Microsoft Security Essentials Released; Rivals Mock It

Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."

It's working great for me

[mantis2009]

Doesn't bug, silent updates, fast scans, no noticeable performance hit. I can finally get my parents off of their annoying Norton or whatever they paid $50 to use for 12 months.

Re:It's working great for me

[Fluffeh]

It might not be perfect protection, but if it's going to be used by all the mum and dad users with zero tech skills, then it's a good thing.

They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it. This is a nice step between.

Re:It's working great for me

[DJRumpy]

I have to agree. If the independent review is truly independent, I would have to question Symantec's comments. I have to wonder if they are stating such from a professional opinion, or simply in fear for their bottom line. I would take an independents opinion long before I considered a direct competitors negative comments as trustworthy.

Re:It's working great for me

[Jeremi]

They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.

Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.

Re:It's working great for me

How about false positives? Antivirus software that checks nested encrypted archives often crashes, or marks as a false positive, files that contain a large amount of compressed data. For example:

42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.

selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive, since it was unscannable.

Re:It's working great for me

[HAKdragon]

Obligatory image: http://farm2.static.flickr.com/1283/790399551_d8a1e0ea5a.jpg

Re:It's working great for me

[jim_v2000]

How many people who will be running this AV have files like that just sitting around on their hds?

Probably none.

Besides, technically those aren't "false positives", as in the AV isn't matching a signature...the files are unscannable, so the AV plays it safe.

Re:It's working great for me

[MrKaos]

Sounds like a racket to me.

Never attribute to malice what you can attribute to shoddy engineering.

Re:It's working great for me

[jdhutchins]

Most of these files were developed to break mail scanners, so it's logical that they get marked as malware. E-mail may not be the best way to move files that are designed to be harmful to mail servers.

Re:It's working great for me

[not+flu]

Files don't have human rights.

Re:It's working great for me

[nmb3000]

42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.

That's not a false positive at all. It's a well known "exploit" called a Zip Bomb. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?

selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive

You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?

Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.

Re:It's working great for me

[Ronald+Dumsfeld]

They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it.

Hell, I never understood that either. Why should anyone who just forked out $xxx for a brand-new OS then be forced to pay yearly "protection money" as well? Sounds like a racket to me.

I regularly end up helping people who've bought a new PC which comes infested with the Norton malware. If you don't rip it out before the free trial ends it is virtually impossible to get rid of it. And, of course, if you wait until the trial expires, you've probably caught some nasty - their package is, to put it bluntly, a bloated and useless piece of shit.

It sounds like Microsoft's offering is considerably less obtrusive, and end users will not be hit with the problems I've seen with my preferred solution, Avira.

I've used, and recommended Avira for years, it is completely free for non-commercial use and all you have to put up with is a once-a-day popup advert for their paid products. This is a good thing for non-technical users, it gives them a reminder that their anti-virus has just updated and is still working.

What really, really pissed me off was Vista. XP's security control centre quite happily recognised Avira, but Vista "conveniently" failed to recognise it. This means that unless you're reasonably technically savvy you will get constant nagging that you have no antivirus product. I wonder if that had anything to do with their plans to release this new product.

Re:It's working great for me

[KillerBob]

Yes, any anti-virus is better than no anti-virus, but it won't take long before malware authors discover how to circumvent the Microsoft tool.

Microsoft bought out an antivirus company a couple of years ago. This is simply the rebranding and current version of that company's software.

And you know that virus-writers have figured out how to circumvent more expensive antivirus programs like McAfee, Norton, and PC-Cillin, right? This is why you update the virus database... so that it detects viruses that can disable your antivirus before they get that chance.

Give MS a chance. They could actually have stumbled onto a good product, and it could be something that actually helps the world at large.

I won't be installing it myself, but that's because I'm quite happy with the Avast that I have running. I'll wait for the next report over at av-comparatives before I pass judgement on it. Interesting to note that for the last several reports, several free options have been in the top 5 and occupied the top spot over all. In the latest report (August 2009), AntiVir had a 99.4% trap rate, Avast has a 98.0% trap rate. (Norton and McAfee had 98.7% and 98.4% trap rates, by comparison) But here's the rub... Avast had the lowest false positive rate of any of the top 5 antivirus programs. Norton had almost 3x as many false positives as Avast. AntiVir had more than 4x as many. And McAfee had more than 8x as many false positives. Out of the top 4 antivirus solutions, I'll stick with Avast.

But they do those tests on a regular basis, and you have no idea how well Microsoft's offering will fare in the next one. It could actually do very well. I wouldn't hold my breath, though... on the most recent testing, while MS's pay-for service tied Avast in false positives, it had a pretty lousy 90% trap rate... Still, that's nowhere near the worst offering out there.

Anyway... do your research before you decide that something is automatically bad just because it comes from Microsoft. Even if it just ties the other software, a 90% trap rate on viruses is better than a 0% from not having antivirus at all. And suggesting that it won't be long before virus writers figure out how to circumvent the software is completely ignoring the fact that virus writers figured out, a long time ago, how to circumvent commercial offerings like Norton and McAfee, and that hasn't actually hurt their trap rates at all.

When pressed...

When Pressed, Symantec admitted they were actually describing their own products, burst into tears, and chugged the rest of the bottle of whiskey.

Symantec is a bunch of crap

[tjstork]

Sorry to throw Symantec under the bus, but the AV program and AV mentality that they have created amounts to a CPU tax. We don't have 4 core machines, we have 3 cores plus for one for Symantec, which manages to have the deadlock everything while it scans a single file.

Re:Symantec is a bunch of crap

[fuzzyfuzzyfungus]

Symantec operates on the TSA theory of security:

If you aren't being harassed by a mouth-breathing subnormal, you aren't secure.

Re:Symantec is a bunch of crap

[Anpheus]

My father, also in IT, has the theory that Symantec's goal is to consume your computer's resources to the point where a virus would give up and realize that your computer isn't worth being used in a botnet or for extortion.

Symantec shouldn't talk

[toastee]

Around the computer shop's i've worked at we joke that we'd rather have a virus than norton on our machines, at least the virus won't charge you a fee to mess up your OS.

Re:Symantec shouldn't talk

[BikeHelmet]

You joke about it, but I say it with a straight face.

I don't do a lot of virus removal - maybe one per week, just as a service for friends and friends of friends - but about 30% of those "virus" removals are actually tossing out Antivirus and Firewall products.

Ethernet broken? Programs taking 4 minutes to start and 30 minutes to install? Horrible graphical lag, and start menu lockups? Can't shut down the computer or open IE?

First thing I do is disable the AV already on the computer, to check if that's causing it. 30% isn't "usually", but it's high enough that I can't help but want to scream "WTF" at these AV vendors.

Re:Microsoft Security Essentials...

[Tablizer]

A virtual virus can be as bad as a real virus. Deleted files and pirated bandwidth are the same either way.

Pot, meet Kettle!

[kimvette]

Jens Meggers, Symantec's vice president of engineering, dismissed MFE as a "poor product" that will "never be up to snuff." [CC] [GC] Meggers added, "Microsoft has a really bad track record in security."

Symantec's products aren't exactly admired for security and effectiveness in recent years. Pot, meet Kettle,

Get what you pay for?

[Inverted+Intellect]

Last I checked some of the highest detection rate AV solutions also happen to be free.

I use Avira AntiVir, which came in #2 in the last comparative study I read. It's gratis, with the sole "cost" of a popup-ad every 24h, disabled in the paid version (or for free, if you know how to set up a local security policy under windows and don't mind breaking the EULA).

Unbiased review?

[babyrat]

So let's see, independent groups give positive reviews. One of the main competitors give it a negative review. Who to believe?

Re:Unbiased review?

[Dahamma]

It's kdawson, if Microsoft somehow cured the common cold his headline would be "Microsoft technology responsible for deaths of trillions of living organisms".

I like it and will recommend it to anyone.

[farbles]

It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.

If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.

Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.

/not an MS fanboi but when they get one right, they deserve praise, and they got this one right folks.

Since I don't need a graph or pop-ups

[earnest+murderer]

To tell me it's working, it sounds like pretty much the best thing out there.

When the CEO of your competition derides your product publicly, you know it's got to be good shit.

"You get what you pay for"?

[hyades1]

I've used Avast Antivirus (free), Malwarebytes Anti-Malware (free) and Comodo Firewall (free) for a couple of years now. I've never had a virus and various other types of malware are promptly and efficiently dealt with.

Trust the inventors of Windows Genuine Advantage with my security? Or freakin' Symantec? I won't bore you with the horrible, hellish experience of getting Norton Antivirus off my machine. It was harder to get rid of than the virus it failed to catch.

Fat chance. I'll stay with something that works, thank you very much.

Re:Bad reviews by...

[uncoveror]

Symantec? Ha! I would rather have nothing at all than Norton products. They are bloated resource hogs, and any script kiddie's concoction can disable them. People who know nothing about computers, but still own one for their work or their kids' school buy Norton crap purely on name recognition. All they are buying is a false sense of security.

Very slow on single core CPU

[DigiShaman]

I just formatted and installed XP SP3 on a machine running an Intel 2.4Ghz CPU (Northwood and non-HT). I've noticed that installing applications take about four times as long after having installed this program. The culprit seems to be a running process "MsMpEng.exe" pushing CPU utilization to a total of 100%. I did not have Windows Defender installed, but it's interesting to note this is the same file that it uses too. I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.

Other than that, it seems to stay out of the way under general computing. But for those looking to do a format/reinstall of Windows, I recommend installing this program AFTER you get finished with everything else on your to-do install list.

Re:Very slow on single core CPU

[GF678]

I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.

According to the Ars Technica link in the summary, MSE is a superset of Windows Defender, to the point where the MSE installer will disable Windows Defender completely if detected.

As for the single core issue, quite possible. I noticed for example that Vista's Windows automatic update detection check utilized 100% CPU of my (then) single-core machine for several seconds, affecting performance considerably. But when I moved to a dual-core, the effect was completely unnoticeable. Seems as if single-core is no longer considered when testing software performance and impact on the rest of the system.

Leave it to Symantec

[WiiVault]

to make everybody on Slashdot rush to defend MS.

Re:Microsoft about to kill another industry?

[AmberBlackCat]

Long ago, we had Norton Antivirus for Windows 95. I guess this was when online updates were a new thing. The box said something like "never buy antivirus software again!" and boasted about how it would always be updated and current. Then one day it stopped updating. Our reply from the customer support people was "this product is no longer supported". They told us we had to buy the new version. Let them die.

Rootkit Detection

[gordguide]

Microsoft purchased Komoku, a developer of RootKit Detection software with clients like the usual government and military suspects, banks, that kind of thing. Komoku's technology has been rolled into Microsoft Security Essentials.

I would think that right there is a good reason to check it out, and possibly implement it in your XP/Win7 system, especially since MS probably had a chance to do some tweaking on the RootKit detection engine using their proprietary knowledge of some of the more obscure aspects of Windows file systems, the still unpublished NTFS specification, etc.

Of course, if you have no RootKits installed, it might be more of a pain than necessary ... after all, every AV app you now have running says nolo problemo, si?

Then again, how would you know?

if you do have a RootKit lurking, I find it very difficult to believe that Norton or Symantec would tell you so ... the whole point of RootKits are to avoid detection, whether by conventional AV applications or otherwise, and to avoid removal by the usual removal tools available to AV product users.

Some RootKits are even stealth-installed by law enforcement, and the "person of interest" isn't supposed to have Norton go all five-alarm on them, if you get my drift. Not that we can be sure this will either ... I'm just sayin' they are not trivial to detect, is all.

It remains to be seen exactly what MicrosoftSecurityEssentials does turn up, but in at least one aspect, you are getting (for free) security software that cost thousands of dollars had you contracted with the original developer prior to Microsoft's acquisition (March 20 2008) and prior to MS's adding at least some of that same software to this new app.

There will be plenty of people who will jump in right away and download MicrosoftSE. If you're one of them, fine; don't change for my sake.

But, the best advice might be wait a week or so, as the prudent should, to see if major issues develop once widespread deployment exposes the suite to a wider set of configurations. If all is well, I say "run her". When MS offers you the equivalent of "free money" I say take it. I never see them refuse mine.

Re:"Free" protection is a trojan horse for Onecare

[dhavleak]

MS discontinued OneCare around a year ago genius (see here). The free Security Essentials release we're discussing in TFA is what the OneCare team got spun off into..

DRM and Sliverlight down your throat

[sebsauvage]

Not happy with forcing WGA and automated WindowsUpdate when you install this antivirus, MSE also forces DRM and Silverlight down your throat. Oh... and you are not authorized to talk about MSE without written consent from Microsoft.
Just read the license.

Doh!

Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.

Symantec trash talking

[amn108]

Actually they are just trash talking MS in the true spirit of corporate competition. It is like brushing teeth in the morning for them. You are not taken seriously as a competitor if you don't issue some form of short press conference where you can say how bad everything but your own products is.

The truth is, through my "fixing" of countless laptops ridden with Symantec products, I can honestly say, disregarding their security track record, I despise and resent their products as much as I ever could. Large, monolithic but with 10 services to get rid of, poorly uninstalling or not uninstalling at all, horrible user interfaces - at least Microsoft products are benign compared to Symantec, use FAR FEWER resources to the point where you don't notice them (but they still do the job), have usually quite well designed GUIs and remove themselves without question. Thing is, Microsoft has different divisions, and clearly divisions that work on Windows Defender, Windows OneCare Live, and now Windows Security Essentials are, by evidence, not the same division that work on builtin Windows security, although situation seems to be improving on the latter.

Symantec and those corporate benemoths have been preying on customer fear for malware, and feeding us crap for more than ten years now. There was once Peter Norton and his Norton Commander, ever since that it went downhill with all things related to him and his company. Symantec has a lot of fat around the waist now. And they are afraid Microsoft is onto them.