

If you read the Malware Removal pages, both here and at the avast forum site (I am a member there also), we all get hit sooner or later -

Can you please explain what you mean by Proactive and Reactive in regards to my statement above ?

 

Without adding other programs like SpywareBlaster, WinPatrol, there is no way to fully prevent infections, and even then you are only 99% protected -

 

Thank You -



#6 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 27 April 2013 - 08:16 AM

Oh but you can stop malware before it hits your system if you interject a good anti-virus in the download path to detect and warn you that the impending download may contain malware so you are dead wrong there and I am sorry to be so blunt in my response. Conversely, MSE does nothing to deter one from downloading anything so there is a short window of opportunity for the malware to do something before MSE reacts and goes to work on the (already resident) malware.

Proactive: Blocks downloads and warns of possible malware giving one a chance to exit the website.
Reactive: Deals with the malware after it has become resident on your physical hard drive.

MSE ranks dead last in proactive (or should I say prevention) but works well in the removal area (or should I say post-resident detection)

Edited by anyrepli, 27 April 2013 - 08:20 AM.


#7 cmptrgy

cmptrgy

  • Members
  • 1,630 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:09:56 AM

Posted 27 April 2013 - 08:47 AM

alex it's good that you bring up concerns about ensuring your computer stays safe. I wish some of my friends would do so

 

In my experience, I have seen each one of the mentioned programs (MSE, AVG & AVAST in addition to Malwarebytes)  come through for my frends many times as a 2nd opinion program even though they were using full internet protection suites from other well known companies

 

In your case you are using MSE, I'm sure you are using it in real time mode

--- At the same time I believe it's a good idea to have a 2nd opinion protection program but not in real time mode

------ Try a 2nd opinion program and see how it comes through for you and decide how you would like to continue from there including having a different primary real time mode security program

--- I believe as quietman7 states:  Using more than one anti-virus program isn't recommended but please read the article to qualify what that means

 

I still have XP and it was given to me because it was seriously infected and the original owner thought it was a piece of crap

--- Fortunately I had it singing the first day I had it and it still is --- not only functionally but also safely

--- I have been using MSE as my primary security program and Malwarebytes Free as my 2nd opinion program very successfully

--- I have also used Avast in the past but my final choice was MSE & Malwarebytes Free

I hope this helps



#8 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 27 April 2013 - 09:28 AM

alex it's good that you bring up concerns about ensuring your computer stays safe. I wish some of my friends would do so

 

In my experience, I have seen each one of the mentioned programs (MSE, AVG & AVAST in addition to Malwarebytes)  come through for my frends many times as a 2nd opinion program even though they were using full internet protection suites from other well known companies

 

In your case you are using MSE, I'm sure you are using it in real time mode

--- At the same time I believe it's a good idea to have a 2nd opinion protection program but not in real time mode

------ Try a 2nd opinion program and see how it comes through for you and decide how you would like to continue from there including having a different primary real time mode security program

--- I believe as quietman7 states:  Using more than one anti-virus program isn't recommended but please read the article to qualify what that means

 

I still have XP and it was given to me because it was seriously infected and the original owner thought it was a piece of crap

--- Fortunately I had it singing the first day I had it and it still is --- not only functionally but also safely

--- I have been using MSE as my primary security program and Malwarebytes Free as my 2nd opinion program very successfully

--- I have also used Avast in the past but my final choice was MSE & Malwarebytes Free

I hope this helps

That's good advice IMHO; however, running in real mode doesn't change anything about how MSE deals with an infection; in that, the infection still must establish a residency on your hard drive first. However, your recommendation of using MSE in combination with Malwarebytes Free appears to be a good one that is generally accepted and appears to work well (as reported by others and yourself). 



#9 acerts04

acerts04
  • Topic Starter

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 AM

Posted 27 April 2013 - 03:07 PM

thanks alot for the input guys, lots of info. i still am just having a hard time choosing MSE or avast haha. i know it is personal preference, but i will stick with MSE and malwarebytes for now and see how it works for me.


"In real life, the hardest aspect of the battle between good and evil is determining which is which."


#10 sikntired

sikntired

  • Members
  • 958 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:56 AM

Posted 27 April 2013 - 06:14 PM

Hi alex,

 

It's good that you have a thirst for knowledge and have come to the BC forum for answers. IMO you couldn't have made a wiser choice.I have had the opportunity to have been helped by a member of this elite group to rid my system of some nasty malware.

 

Of course when you solicit advice you will get varied opinions and that is good. However after you have gleaned all the information from experienced users it will still remain your choice but it gives you the option to make a more informed choice.

 

After my experience with malware I took the advice of Noknojon ( MSE is my stand-alone plus have MBAM, SAS ) additionalyy installed SpywareBlaster and WOT.

 

Haven't had any issues since ( pro-actively or re-actively. Regards..............Best



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:56 PM

Posted 27 April 2013 - 06:33 PM

:) Thank you all for the input, and I am glad that there are people out there that do take an interest in the security of their computers.

 

Healthy discussion is always a good way to express your opinions on these topics. We can only hope that others will come along and read our input to this, and other such items on this great free open forum.

 

None of what I have said is meant to detract from any other persons opinion on this subject, but just to add to any input that is added here -

NOTE that anything I add is my personal view only, and unless stated, is never the opinion of BleepingComputer Forum -

 

Regards -



#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 28 April 2013 - 02:42 AM

... so there is a short window of opportunity for the malware to do something before MSE reacts and goes to work on the (already resident) malware.

This small window of opportunity does not exist.

 

Modern AV programs (like MSE) use filesystem drivers. They scan everything in real-time while it is written to or read from disk.

So if IE downloads malware and writes it to disk, MSE (and other modern AV) is already scanning the file before it is fully downloaded and written. If MSE detects malware, the filesystem driver will block acces to the incomplete file (access denied).

 

But there is another window of opportunity: when you download malware from a known bad site, and your AV does not detect the downloaded malware (a false negative). It could be that your AV detects it a couple of days later, when the signatures get updated, but then it is already too late.

AVAST has an advantage here: if the site is known to be bad, even if it wouldn't detect the downloaded malware (false negative), then the download will be blocked.

Remark that MSE + MBAM with active protection offers the same protection.


Edited by Didier Stevens, 28 April 2013 - 02:43 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 anyrepli

anyrepli

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 28 April 2013 - 11:28 AM

OK Dider Stevens,

 

I'll take your word on that; however, I still wonder why MSE does so poorly in the prevention category (as identified by independent test labs recently) if it catching everything during the download stage? So, if you are correct, then Microsoft's complaints about the independent test lab results must be justified as they must not be conducting their testing properly. And, if MSE is that thorough, why does anyone need a second backup like malware bytes free? Does MSE coordinate their definition updates with malware bytes free so they can sort of "split" the responsibility? If not, how can one be sure that what MSE misses will be caught by malware bytes or visa-versa? Or is it just simple logic that two heads are better than one? Thanks for responding.



#14 stevansky

stevansky

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:56 AM

Posted 28 April 2013 - 11:43 AM

If MSE works for you well and good. There are other free programs out there though that are a lot better. Avast and AVG are two that come to mind and I'm sure there are others. A good resource for researching various offerings and how well they work can be found at http://www.av-test.org/en/home/ They compare all the major providers as well as a lot of other companies I've never heard of. I had a paid subscription to McAfee for several years that worked well BUT with each passing year their newer software became more and more of a resource hog. I switched to the free version of AVG and I think it's a big improvement to what I had.

 

Bottom line though is that no matter what antivirus or security suite you use nothing can substitute for good common sense and best safe practices whether it's surfing the web, using social media, or email. Take some time to browse these forums, see what has happened to others, and try to learn from their mistakes. Hopefully we then won't avail ourselves of bleeping's services. My hat is off to everyone who works so hard on this site to help everyone with their bleeping computer problems. :thumbsup2:



#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 28 April 2013 - 02:17 PM

... I still wonder why MSE does so poorly in the prevention category (as identified by independent test labs recently) if it catching everything during the download stage? ...

 

No, it did not say it catches everything during the download stage.

 

When Internet Explorer downloads a file, it takes some time. Internet Explorer will write this download to disk bit by bit, for example in blocks of 1MB. MSE has real-time disk protection, this means that it will start to analyze the partially written file to disk, block by block. It it detects something, it will deny access to the file, and Internet Explorer will no longer be able to write the rest of the file to disk.

 

Scanning and detecting is not the same. MSE scans 100% of files that are written to disk (provided you have no exclusions), but it does not detect 100% of malware written to disk.

 

There was a similar question a couple of months ago, were I replied:

http://www.bleepingcomputer.com/forums/t/477048/microsoft-security-essentials-loses-av-test-certificate/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users