Microsoft Security Essentials Released; Rivals Mock It

Bimal writes "After a short three-month beta program, Microsoft is officially releasing Microsoft Security Essentials, its free, real-time consumer anti-malware solution for fighting viruses, spyware, rootkits, and Trojans. MSE is available for Windows XP 32-bit, Windows Vista/7 32-bit, and Windows Vista/7 64-bit. 'Ars puts MSE through its paces and finds an unobtrusive app with a clean interface that protected us in the dark corners of the Internet.' The software received positive notes when in beta, including a nod from the independent testing group AV-Test." But reader CWmike notes that Symantec is trash-talking Microsoft's free offering. Jens Meggers, Symantec's vice president of engineering, dismissed MSE as a "poor product" that will "never be up to snuff." Meggers added, "Microsoft has a really bad track record in security." The GM of Trend Micro's consumer division sniffed, "It's better to use something than to use nothing, but you get what you pay for."

It's working great for me

[mantis2009]

Doesn't bug, silent updates, fast scans, no noticeable performance hit. I can finally get my parents off of their annoying Norton or whatever they paid $50 to use for 12 months.

Re:It's working great for me

[Fluffeh]

It might not be perfect protection, but if it's going to be used by all the mum and dad users with zero tech skills, then it's a good thing.

They likely would have never understood why you need to pay a lot for top end protection, nor would they likely have payed for it. This is a nice step between.

Re:It's working great for me

[HAKdragon]

Obligatory image: http://farm2.static.flickr.com/1283/790399551_d8a1e0ea5a.jpg

Re:It's working great for me

[not+flu]

Files don't have human rights.

Re:It's working great for me

[nmb3000]

42.zip contains 4.5PB of data, compressed to 42kb. My university's mailserver marks it as a false positive.

That's not a false positive at all. It's a well known "exploit" called a Zip Bomb. You think it would be a good thing if unsuspecting users unzipped that file onto their system partition or network drive?

selfgz.gz is a gzip file that decompresses to itself. My university's mailserver tries to decompress it forever to scan all the nested files. It marks it as a false positive

You can call this a false positive, but that implies the original file was useful to begin with. As somebody else pointed out, this is just designed to screw with mail servers (in addition to just being a cleverly written file). Most servers stop extracting nested archives at 6-8 levels deep to prevent this from dragging the server down. Rejecting potentially dangerous (to both mail daemons and users) files like this is better than just blocking all compressed files, isn't it?

Besides, if this MS software is lightweight and really good at catching the bad stuff, but every now and then (as in, once every couple months) gets a "false positive", I'd say it's a winner. It's easy to drag a file out of a software quarantine -- lots easier than removing the latest and greatest rootkit.

Re:It's working great for me

[KillerBob]

Yes, any anti-virus is better than no anti-virus, but it won't take long before malware authors discover how to circumvent the Microsoft tool.

Microsoft bought out an antivirus company a couple of years ago. This is simply the rebranding and current version of that company's software.

And you know that virus-writers have figured out how to circumvent more expensive antivirus programs like McAfee, Norton, and PC-Cillin, right? This is why you update the virus database... so that it detects viruses that can disable your antivirus before they get that chance.

Give MS a chance. They could actually have stumbled onto a good product, and it could be something that actually helps the world at large.

I won't be installing it myself, but that's because I'm quite happy with the Avast that I have running. I'll wait for the next report over at av-comparatives before I pass judgement on it. Interesting to note that for the last several reports, several free options have been in the top 5 and occupied the top spot over all. In the latest report (August 2009), AntiVir had a 99.4% trap rate, Avast has a 98.0% trap rate. (Norton and McAfee had 98.7% and 98.4% trap rates, by comparison) But here's the rub... Avast had the lowest false positive rate of any of the top 5 antivirus programs. Norton had almost 3x as many false positives as Avast. AntiVir had more than 4x as many. And McAfee had more than 8x as many false positives. Out of the top 4 antivirus solutions, I'll stick with Avast.

But they do those tests on a regular basis, and you have no idea how well Microsoft's offering will fare in the next one. It could actually do very well. I wouldn't hold my breath, though... on the most recent testing, while MS's pay-for service tied Avast in false positives, it had a pretty lousy 90% trap rate... Still, that's nowhere near the worst offering out there.

Anyway... do your research before you decide that something is automatically bad just because it comes from Microsoft. Even if it just ties the other software, a 90% trap rate on viruses is better than a 0% from not having antivirus at all. And suggesting that it won't be long before virus writers figure out how to circumvent the software is completely ignoring the fact that virus writers figured out, a long time ago, how to circumvent commercial offerings like Norton and McAfee, and that hasn't actually hurt their trap rates at all.

When pressed...

When Pressed, Symantec admitted they were actually describing their own products, burst into tears, and chugged the rest of the bottle of whiskey.

Symantec is a bunch of crap

[tjstork]

Sorry to throw Symantec under the bus, but the AV program and AV mentality that they have created amounts to a CPU tax. We don't have 4 core machines, we have 3 cores plus for one for Symantec, which manages to have the deadlock everything while it scans a single file.

Re:Symantec is a bunch of crap

[fuzzyfuzzyfungus]

Symantec operates on the TSA theory of security:

If you aren't being harassed by a mouth-breathing subnormal, you aren't secure.

Symantec shouldn't talk

[toastee]

Around the computer shop's i've worked at we joke that we'd rather have a virus than norton on our machines, at least the virus won't charge you a fee to mess up your OS.

Get what you pay for?

[Inverted+Intellect]

Last I checked some of the highest detection rate AV solutions also happen to be free.

I use Avira AntiVir, which came in #2 in the last comparative study I read. It's gratis, with the sole "cost" of a popup-ad every 24h, disabled in the paid version (or for free, if you know how to set up a local security policy under windows and don't mind breaking the EULA).

I like it and will recommend it to anyone.

[farbles]

It's a sweet little anti-virus program. A well designed and simple user interface, updates unobtrusively, doesn't bog down the computer and it is very effective at detecting all threats I've thrown its way. It also is easy to tell when it is unhappy thanks to a well designed and simple system tray icon. Credit where credit is due, Microsoft has put together a good program. I've tested this on dozens of machines and have not a single bad thing to say about it, which is not something I would have thought I'd ever say about a Microsoft product.

If I do have a quibble, it's that it requires a validated Windows. If I were Microsoft I'd throw this on automatic Windows Update and push it out to everyone not already running an anti-virus.

Symantec can blow me. I've seen more hosed computers where the owners thought they had current updated Symantec AV just to have me discover that their definitions had last been updated in 2007 or something with no indication from their Symantec AV they were vulnerable.

/not an MS fanboi but when they get one right, they deserve praise, and they got this one right folks.

Since I don't need a graph or pop-ups

[earnest+murderer]

To tell me it's working, it sounds like pretty much the best thing out there.

When the CEO of your competition derides your product publicly, you know it's got to be good shit.

Very slow on single core CPU

[DigiShaman]

I just formatted and installed XP SP3 on a machine running an Intel 2.4Ghz CPU (Northwood and non-HT). I've noticed that installing applications take about four times as long after having installed this program. The culprit seems to be a running process "MsMpEng.exe" pushing CPU utilization to a total of 100%. I did not have Windows Defender installed, but it's interesting to note this is the same file that it uses too. I'm guessing Microsoft Security Essentials is a close cousin to Windows Defender code which would explain a lot.

Other than that, it seems to stay out of the way under general computing. But for those looking to do a format/reinstall of Windows, I recommend installing this program AFTER you get finished with everything else on your to-do install list.

Leave it to Symantec

[WiiVault]

to make everybody on Slashdot rush to defend MS.

Re:Microsoft about to kill another industry?

[AmberBlackCat]

Long ago, we had Norton Antivirus for Windows 95. I guess this was when online updates were a new thing. The box said something like "never buy antivirus software again!" and boasted about how it would always be updated and current. Then one day it stopped updating. Our reply from the customer support people was "this product is no longer supported". They told us we had to buy the new version. Let them die.

Rootkit Detection

[gordguide]

Microsoft purchased Komoku, a developer of RootKit Detection software with clients like the usual government and military suspects, banks, that kind of thing. Komoku's technology has been rolled into Microsoft Security Essentials.

I would think that right there is a good reason to check it out, and possibly implement it in your XP/Win7 system, especially since MS probably had a chance to do some tweaking on the RootKit detection engine using their proprietary knowledge of some of the more obscure aspects of Windows file systems, the still unpublished NTFS specification, etc.

Of course, if you have no RootKits installed, it might be more of a pain than necessary ... after all, every AV app you now have running says nolo problemo, si?

Then again, how would you know?

if you do have a RootKit lurking, I find it very difficult to believe that Norton or Symantec would tell you so ... the whole point of RootKits are to avoid detection, whether by conventional AV applications or otherwise, and to avoid removal by the usual removal tools available to AV product users.

Some RootKits are even stealth-installed by law enforcement, and the "person of interest" isn't supposed to have Norton go all five-alarm on them, if you get my drift. Not that we can be sure this will either ... I'm just sayin' they are not trivial to detect, is all.

It remains to be seen exactly what MicrosoftSecurityEssentials does turn up, but in at least one aspect, you are getting (for free) security software that cost thousands of dollars had you contracted with the original developer prior to Microsoft's acquisition (March 20 2008) and prior to MS's adding at least some of that same software to this new app.

There will be plenty of people who will jump in right away and download MicrosoftSE. If you're one of them, fine; don't change for my sake.

But, the best advice might be wait a week or so, as the prudent should, to see if major issues develop once widespread deployment exposes the suite to a wider set of configurations. If all is well, I say "run her". When MS offers you the equivalent of "free money" I say take it. I never see them refuse mine.

DRM and Sliverlight down your throat

[sebsauvage]

Not happy with forcing WGA and automated WindowsUpdate when you install this antivirus, MSE also forces DRM and Silverlight down your throat. Oh... and you are not authorized to talk about MSE without written consent from Microsoft.
Just read the license.

Doh!

Well, I always welcome free solutions which enhance overall end users security, but this licence is a no-no for me.