Microsoft Security Essentials shakes up consumer antivirus

Analysis Early tests with the full version of Microsoft’s new free malware scanner software reveals a no-frills security package that does what it says on the tin.

http://www.theregister.co.uk/2009/09/30/microsoft_security_essentials_analysis/

This isn’t really anything new. The beta version already received the same type of reviews.
It simply means the rest of the industry needs to continue to do an excellent job in order to compete and survive. :slight_smile:

Look like Microsoft did wake up and offer to Windows User a good free anti virus. I can just say that i cant wait for Avast! 5.0 again him. Maybe its can be a good competitor :wink:

and read this:

http://securitylabs.websense.com/content/Alerts/3485.aspx

That can’t happen if you used the update feature of the beta version. :slight_smile:

Its really shaken up the malware writers as well

http://www.youtube.com/watch?v=Fs5REBp8rrY

Look in the end. How its did clean up with his own Windows Product… Just 2 infections found with Malwarebytes. That nice. ;D

don’t know what to think of that, I tried he EICAR test with MSE yesterday with Avast completely deactivated. Files as well as archives were detected, which is fine (although not in RAM obviously, can’t ask too much, MSE’s really basic…)…what I didn’t think of is the EICAR zip file left some stuff in my temporary folder. How I realized that is when running CCleaner, and analyzing the content of the temp folder triggered a new alert of MSE related to the EICAR archive. The archive itself wasn’t there anymore but temps files generated by it yes, and the MSE alert mentioned that, just that. So I clicked on “clean computer”, lol several times after re-triggering the alert with CCleaner analysis…and there was no way MSE would delete or quarantine those temp files…why, I have no idea. It could have been the remnants of any virus, the behavior would have been the same…

adding: now I just noticed another issue while testing EICAR with Avast, will post that in another thread…

:slight_smile: Hi all :

The Newsletter I get from Sunbelt Software today said the following :

"MSE does NOT protect your incoming email (!)
MSE Scan speed is SLOW
MSE does not have real-time customizable monitors
MSE does not have advanced malware behavior analysis
MSE does not have live U.S. based Tech Support or Chat
In other words, you get what you pay for, as not protecting incoming email is like locking the house but leaving the front door wide open. Here is a one page PDF with the differences:
http://www.sunbeltsecuritynews.com/49QTYU/090930-VIPRE_vs_MSE "

yeah, nobody had great expectations anyway ;D

+1

And what the competitor says… well, there are intelligent way of reacting and pure FUD about what Microsoft did.
Do a better antivirus protection.
Hope MSE will be included in next antivirus tests.

What do you expect from a company that thinks they are threatened wilth loosing $$$

MSE does NOT protect your incoming email (!) is not necessary as most anti virus applications do this already
MSE Scan speed is SLOW its fast for me and I have avast!, MBAM and WinPatrol real tiime scanning active
MSE does not have real-time customizable monitors it only needs one. How many more would you like?
MSE does not have advanced malware behavior analysis Do you mean like MBAM has and your product does not?
MSE does not have live U.S. based Tech Support or Chat How many Tech support sites are U.S. based now?
If I wanted to Chat with someone at Microsoft it would be about getting my money back from a product that does not perform what I want and makes my system un-usable.

This says a lot:

Despite Taunts from Rivals, Microsoft Security Essentials is Solid

http://www.pcworld.com/businesscenter/article/172873/despite_taunts_from_rivals_microsoft_security_essentials_is_solid.html?tk=nl_dnx_h_crawl

BTW, MSE DOES have a forum with people from Microsoft answering questions.

http://social.answers.microsoft.com/Forums/en-US/category/mse

Hi malware fighters,

The well known German AV-test.org has tested Microsoft’s Security Essentials and established both strong and weak sides of the new free kid on the block Test was performed with the version that was placed online. The first part held 3732 examples of malware from the WildList, and Security Essentials detected all. Second round was a cocktail of more than 545.000 viruses, worms, backdoors, bots and Trojans. Security Essentials found 536.535, that means a detection score of 98,44%. “That is quite a good scores”, according to AV=Test’s Andreas Marx. The adware and spyware test with 90,95% was less good, but acceptable. Of 14.222 examples Security Essentials failed 1287.

A perfect score also was where FP’s were concerned. Scanning 600.000 clean files, no FP whatsoever. “But because most files were MS files, any other result would be a big surprise”, says Marx.

Achillesheel
That this is a “basic” av-scanner is shown by dynamic detection results. The av scanner had to detect malware not detected before by signatures, heuristics or in the cloud features. “No effective detection in these respects were found.” No results therefore"

Removal of malware is performed as it should. it removes all active parts of malcode. But in many cases traces of infection were left behind. These were inactive executables, registry values, a disabled Windows firewall and Host-file changes.

Rootkits
But the best performance is for detection and removal of active rootkits - results here are impressive/ All 25 rootkits were successfully found up and removed. Scanspeed normal, not very fast, not very slow.
Rivals mocked the software like this: http://www.computerworld.com/s/article/9138667/Rivals_mock_Microsoft_s_free_security_software

polonus

Thanks Polonus.

As I can see:

  1. Detection rate: very good (for any kind of malwares).
  2. Very low (none) false positives.
  3. No pro-active (heuristic/behavior) analysis.
  4. Not full cleaning (as others, including avast, registry values, Host-file changes, etc. were missed).
  5. Very good rootkit detection.
  6. Scanning speed normal.

A very good competitor in the free market :slight_smile:

My computers are already adequately protected - avast, mbam, OA or Outpost, mvps with Hostman - and there may be resource conflict when MSE is added. I think not but time will tell.

The screenshot is of MS event viewer, category is system.
From a computer that I am currently working on. I thought I would load MSE anyway.

I havent powered up the R50 (spec below). But will do so before evening (currently 10.30am).

@mkis

I prefer Event Log Explorer™ to look at the system logs

Event Log Explorer™ is an effective software solution for viewing, monitoring and analyzing events recorded in Security, System, Application and another logs of Microsoft Windows NT/2000/XP/2003 operating systems. Event Log Explorer greatly extends standard Windows Event Viewer monitoring functionality and brings many new features.
http://www.eventlogxp.com

It reqires a Free Personal license for personal non-commercial use. It doesn’t allow you to connect more then 3 computers. It comes with limited technical support over Forum. Free license valid for a half year. After the expiration, you can renew your free license.

I do not see all of those MSE 5007 events in my System log but I clean the logs regularly.

Hi YoKenny. I havent had time to follow this up yet as I’ve been busy with other things. The ID event 5007 were on a computer I was working on and havent been back to as yet (had a problem with downloads, but was get a general software tidy up first). I hope to be back there later today. A quick peek at the R50 tells me that no 5007 entries there. Anyway, bookmarked yr post to come back look at tonight some time. :slight_smile:

I went out for the day to do a few things about town and left the R50 running with a web page open.

The first screen shot is self explanatory - MS event viewer, category is system.
The three antimalware entries comprise the update of Microsoft Securityt Essentials.

The second screenshot is the update event itself - the record is highlighted in the first screenshot.

Looks like the system is working normally now.