Slashdot Mirror
Microsoft Security Essentials Released; Rivals Mock It
Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."
A virtual virus can be as bad as a real virus. Deleted files and pirated bandwidth are the same either way.
Table-ized A.I.
Last I checked some of the highest detection rate AV solutions also happen to be free.
I use Avira AntiVir, which came in #2 in the last comparative study I read. It's gratis, with the sole "cost" of a popup-ad every 24h, disabled in the paid version (or for free, if you know how to set up a local security policy under windows and don't mind breaking the EULA).
Anyone remember a software product called QEMM back in the DOS days? It was a tool to deal with this horrid thing known as "high-mem" back in the bad old days before Windows 95, allowing one to have more memory to run Win 3.1. It was written by a company called Quarterdeck Office Systems and it built their business. Microsoft came out with a tool that did the same thing called memmaker that worked well enough and did the same thing and they bundled it with DOS 5.0 (I think it was 5.0). Though, not as efficient as QEMM it was good enough and ultimately led to the demise of Quarterdeck (along with a bunch of other dumb mistakes).
How about false positives? Antivirus software that checks nested encrypted archives often crashes, or marks as a false positive, files that contain a large amount of compressed data. For example:
42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.
selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive, since it was unscannable.
Okay, now that Microsoft makes an antivirus, someone explain to me why they haven't simply dedicated all this effort to debugging Windows, closing security holes and stabilizing code? Can anyone now sufficiently explain their motivation to do so? I don't see anymore reason for Microsoft to clean up the mess that they made, now that they've thrown a board over the pothole instead of repaving the frickin' road.
If Microsoft makes Windows secure and stable, then, in theory, the antivirus industry is out of business. Someone, please, convince me to remove my tinfoil hat.
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
Didn't Microsoft PROMISE that all "security updates" would never require validation?
Oh, nevermind...
You joke about it, but I say it with a straight face.
I don't do a lot of virus removal - maybe one per week, just as a service for friends and friends of friends - but about 30% of those "virus" removals are actually tossing out Antivirus and Firewall products.
Ethernet broken? Programs taking 4 minutes to start and 30 minutes to install? Horrible graphical lag, and start menu lockups? Can't shut down the computer or open IE?
First thing I do is disable the AV already on the computer, to check if that's causing it. 30% isn't "usually", but it's high enough that I can't help but want to scream "WTF" at these AV vendors.
I've been using Microsofts OneCare security suite for over a year now and I absolutely love it. It has been able to stop, detect and remove and lot of pieces of malware, spyware and trojans. I can see how Microsoft got a bad rap in the past, and I used to believe Microsoft software in the security field was unreliable but OneCare has changed my thinking. I think Symantec might be rushing to judgment a bit quickly but time will tell whether Microsofts new innovation is a worthwhile endeavor
"Norton" Utilities started to go downhill the moment it was acquired by Symantec, and after just two years I could no longer stand to use the product. Not only did the "utility" of the product steadily decrease, I found the virus / malware detection to continually be substandard compared to cheaper and even freeware products.
I am aware that there are people who still swear by Symantec products, and I do not wish to argue with them. But I was with that family of products ever since Peter Norton put them together into a package, and is is simply not up to the standards that his personal software met... no matter how big their corporation is today.
Boo, Symantec. I use Kaspersky and a few other tools now, and even though it takes several separate tools, I find the whole to be both superior in performance and also less intrusive into my system than Norton Utilities and other Symantec products.
Maybe he finally figured out that the part of the ladder theory he occupies means he will never get the nookie.
Jesus was all right but his disciples were thick and ordinary. -John Lennon
Microsoft purchased Komoku, a developer of RootKit Detection software with clients like the usual government and military suspects, banks, that kind of thing. Komoku's technology has been rolled into Microsoft Security Essentials.
I would think that right there is a good reason to check it out, and possibly implement it in your XP/Win7 system, especially since MS probably had a chance to do some tweaking on the RootKit detection engine using their proprietary knowledge of some of the more obscure aspects of Windows file systems, the still unpublished NTFS specification, etc.
Of course, if you have no RootKits installed, it might be more of a pain than necessary ... after all, every AV app you now have running says nolo problemo, si?
Then again, how would you know?
if you do have a RootKit lurking, I find it very difficult to believe that Norton or Symantec would tell you so ... the whole point of RootKits are to avoid detection, whether by conventional AV applications or otherwise, and to avoid removal by the usual removal tools available to AV product users.
Some RootKits are even stealth-installed by law enforcement, and the "person of interest" isn't supposed to have Norton go all five-alarm on them, if you get my drift. Not that we can be sure this will either ... I'm just sayin' they are not trivial to detect, is all.
It remains to be seen exactly what MicrosoftSecurityEssentials does turn up, but in at least one aspect, you are getting (for free) security software that cost thousands of dollars had you contracted with the original developer prior to Microsoft's acquisition (March 20 2008) and prior to MS's adding at least some of that same software to this new app.
There will be plenty of people who will jump in right away and download MicrosoftSE. If you're one of them, fine; don't change for my sake.
But, the best advice might be wait a week or so, as the prudent should, to see if major issues develop once widespread deployment exposes the suite to a wider set of configurations. If all is well, I say "run her". When MS offers you the equivalent of "free money" I say take it. I never see them refuse mine.
It makes me suspicious. Usually when there's an article about Microsoft, even if it's about something good they're doing, everyone on Slashdot attacks them. It strikes me as odd, how many comments are giving this software a chance. Almost as if a bunch of MS employees are posting comments.
selfgz.gz doesn't seem to have been created to break email servers, merely as a curiosity. It's not even dangerous unless you attempt to recursively extract it without limit, because it is only 210 bytes in size.
To back up my decision, my AV (Avast! Home Edition) scans files as they are downloaded, and it blocked the download of 42.zip as an archive bomb (taking only a couple of seconds to scan it too), but was perfectly happy with selfgz. Though it does end up saying: "Number of scanned files/folders: 33/1"
I dread the day when someone finds an exploit in my AV's scanner, as that would mean that an infected file would automatically execute when I tried to download it...
"Top end protection", these days, means one thing on Windows: unplug the damn ethernet/router! There is no Windows product which even comes close to properly keeping a stupid computer user from infecting the machine once it's connected to the Internet, regardless of how few programs are installed or how up-to-date it is. None.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.
Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.
I regularly end up helping people who've bought a new PC which comes infested with the Norton malware. If you don't rip it out before the free trial ends it is virtually impossible to get rid of it. And, of course, if you wait until the trial expires, you've probably caught some nasty - their package is, to put it bluntly, a bloated and useless piece of shit.
It sounds like Microsoft's offering is considerably less obtrusive, and end users will not be hit with the problems I've seen with my preferred solution, Avira.
I've used, and recommended Avira for years, it is completely free for non-commercial use and all you have to put up with is a once-a-day popup advert for their paid products. This is a good thing for non-technical users, it gives them a reminder that their anti-virus has just updated and is still working.
What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it. This means that unless you're reasonably technically savvy you will get constant nagging that you have no antivirus product. I wonder if that had anything to do with their plans to release this new product.
Where's the Kaboom?
There's supposed to be an Earth-shattering Kaboom.
I work in AV and tell you these:
- Stop bashing Norton, because it only shows you are 3 years behind the events. Ever since the massive rewrite for Norton 360, Symantec AV is really good again and popular and that scares smaller antivirus competitors quite enough.
- Microsoft's free security is a problem, because it makes VXers work easier. Currently there are at least three major and two dozen smaller antivirus vendors and cyber criminals have to decide whose products their malware should attack or defuse, as all at once is impractical. If Microsoft's free-beer entry clears the arena and soon there won't be more than half a dozen AV players left, it will be possible to produce malware which kills all known active protection suites in one go and wreak havoc.
- Microsoft will probably use their free AV to create artifical incompatibility with established AV vendors and drive them out of the market or buy them at reduced price. As soon as MS is king, Ballmer will make security a paid item.
As long as you're using Vista or 7, both of which include technology for low priority processes, MSE will be a negligible performance hit on your system.
:P
I generally tell the program to exclude my games directory of real-time virus scanning. Most viruses these days aren't out to try and infect every application in your system, but to dump themselves in temp files or the windows directory (or in the future's case, somewhere in the user's home directory).
So really excluding the games folder for me isn't so much of a problem
Symantec's security products suck. They are a pain, not particularly good at finding threats, and they slow your system down. Ok well despite that, they manage to hang on because a lot of people know they need virus protection (and Windows will remind you of that fact) and Symantec has name recognition. Unfortunately some of the very best out there are from companies that people have heard of, like ESET. Also, they all cost money, just like Symantec.
So the good AV solutions probably didn't cut in to their market that much. Ya, I run NOD32 (side note, I really recommend it if you are after virus protection, it is excellent) but then I would go with no protection before I'd run Symantec. I'm not really a lost sale. They are after the non-technical user market, who know enough to know they need virus protection, but will just buy it form the first name they recognize.
Well now along comes a product from Microsoft. Can't get much better name recognition than that. What's more, it is free and what's even more it is very light weight, at least as compared to Symantec's crap. Now THAT is a problem. That could seriously cut in to their market.
Also remember this is the same Symantec that was complaining about Vista's security center as being "anti-competitive." All the Vista (and Windows 7) security center does is make sure you have anti-virus, anti-malware, a firewall, and automatic updates. If you don't it warns you. While the updates have to come from MS (or a WSUS server if you are in a domain) the rest it doesn't care about. It is quite happy with ESET Smart Security as your AV, AM, and firewall and shows a green board. So why was Symantec whiny? Because they had a similar thing, but it said you needed all Symantec software. So if you got just their AV solution, it'd tell you that you were at risk unless you bought more products. They were scared that people would look at MS's security center and go "Oh, ok, I've got what I need."
More or less if Symantec is badmouthing a product, I think it is worth my time to check out :D.
As for the product in question, we are trying it at work now. It seems to be very fast and unobtrusive. So long as its detection rate is reasonable, I'd say it's a winner for people who don't want to buy a solution.
I'd like to know what the people who make REAL AVs like Avira and Kaspersky, think of it. Symantech is completely irrelevant (only the clueless use their crap), and TrendMicro doesn't have what it takes to be given any serious attention...
Sincerely, I outright _hate_ Micoshaft, but if they will give us signatures at the end of the day for every new artifact that shows up around here trying to steal ID and account details, they win.
In itself, it was not a program designed to adversely affect the operation of the computer;
The whole point of the Sony software was to prevent you performing certain copying operations (related to Sony and possibly other music CDs) you could otherwise have done on your computer, whilst consuming at least some resources even when not playing a Sony CD. If that's not 'adversely affect' then what the fuck is? It had more of a visible effect on some systems than installing certain types of 'real malware'.
AV only works because there are multiple options out there...
If a single product becomes dominant, then the code required to defeat it simply becomes a standard component of any malware... It effectively just becomes an extension of the os which any malware needs to get round in order to function.
Currently any malware that wants to do that, has to deal with multiple different av possibilities which is a lot more work for the malware authors.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!