Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Security Essentials Released; Rivals Mock It

Posted by kdawson on from the free-but-is-it-worth-it dept.

Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."

16 of 465 comments (clear)

  1. Pot, meet Kettle! by kimvette · · Score: 4, Informative

    Jens Meggers, Symantec's vice president of engineering, dismissed MFE as a "poor product" that will "never be up to snuff." [CC] [GC] Meggers added, "Microsoft has a really bad track record in security."

    Symantec's products aren't exactly admired for security and effectiveness in recent years. Pot, meet Kettle,

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
  2. Unbiased review? by babyrat · · Score: 4, Informative

    So let's see, independent groups give positive reviews. One of the main competitors give it a negative review. Who to believe?

    1. Re:Unbiased review? by DAldredge · · Score: 3, Informative

      Since day one.

  3. I like it and will recommend it to anyone. by farbles · · Score: 5, Informative

    It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.

    If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.

    Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.

    /not an MS fanboi but when they get one right, they deserve praise, and they got this one right folks.

  4. Very slow on single core CPU by DigiShaman · · Score: 5, Informative

    I just formatted and installed XP SP3 on a machine running an Intel 2.4Ghz CPU (Northwood and non-HT). I've noticed that installing applications take about four times as long after having installed this program. The culprit seems to be a running process "MsMpEng.exe" pushing CPU utilization to a total of 100%. I did not have Windows Defender installed, but it's interesting to note this is the same file that it uses too. I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.

    Other than that, it seems to stay out of the way under general computing. But for those looking to do a format/reinstall of Windows, I recommend installing this program AFTER you get finished with everything else on your to-do install list.

    --
    Life is not for the lazy.
    1. Re:Very slow on single core CPU by shutdown+-p+now · · Score: 2, Informative

      According to the Ars Technica link in the summary, MSE is a superset of Windows Defender, to the point where the MSE installer will disable Windows Defender completely if detected.

      Not really true. It uses the same malware definition database as Defender, and of course it disables Defender, since it completely replaces its functionality. But the engine is very different - it's rather a cousin of that one used in Microsoft Forefront Security.

  5. Re:It's working great for me by nmb3000 · · Score: 5, Informative

    42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.

    That's not a false positive at all. It's a well known "exploit" called a Zip Bomb. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?

    selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive

    You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?

    Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  6. Re:"Free" protection is a trojan horse for Onecare by dhavleak · · Score: 4, Informative

    MS discontinued OneCare around a year ago genius (see here). The free Security Essentials release we're discussing in TFA is what the OneCare team got spun off into..

  7. DRM and Sliverlight down your throat by sebsauvage · · Score: 5, Informative

    Not happy with forcing WGA and automated WindowsUpdate when you install this antivirus, MSE also forces DRM and Silverlight down your throat. Oh... and you are not authorized to talk about MSE without written consent from Microsoft.
    Just read the license.

    Doh!

    Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.

  8. Re:[citation needed?] Re:It's working great for me by klui · · Score: 2, Informative

    Easy. Sony rootkit. http://en.wikipedia.org/wiki/Sony_BMG_CD_copy_protection_scandal

  9. No kidding by Sycraft-fu · · Score: 3, Informative

    Besides if you want to blame anyone for the death of QEMM other than themselves, well you'd be blaming Intel. The writing was on the wall for memory managers when the 80386 came out. Protected mode meant that all that shit would no longer be necessary since apps would get flat virtual memory spaces presented to them, no segmentation or tricky BS needed. All memory would be equal.

    QEMM continued to sell after memmaker came out because it did work far better. Its sales started dying with Windows, since it didn't do anything for you. Windows 95 was when it was all over.

    Please remember that the conventional memory/640k thing was NOT a Microsoft creation. It was a combination of Intel and IBM. The 8088 had 20 bits of addressing, giving it 1MB of addressable memory. Now on a system, actual RAM itself isn't the only thing that needs memory addresses. Hardware, notably video memory but other things as well, need to have memory addresses to be used. So IBM divided the addressing as 640k for system RAM, 384k for other usage. At the time they made the system, this was not a problem as you couldn't get 640k of memory. Later the limit got hit.

    Thus whenever you ran an Intel processor in 16-bit mode, this is how addressing was done. Still true to this day. Modern Intel and AMD CPUs boot up in 16-bit real mode and they still address memory in this fashion. However the OS boot loader switches them over to protected or long mode and then it isn't an issue.

    You still can run in to similar issues though, at least on 32-bit systems. You discover that on 32-bit systems you hit the 3.something GB limit. You knock 4GB of memory in to it, yet only 3.something (the something varies) are available to the OS. Why? Hardware that uses memory mapped IO. Your video card, sound card, etc. They all need memory addresses in the 4GB space the CPU can use. As such it can't actually address all 4GB of physical RAM. Wasn't a problem for a long time as 4GB was way more addresses than a system would have RAM, but no longer.

    64-bit systems don't have this problem, as they have 16 exabytes of total address space. Plenty for whatever RAM you've got, plus all the addresses for hardware. However, if in the future we ever do have computers with that much RAM, the same issue will again reappear.

  10. Re:Bad reviews by... by Dragonslicer · · Score: 2, Informative

    Symantec? Ha! I would rather have nothing at all than Norton products.

    Norton products are great. They've just all been replaced by crappy Symantec products.

  11. Re:Symantec shouldn't talk by jrumney · · Score: 2, Informative
    Except in the case of Norton. It is well known that disabling it isn't enough to get your performance back. You have to uninstall it, then run a separate removal utility (google:"uninstall Norton" for details) to really remove it. Only then does it stop messing with your ethernet traffic and consuming CPU time.

    This may account for another 30%, which does make it usually.

  12. Re:When pressed... by Deathlizard · · Score: 3, Informative

    You probably don't remember when Microsoft came out with their own antivirus package as part of DOS 6, do you? I do. It was nice, for a while. Support fell off when MS decided to change their focus.

    Yes I do. It was made for MS by Central Point Software. Then Symantec bought them out to essentialy kill off MSAV by choking off support for it.

    --
    In Soviet Russia, Trojan exploits YOU!
  13. Re:[citation needed?] Re:It's working great for me by klui · · Score: 2, Informative

    The link provides it. Symantec knew what that POS software was doing and yet it did nothing to identify it. In fact, I recall other mainstream AV never flagged it as malware.

    Ref 12: http://www.symantec.com/security_response/writeup.jsp?docid=2005-110615-2710-99

    More damning from Schneier (from the Wikipedia link)
    Ref 13: http://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html

  14. Re:It's working great for me by Z34107 · · Score: 2, Informative

    What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it

    Kind of a nitpicky thing, but the XP and Vista security centers don't "recognize" anything. Windows has an API to talk to security center - you have to call IAmInstalled32(), IAmOutOfDate32(), IAmDisabledEx(), etc.

    Vista isn't conspiring to make your software not work - Avira evidently just doesn't bother to tell Vista's security center that it's installed. Just click "I have a security program that I'll monitor myself."

    --
    DATABASE WOW WOW