Microsoft Security Essentials 2.0 Released

Greg writes with this excerpt from Ars Techica: "Following a four-month beta program, Microsoft Security Essentials (MSE) 2.0 has been released. The new version significantly revamps the heuristic scanning engine, adds Windows Firewall integration as well as network traffic inspection. The update unquestionably makes MSE, which has already become very popular due to its quiet but effective ways, even more of a must-have for Windows users. MSE has always been very good at finding and removing malware, but it has relied mainly on antimalware definitions. The improved heuristic engine makes it even better at detecting threats; at the same time, we expect the number of false positives to slightly increase as well. The new Windows Firewall integration is a minor improvement: it lets you tweak Microsoft's firewall from inside MSE."

Nice and Easy

[christurkel]

MSE has been a lifesaver at our non profit. We put on all our clients' computers. It's free, works great and best of all, no nag screens to "Upgrade" to the pro version, etc. Nag screens tend to upset our consumers. So yes, It's great.

Re:Nice and Easy

[davester666]

Of course, it should nag you to update off IE 6.0...

Re:Nice and Easy

MSE is not free, it is only free for individuals and not for companies.

Re:Nice and Easy

[datapharmer]

Actually that isn't true. It is also available to small businesses on up to 10 computers. Unfortunately there doesn't appear to be anything between the free 10 SMB licenses and forefront licensing which is insanely expensive for small business.

Re:Nice and Easy

It's really great, I'm not sure how long 3rd part antivirus can survive, especially when this is free.

Re:Nice and Easy

Hmm... from what I could find it starts at $8.64 US per user or per device, per year and goes DOWN from there. How is that "insanely expensive"?

http://www.microsoft.com/forefront/endpoint-protection/en/us/pricing-licensing.aspx

Re:Nice and Easy

no nag screens to "Upgrade" to the pro version, etc
 
Wait until the alternatives die off...

Re:Nice and Easy

[gravyface]

It really is a nice product. During a recent "outbreak" of Conficker (all machines were patched thankfully and not vulnerable), AVG did jack, MSE cleaned it up immediately. We're moving away from AVG for all deployments; too many missed viruses (see, "Every Fake Antivirus in the wild since 2009").

Re:Nice and Easy

[ocdscouter]

It's really great, I'm not sure how long 3rd part antivirus can survive, especially when this is free.

There's always marketing and brand loyalty.

Re:Nice and Easy

No it shouldn't, since MSE only runs on XP and above and IE7 and 8 were automatically pushed out via Windows Update to OS's that supported beyond IE6, which is XP and above. That is unless you knew about and employed the blocking tool for these updates. So for MSE to nag about IE6 would be inappropriate on an internal LAN, and pointless for someone who's turned off updates or is intentionally running unsafe.

Re:Nice and Easy

[Opportunist]

I've been wondering about that for Windows in the light of Linux as well.

Guess there are features that people are looking for that they don't get in the free stuff.

Re:Nice and Easy

[Big_Mamma]

It says "$8.64 US per user or per device, per year" on this page. It's not free, but it's far from horrible - although the paperwork to purchase your first licenses could be a bit insane for just $100.

Re:Nice and Easy

[RobertM1968]

No it shouldn't, since MSE only runs on XP and above and IE7 and 8 were automatically pushed out via Windows Update to OS's that supported beyond IE6, which is XP and above. That is unless you knew about and employed the blocking tool for these updates. So for MSE to nag about IE6 would be inappropriate on an internal LAN, and pointless for someone who's turned off updates or is intentionally running unsafe.

MANY businesses manually update because of the annoyance of rebooted machines that are doing long-term work overnight. MANY businesses are stuck on IE6 still, because of "compatibility changes" in later versions that make their web apps not work (because they incorrectly believed a Microsoft solution would be long term, instead of obsoleted whenever MS felt like changing things around to stop it from working).

Re:Nice and Easy

[Bill+Dog]

And what exactly would be the point of nagging the desktop users in those businesses?

Re:Nice and Easy

[barryp]

Doesn't Forefront also require you have a Windows Server 2003 or later with Forefront Endpoint Protection 2010 server and System Center Configuration Manager 2007? That'd end up being $$$$

Re:Nice and Easy

[RobertM1968]

And what exactly would be the point of nagging the desktop users in those businesses?

"Your ancient browser is not secure. Please update the trashware you are running with a real browser, or failing that, with at least Internet Explorer 8. If you fail to do so, your computer may explode or do other bad things."

It's ALL a matter of writing the correct nag screen. Push em to replace their outdated software implementations AND their browser all at once...

;-)

Re:Nice and Easy

probably because heuristic scanning, network traffic inspection and firewall support are HIGHLY overrated features in anti virus software. Heuristics causes far more false positives and generally still fails on a lot of stuff you would expect it to catch. PErsonally I don't want an AV product TOUCHING/INTEGRATING or getting within a nats fart of my firewall. As for network traffic inspection, if the firewall+AV are doing its job in the first place this is a redundant feature. All the other vendors spout all of this crap as they are desperate to differentiate themselves with pointless and over hyped features.

Re:Nice and Easy

The Windows Firewall software bundled in Vista and 7 is a very powerful, very complex and highly configurable software firewall. It is just as good as the ones bundled by the likes of Symantec or AVG et. al. if not more. Just because you doesn't know how to use it doesn't mean it is not a valid solution.

Re:Nice and Easy

Except that it won't catch stuff. Avira is a way better option, even WITH the nag screens.

Re:Nice and Easy

[youngec]

Nope, a quick Google found this:

"If you have client computers that do not require the central deployment and management features of Forefront Endpoint Protection server, and you intend to manually install the Forefront Endpoint Protection client, the Configuration Manager prerequisites stated for client computers are not required."

Source: http://technet.microsoft.com/en-us/library/ff823900.aspx

Re:Nice and Easy

[wastedlife]

And nagging to the desktop users being held back by the IT department does what? Or do you just not read the posts that you are replying to?

Re:Nice and Easy

[demongp]

Doesn't Forefront also require you have a Windows Server 2003 or later with Forefront Endpoint Protection 2010 server and System Center Configuration Manager 2007? That'd end up being $$$$

We are running ForeFront (not sure of the version), and we don't require SCOM or anything else - just (as you mentioned) Windows Server 2003 or later in addition to the ForeFront licensing.

I have to note, we only really use it as we are MS Partners and as such get it for free...

Re:Nice and Easy

[RobertM1968]

And nagging to the desktop users being held back by the IT department does what? Or do you just not read the posts that you are replying to?

(1) It was meant to be somewhat humorous.

(2) They will hopefully nag MANAGEMENT - you know, the ones who made the bad decision to go with a proprietary solution for something that's supposed to be open standard.

Any decent IT department will want something that is easy to maintain, cross platform, standards compliant, etc. Since the MANAGEMENT will be getting these nag screens, it will hopefully push them to letting the IT team do their job properly.

Though my comment was meant as mostly humor (ummm, didnt the "your computer may explode" part give you any inkling of that?), the fact is, such (sans the humor) warnings in nag screens have helped push MANAGEMENT of certain companies to allowing their IT department to do what's right... "Gee, my IT guys arent just trying to do unneeded work... what they've been telling me is true. Maybe we should invest in replacing this troublesome infrastructure we have."

I bring it up, because I have seen it happen.

Re:Nice and Easy

[wastedlife]

In most cases that I have seen, management would tell IT to block the nag screen in some way and business would continue as usual. IE6 will prevail until great robot uprising destroys us all. Of course, the great robot uprising will have been caused by a worker-bot stuck using IE6 contracts a piece of malware and it spreads amongst the other worker-bots.

ok on 8 year old laptops?

[FuckingNickName]

We have loads scattered around for rdp clients / light browsing w/ XP and MSE 1 has been great. Is MSE 2 under XP more of a hog/same/faster?

Re:ok on 8 year old laptops?

[the+linux+geek]

It seems to be a genuine improvement. I'll definitely be watching for any performance/stability issues before my company deploys it, but it seems like MSE2 is a step in the right direction for Windows security.

Re:ok on 8 year old laptops?

How is the resource usage of MSE? I've been thinking about giving it a try out of curiousity, but avast! is really good on not using up my RAM and CPU (currently at 8MB and barely ever touches the CPU with active scanning and heuristics detection enabled).

Re:ok on 8 year old laptops?

I use MSE on many of my systems. And the ability to to be used in a business environment is great if you have 10 or fewer systems. Anybody have any suggestions for a good solution on SBS 2003 besides Symantec or Forefront? WSUS is not on this server, and is not an option so whatever would have to auto update at the client only side.

Re:ok on 8 year old laptops?

[Tridus]

MSE is the best I've ever used in terms of resource usage. If you don't know its there, it's honestly hard to notice.

Re:ok on 8 year old laptops?

Thanks. I'll give it a go.

Re:ok on 8 year old laptops?

[dwinks616]

MSE is currently at 3MB and 0% CPU on my Windows 7 64bit install.

Re:ok on 8 year old laptops?

[chromozone]

I put it on a netbook with Win 7 Stater and its pretty lean. I saw most netbook users in my forum recommending it as well (and they usually advise Avira or something like that for bigger computers).

Re:ok on 8 year old laptops?

[falsified]

My (mid-range) laptop is only a year old, but I can say that I notice no difference between MSE 2 and MSE 1 for speed, either while scanning or while lurking in the background. So, I'd say go for it.

Re:ok on 8 year old laptops?

Its pretty good. I run NOD32 on just about everything, in part because its so lean. I run MSE on my netbook and on an old Celeron I use for watching movies, etc. I just didn't feel like buying yet another license, so figured I'd give it a try. To be honest, I'm pretty impressed with it. It doesn't nag the hell out of you, and you barely notice its impact on system resources.

Re:ok on 8 year old laptops?

[rsax]

Eset Nod32 has been great in my experience. It's lightweight and seems to use fewer resources than McAfee or Norton products.

Re:ok on 8 year old laptops?

[Sporkinum]

It's a little beefier than that on Vista. 4.6 meg for the executable(msseces.exe), and 55 meg for the anti-malware service(MsMpEng.exe). Plus any other things related that are buried in the bowels of the system.

Re:ok on 8 year old laptops?

Just tried it and it used up over 50MB of RAM. It looked ok and seemed unobtrusive, but I'm going back to avast! to save memory for other apps.

v2 has been giving me crashes.

[Zelgadiss]

First I want to say I love the first version of MSE.

Light weight, no nagging, and for most part just stays out of the way.

The new version seems more of the same, except it's been freezing my PC since I upgraded yesterday. I currently have it un-installed to see it's the problem, and so far my PC is rock solid like it has always been.

Any ideas or suggestions? I'm "flying blind" right now.

PS: don't ask me to install Linux (it seems more trouble than it's worth half the time, no offence) or get a mac (I'm broke)

Re:v2 has been giving me crashes.

[Donniedarkness]

Go get a Mac and install Linux on it.

Really though, have you tried a fresh download and a new install?

Re:v2 has been giving me crashes.

[VinylPusher]

I do hope I don't get to work tomorrow to find MSE has updated itself to V2.

I'm in the process of taking over responsibility of our entire IT and it's a nightmare of mis-matched, outdated hardware and utterly pathetic security policies (lack thereof). There are Win 2000 machines on the network with no AV installed and there are XP machines with MSE installed, a terminal services server (Win 2008, the 'Vista' version) with AVG on it.

Oh, and the company I work for is an insurance broker. Security somewhat essential.

Re:v2 has been giving me crashes.

Well, you could just report them to the BSA and get it overwith...

It is not licensed for companies bigger than 10 employees or some such..

Re:v2 has been giving me crashes.

[Zelgadiss]

Yupe.

After a couple of crashes+restarts from the upgrade, I redownloaded, uninstalled followed by fresh re-install.

I even upgraded my video drivers - the crashes I have been getting involves my screen just totally freezing (mouse cursor still works though; just can't click anything), similar to the ones I get during WoW when I use to play it.

Maybe I will reinstall in a week or so, see if anything changes.

Re:v2 has been giving me crashes.

[bcmm]

it's been freezing my PC since I upgraded yesterday

don't ask me to install Linux (it seems more trouble than it's worth half the time, no offence)

Heh.

Re:v2 has been giving me crashes.

[zach_the_lizard]

You can buy licenses, once you have more than that. I think it's like $8.60 per host per year.

Re:v2 has been giving me crashes.

utterly pathetic security policies (lack thereof). There are Win 2000 machines on the network with no AV installed ...company I work for is an insurance broker. Security somewhat essential.

Emphasis on the somewhat. There are no data protection standards or laws in the US insurance sector? In EU the relevant regulations kick in as soon as you have created a registry of personal information in any context..

Re:v2 has been giving me crashes.

[VinylPusher]

I'm not in the US. Also, sarcasm.

Not only am I going to look after their IT, I'm going to be jointly responsible for writing and enforcing their compliance policy.

Personal data is currently secured by dint of everyone using Remote Desktop to get into the Win 2008 server, where the full-on policy, claims, accounting and document management software resides. They're still going through a transition to this new software, away from a Citrix Metaframe accessible remote provider (which was utterly debilitating, having only been provisioned with 1Mb of access bandwidth and some clearly overtasked servers on the other end).

Unfortunately, the incumbent 3rd-party IT support company fail to recognise any of the already problematic malware attack vectors. The main one being that people are using the RDP shortcut from personal laptops with no control whatsoever. I took on the role a little over 1 full week ago and already there have been 2 instances of laptop users bringing in malware resulting from their home internet activity. My real job is explaining to the directors the why's and how's of this being a really bad idea.

Oh, and the Win 2008 server hasn't even got BitLocker switched on.

Re:Great news! But...

All right! Obligatory, apropos-of-nothing Ubuntu post appeared sooner than normal! Posted as AC so as to not incur the wrath of the Linux Youth.

But...

...will it run on Linux?

Re:But...

More people than run linux.

Re:But...

Who knows?

Very few people here actually run linux, they just say so to fit in.

If only...

[chucklebutte]

MSE ran on R2 instead of that shitfest known as Forefuck!!!! I mean ForeFront....

Re:If only...

[chucklebutte]

Oh shit! V2.0 works on server woot!

Re:If only...

Good to know, thanks!

too much of a target

[Dzimas]

My biggest concern about MSE is that it's released by Microsoft. That makes it a natural target for malware and virus authors -- there's a certain credibility to be earned by writing software that defeats security protection by The Man. I'd prefer to run a less common (but equally effective) anti-virus suite that won't attract as much attention from the black hats. As it is, running MSE 2.0 feels a bit like pinning a big bulls eye target sign on my back.

Re:too much of a target

[Shados]

I'd expect McAfee and Norton to be much bigger "bulls eye" targets, since they're heavily deployed in corporate environments. MSE isn't.

Re:too much of a target

[Tridus]

You're running Windows, so you're already a big target. Do you really want to try to find something that will go below the radar, or do you want to use what works? MSE is quite good at what it does.

Re:too much of a target

[icebike]

That is a totally unfair assessment.

Just what has Microsoft released over the years to win your loyal defense, other than the most security impaired OS ever invented by human kind?

Seriously, I have a hard time even contemplating removal of my existing anti virus choices in favor of anything released by Microsoft.

I'd like to test it, but its sort of like testing a parachute made by the a cheese-cloth manufacturer. It requires a leap of faith that the company simply hasn't earned yet.

Re:too much of a target

[Lazareth]

Congratulations. You've gained a level in narrow-mindedness. Enjoy your new passive ability: "Missing the point by refusing the print."
If you had cared to read on, the person actually made a sound, if arguably invalid, statement (you know the difference between "sound" and "invalid" right? Right?)

Re:too much of a target

[MichaelKristopeit303]

right... brands and corporations should not be held accountable for their past mistakes... we should all just forget everything.

you're an idiot.

go attempt your ignorantly hypocritical marketeering somewhere else.

why do you cower behind a chosen pseudonym? what are you afraid of?

you're completely pathetic.

Re:too much of a target

[MichaelKristopeit311]

has MSE not also been poorly "recieved"? is your misspelling intentional as to mask your lies and provide a scapegoat to any potential scrutiny, or are you simply and illiterate? does "has been" not imply any current state of existence, or does it still only provide state information from the past as i've always understood it to?

you're an idiot.

your use of "Micro$oft" is very telling.

cower some more, feeb.

you're completely pathetic.

Re:too much of a target

[MichaelKristopeit314]

you're an ignorantly hypocritical marketeer.

it's painfully obvious you have ulterior motives and no moral worth whatsoever.

you fantasize and accuse others with no evidence of being raped by religious figures and brutalizing women and children.

you are a completely pathetic individual, and justice will find you.

why do you cower behind a chosen urine based pseudonym? what are you afraid of?

you're completely pathetic.

present yourself to me; admit what you've done, then i'll bring upon you the ultimate punishment for your transgressions.

Let the bloating begin...?

[snugge]

let's hope they dont screw this little gem up.

Re:Let the bloating begin...?

[Beelzebud]

Just installed it, having the same concern, and am happy to report that the program doesn't look obviously bloated (just some new options for the firewall), and it's consuming about the same amount of RAM as before. On my machine it usually consumed 4600K, and not it's at about 4800K. Not bad at all, really.

Re:Let the bloating begin...?

[LinuxIsGarbage]

There's two processes: The Front end GUI and the backend service (MsMpEng.exe) which usually consumes about 40MB, which is about average for AV products.

Re:Let the bloating begin...?

[Kjella]

There's two processes: The Front end GUI and the backend service (MsMpEng.exe) which usually consumes about 40MB, which is about average for AV products.

I know it doesn't matter when my desktop has 8GB and my nettop has 1GB of RAM, but I'm old enough statements like that make me cringe.

Re:Let the bloating begin...?

[LinuxIsGarbage]

Which is a shame if you're trying to keep an old system going for someone for simple web browsing. The AV can place the biggest RAM burden on a system with only 256MB RAM (more than the OS or browser). Of course slashdot's favorite answer is "Install Linux". But most full desktop distros like Ubuntu are too bloated for such old hardware as well.

Re:Let the bloating begin...?

[KingMotley]

Why? You can get a brand new netbook for under $300, and that has 1GB of ram and 160GB drive, and runs windows 7.

Re:Let the bloating begin...?

[falsified]

Worth noting that MsMpEng is truly just "sitting there", unlike Norton or McAfee (or even the good guys like Avast) where there's random, unneeded churn. The only time so far I've seen it have any CPU usage was when I tried to close it with Task Manager and MSE popped up a warning asking me to restart the service.

Re:Let the bloating begin...?

[VinylPusher]

DDR1 RAM is expensive. Many machines still use it.

The answer isn't always 'just buy a cheap ', especially when someone is short of cash but has an old PC in the loft.

Re:Let the bloating begin...?

[KingMotley]

Cool. Sell the 256MB of expensive DDR1 ram you have, and use it to buy a new netbook.

Re:Let the bloating begin...?

[Alex+Belits]

You can have terabytes of RAM, and performance will be still determined by how often few megabytes of L1 and L2 CPU cache are updated from your giant but slow RAM.

Re:Let the bloating begin...?

[Kjella]

You can have terabytes of RAM, and performance will be still determined by how often few megabytes of L1 and L2 CPU cache are updated from your giant but slow RAM.

Which is a million times better than back when we had too little RAM, and if you... hit.... swap... everything.... would..... go...... extremely......slow.......and......you'd...... go..... crazy..... waiting...... for...... the....... smallest....... thing........ to.......... finish.

Re:Let the bloating begin...?

[perryizgr8]

on my system msmpeng sometimes starts taking 20-25% cpu for no reason at all. you just have to wait it out and maybe it stops after 10 minutes or so.

Re:Let the bloating begin...?

[Riceballsan]

There's always remixes of major distro's designed for older hardware. I believe linux mint (pretty much exactly ubuntu made more user friendly), has a fluxbox based remix, system requirements being 256 MB of ram and 4 gigs of HD space. The main distrobutions all have offshoots designed to run the majority of the software on much less demanding hardware.

Re:Let the bloating begin...?

[Billly+Gates]

You can use Xubuntu or Fedora. You might want to upgrade your ram. It is not the OS but the flash ads for sites like CNN which require adobe flash scripts that take up hundreds of megs of ram and slow down a Core2Duo to a crawl. It is a security risk to use older versions, but the new versions require a decent pc. You are screwed either way.

WIth ram prices these days you can get a gig for cheap which is essential whether you run WindowsXP or Linux.

Re:Let the bloating begin...?

"I know it doesn't matter when my desktop has 8GB and my nettop has 1GB of RAM, but I'm old enough [THAT] statements like that make me cringe."

I know it doesn't matter in the days of The Internet and textspeak, but I'm old enough that horrible grammar still makes me cringe.

Re:Let the bloating begin...?

Yep, I still remember not being able to play Doom because I didn't meet its bloated 4MB requirement :(

Re:Let the bloating begin...?

[Alex+Belits]

Actually the effect is surprisingly similar, thanks to complete disregard for memory footprint of frequently performed operations in modern desktop software. Fear of swapping kept developers from writing things that used cache inefficiently.

Re:Great news! But...

This++. I wish I could mod you up, but someone would obviously just mod me down.

better!

[dmbasso]

Even better to be without malware for 10 years now! Thanks Debian and Ubuntu!

Re:better!

[ozmanjusri]

Even better to be without malware for 10 years now! Thanks Debian and Ubuntu!

Why the Troll mod?

If you take a step back, the whole idea of needing (CPU, $ expensive) external programs like virus checkers and firewalls to protect your OS is ridiculous. Microsoft should be deeply ashamed that such a massive industry has grown up around their failure to build a secure OS.

Maybe if they paid more attention to their engineers and less to their reputation managers, they wouldn't need to manipulate social networks and tech sites.

Re:better!

[Unipuma]

I would say it is partly due to their bad OS design (administrator by default), partly due to third party software (doesn't work if user doesn't have administrative rights, often not for valid reasons) and partly due to their success (a massive amount of relatively clueless users, who click on any [OK]/[Yes] button that is presented to them).

If some of these clueless users were to move to Debian and Ubuntu, the same problem might happen there. (Popup to fill in sudo password, user gives admin rights to 'that funny animation' they just got from their uncle they hadn't spoken to in years)

So while Microsoft sure has large part in the problem (user-friendliness over security), much of the problem is also to blame on third party developers and the clueless masses that use Windows.

Fortunately, they do something about it now, although I assume that for every user that is now better protected for free, there will be another anti-virus company that will be complaining about unfair competition.

Re:better!

[drsmithy]

If you take a step back, the whole idea of needing (CPU, $ expensive) external programs like virus checkers and firewalls to protect your OS is ridiculous.

You don't. That software isn't protecting the OS, it's protecting the user. The OS can protect itself just fine, it's just the users insist on bypassing or ignoring that protection.

Microsoft should be deeply ashamed that such a massive industry has grown up around their failure to build a secure OS.

When you can come up with a way to protect an OS against malware, let a few people in Microsoft and Apple know about it. I'm sure they'll be happy to pay you lots of money for the knowledge.

Re:Great news! But...

AproposOfNothingUbuntuGuy(TM)

Re:WHO CARES?

Yeah, what does this have to do with Wikileaks?

MS FTW

Linux desperately needs something like this, or it will never be able to compete on the Desktop.

The problem goes even deeper; there is a serious lack of malware written for Linux. It just isn't profitable enough for malware-developers to target the platform. And mainstream adoption will sadly remain a dream until that changes.

Kudos to MS for showing how it's done.

Re:MS FTW

wha?

Re:MS FTW

[skyinmypie]

Sarcasm.

Re:MS FTW

Yeah, yeah, I know it's supposed to be sarcasm and all, but you're more right than you think:

http://linuxhaters.blogspot.com/2008/06/at-least-we-dont-have-any-viruses.html

Re:MS FTW

Linux desperately needs something like this, or it will never be able to compete on the Desktop.

chkrootkit and rkhunter

Re:MS FTW

Linux desktops commonly do have Adobe flash, Firefox, OpenOffice.org, and to a lesser degree Adobe PDF.

Non of the software mentioned above are known for their focus on quality and security. No reason why people could not misuse those programs as common attack vectors for Linux desktops.

Specially Firefox is a major security problem with close to no interest in handling the big picture of security. Firefox is all about features and fanciness. That is great for a test and development browser, but dangerous for widespread use.

The security features of the Linux platform has many positive sides, but few of those strong properties are used on a Linux *desktop*. All the above mentioned programs runs with all the privileges of the logged in user.

The attacker might not get root, but why have root access when you can have access to all the documents and control their web browser? Controlling the web browser used for all the financial transactions might be just as nice.

I have been using Linux as my main desktop since the 90s. It's nice, but we should be aware of the limits.

Re:Great news! But...

I have mod points, but now I don't know which way to use them. Great, thanks... :-( ;-)

Re:Cannot find MS malwares

[bastion_xx]

Doe McAfee or any of the others detect these examples and malware?

Forefront analysis

[bbasgen]

We are currently assessing endpoint security products for around 6,000 desktops. The subject of Forefront actually came up, partly because of it's low cost. Yet, I can't find any evaluation of the product in professional reviews, likely due to how new it is. I'd really like to see how it stacks up for the sake of due diligence.

Re:Forefront analysis

We are currently assessing endpoint security products for around 6,000 desktops. The subject of Forefront actually came up, partly because of it's low cost. Yet, I can't find any evaluation of the product in professional reviews, likely due to how new it is. I'd really like to see how it stacks up for the sake of due diligence.

we use forefront in about 2000 computers at my company. IT works really good, better than symantec endpoint protection. If we had money to spend i would propably use eset instead.

Re:Forefront analysis

It's not new, we've been using it at our company deployed on 50+ servers for years. Forefront isn't new.

Re:Forefront analysis

Whatever you do, don't pick Symantec Endpoint Protection.

Re:Forefront analysis

[GreenEnvy22]

We condidered it last year, for about 800 machines. We didn't go with it because it needed multiple servers, and some of those had to be 32 bit servers. The SQL I believe it was, not totally sure but I think it only ran on a 32 bit sql server, which we don't have any of. Went with Kaspersky, been working great.

Re:Forefront analysis

[cbhacking]

I don't know of any really good analysis, but it's supposed to use the same engine and definitions as MSE, just with enterprise management tools and business licensing. That may be enough of a basis.

The other option, of course, is to simply ask Microsoft. You'd have to take what they say with a grain of salt, obviously, but that doesn't mean that they wouldn't know where to find some great reviews and/or case studies. After all, they would have plenty of motivation.

Re:Forefront analysis

Seconded, but don't pick McAfee either.

Re:Forefront analysis

At least with the current Forefront release (FEP 2010), it is supported to run everything on a single server (they call it the "basic topology), and you can run everything on 64-bit. It is also supported to run no server, if you wish to manage things manually.

Re:Cannot find MS malwares

[Daltorak]

What happens is that the MS's Messenger installer and windows updates will sneakily replace your firefox's default search engine with bing instead of Google.

[citation needed]

I recently installed Live Messenger and am fully up to date with Windows Updates, but my Firefox search engine is still Google. It's never changed. Heck, Bing doesn't even show up as a search engine in Firefox!

Re:Cannot find MS malwares

[Mortimer82]

You might be a troll, but if not, you are certainly over reacting.

I run windows live messenger and pay attention to the install options which allow me to choose *not* to install things like the Bing Search bar.

Really, you should check your install options with any *free* package, any person who just presses next, next, next without reading what they are doing is simply a fool.

Yes, one could argue that it's evil to have such things ticked by default, but in Microsoft's defense, if you are upgrading messenger, it remembers your previously selected install options and will not by default ask you again to install Bing toolbars and stuff.

Ummmm

[Sycraft-fu]

How's that any different from any other major AV programs? Some viruses shut down AV software. They know how to get most of the major ones, and perhaps all of them (AV software tells Windows it is AV software, they could use the same sort of thing). So unless you want to change all the time to lesser known AV softwares, from companies that you don't know about (and remember that fake AV software is big) then this isn't an issue.

What's more, the power in AV software on a system isn't virus elimination, it is virus prevention. The whole reason to run an AV program all the time, rather than something like a scheduled task, is it scans files as they come in to your computer, as they execute, and so on. So, if a virus tries to sneak in, the AV software can block it. The virus has to chance to do anything to the AV software as it is not running. It is a "position of primacy" sort of thing. Whoever is there first has the advantage as it can stop the other guy at the door. This is also why when a system gets infect, it is sometimes necessary to do an offline scan, boot from a CD or take the HD to a new computer, because the virus can prevent AV software from being loaded since it is already running.

Virus authors try to defeat any and all virus scanners. It is their business to get on systems. MSE has no special place in that. What matters is how well your virus software is able to pick up on them as they come in (and also how fast it runs as to not slow your system down). MSE isn't the best out there, but it is quite good.

Re:Ummmm

MSE ... is quite good.

I have to disagree with that one. While my daughter was away at school this last semester, a virus was sent around campus via email. My daughter had MSE and became infected. Her roommate received the same email and did not. Her roomy had Symantec.

Re:Ummmm

You had me right up until the last word of your post...Symantec: the worst antivirus software ever foisted upon the Windows world. Worse, in most cases, than a virus infection itself.

Hey, I'm not calling you a liar; there probably are things that Norton will catch. It has to do something or nobody would use it, right? Actually that's not a rhetorical question, but I digress. I'm just saying that even if Norton isn't totally useless, it is, in most cases, worse than useless, and I'll take my chances running without it.

Corporate adoption

[asvravi]

So is there anything stopping its adoption in the enterprise and Fortune 500 companies, replacing the likes of Norton? How about managed updates, LAN update server, policy based scanning settings etc?

Re:Corporate adoption

you should really use forefront for that. The licensing prohibits use with more than 10 clients.

If you work @ a F500 company you probably use sccm, the new version of forefront, just RTM:ed, uses sccm for everything.

Re:Corporate adoption

Yes. It is only licensed for home use and organizations with 10 or fewer computers.

The sell Forefront Endpoint Protection for businesses.

Jorgie

Re:Corporate adoption

[The+Second+Horseman]

For larger companies and not-for-profits (more than 10 computers), you're supposed to license Microsoft Forefront. For many, that means adding it to your corporate or campus license agreement. It's a pretty good deal.

Microsoft SpyNet

When you have upgraded Microsoft Security Essentials - be certain to open the program and click the Setting tab.

Next, on the left of the Settings tab page, click on Microsoft SpyNet. You might find it interesting that you have been opted-in.

Re:Microsoft SpyNet

[jonbryce]

It does always ask you before phoning home. Usually it pops up when I install a new version of iTunes that it isn't sure about.

Re:Microsoft SpyNet

[falsified]

While this is true, it's true of plenty of other software, and they make it pretty clear what's going on and what they send. Hell, they named it SpyNet!

For those not able to check right now, it sends: Where the malware came from, what you chose to do or what MSE did for you, (ignore/quarantine/delete), and whether it worked. Yes, sending that info might get personal data as collateral damage (they'll know you downloaded preteenbj.exe, and probably the file path), but that is by no means a new level of information sharing for automated info dumps.

Re:Microsoft SpyNet

[kcbnac]

Checking within the app to 'Upgrade Security Essentials' didn't find a new version; so I grabbed the 2.0 installer and ran it. It prompted me during the upgrade if I wanted to opt-in or not. I unchecked the box for now. Still need to reboot for the update to finish; finishing up some other things first before kicking that off :-D

Clippy?

Now Clippy jumps up, unfolds, and pokes you in the butt and says "It looks like you've been infected. Would you like me to brick your CPU?"

Essential?

If these are security "essentials", why the fuck aren't they part of the product to begin with?

Re:Essential?

[wampus]

Talk to Europe about that one.

Re:Essential?

[Alex+Belits]

For the same reason code pattern matching and heuristics in operating system are "security" in Microsoft world.

It's bullshit.

Re:Essential?

[perryizgr8]

because european commies will fine them for $billions.

MSE vs Forefront Client Security

[perryizgr8]

i have on my uni provided laptop forefront client security. it seems to be identical to MSE. the only problem is that these idiots have made it impossible to change the auto scan schedule. does anybody know of a good reason not to uninstall forefront and install MSE?

Re:MSE vs Forefront Client Security

[jimicus]

i have on my uni provided laptop forefront client security. it seems to be identical to MSE. the only problem is that these idiots have made it impossible to change the auto scan schedule.

"These idiots" usually do that kind of thing because it's the only way to ensure that "those other idiots" (ie. you) don't either disable it altogether or otherwise turn down the settings so much that you may as well disable it altogether.

Re:MSE vs Forefront Client Security

[perryizgr8]

yeah well i hate it when i wake my lappie up in the morning, and realize after 15 minutes that 25% of the 6 hour battery has been consumed by a full system scan. i wouldn't have minded a once a week scan. but this thing performs a full scan every day and partial scans every fucking 8 hours. the worst part is that it doesn't care about being on battery power. imo, auto scans should be done only when connected to ac power.
so, if you can tell me of any difference between forefront and mse i'd be very thankful.

Re:MSE vs Forefront Client Security

[jimicus]

Afraid not, I don't use MSE.

Don't really see the point in periodical scans, either. Most modern malware is perfectly capable of hiding itself from such a scan, you need to have the AV product actively running in realtime against everything and block at the perimeter of the PC.

Re:MSE vs Forefront Client Security

Forefront = corporate (and not free) security software.
MSE = consumer (and free)

Yell at your sysadmins for setting such a ridiculous policy - Forefront by itself doesn't require a full system scan ... ever, much less every day.

Re:MSE vs Forefront Client Security

[wiredmikey]

According to Microsoft: "For consumers and very small businesses needing protection from malicious software including spyware, viruses, trojans and rootkits, Microsoft Security Essentials is a no-cost, high-quality anti-malware service that efficiently addresses the ongoing security needs of a genuine Windows-based PC. Forefront Endpoint Protection 2010 provides endpoint protection for business environments, including antimalware and additional protections like behavior monitoring and firewall management. Forefront Endpoint Protection 2010 also includes central deployment, configuration, and reporting features needed for ensuring protection is maintained across the enterprise." Microsoft did just release the latest version of Forefront as well (Forefront End Point Protection 2010)

Re:MSE vs Forefront Client Security

[kcbnac]

^This.

The difference between Forefront and MSE is the corporate management back-end. MSE is Forefront's client with that feature removed.

(If its really removed, I don't know; maybe just disabled? Would be interesting if its Group Policy capabilities were still there...not that there is much to change in the way of settings)

Re:good

[hairyfeet]

Sure you can, just get it from Ninite and off you go. Of course if you are running a pirated version of Windows it won't work even without WGA, since it will call home on first run, which is when I guess it'll go ahead and check your key. You ARE running a legal copy and not just being a filthy pirate, yes MR AC? Anyway I've checked and no WGA on my XP machine, so if it is a principle thing no worries.

As for TFA, allow me to throw a couple of extra letters and say BS. I just run the update check on BOTH WinXP and Windows 7 X64 and both find new updates to the scanning defs but do NOT update to 2.0. So I'll wait until tomorrow and if it still doesn't update I guess I'll have to do the old fashioned uninstall and reinstall bit.

Personally I like it for myself, as I know I'm just going to places like /. and checking my email. Whereas with my waaaay too click happy customers who may or may not be searching for the pron I prefer Comodo Internet Security, which while being a little more talkative during the learning phase has an excellent sandbox with file and registry virtualization. If you have those kinds of people that can pick up more viruses than a Bangkok Whore I heartily recommend Comodo. It actually uses less RAM than MSE, especially during scanning, which you would think since MSE does less than Comodo would be the opposite. Oh well, I have gobs of RAM and like the fact that MSE never asks me shit, especially when I'm typing, which is when Comodo seems to think is a good time for a nice chat.

Good, but there's room for improvement still

[kheldan]

There's one thing I'd like to see in MSE: Control over when it looks for updates. I'd prefer being able to schedule what time of the day it does this, or even have the ability to turn it off and do all updates manually like with all other updates for Windows and Microsoft products.

Re:Good, but there's room for improvement still

It is possible (or was with 1.0) to completely disable automatic updates via the registry. I know this because I was told to deploy MSE on my .edu's ~200 desktops.

I can't remember the exact keys/values, but have a look on the TechNet forums.

Re:Great news! But...

[couchslug]

"Posted as AC so as to not incur the wrath of the Linux Youth."

Not posted AC.

Piss on the Linux Youth. They do for Linux adoption what pedo priests do for Catholic recruiting.

I can't wait until they become the BSD Youth and someone else has the benefit of their enlightened advocacy. :P

Re:Cannot find MS malwares

[4phun]

Good Lord Man

You are not saying we should trust Google?

For a lot of people they are the enemy!

MSE fails genuine check, no install, on validated

[twomi]

MSE install fails genuine check on Windows 7 Ultimate and won't even install. Windows is legit and activated and MS website activation passes and says its genuine. Oh well, the good ole trusty M$ quality again...

Avast!

[enter+to+exit]

I personally run avast on my windows computers.

Security Essentials has made it easier for me to convince a lot of people to stop paying for Norton AV because the MS brand eases their mind (the bitter irony).

It's not that i have a qualm with paying for software, it's just that i don't think Norton does a better job than any of the free AV options.

no server support...

[george14215]

Unfortunately, it still has the restriction that you cannot install it on Windows Server 2008 (the OS I'm using on my development laptop).

Re:no server support...

[Palmateer]

I just tried it on Windows Server 2008 R2 and it installed and is running apparently fine, even after a reboot. With MSE v1 it would give up on a WGA error (IIRC) but this one seems quite happy to run.

Re:no server support...

[Palmateer]

But keep in mind the System Requirements and License Agreements :

Operating System: Genuine Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7.

Restrictions. 1. The software may not be used on a device running an enterprise version of a Microsoft Windows operating system.

Re:no server support...

[george14215]

ok, my bad then...i only read the most recent system requirements and they haven't changed since v1.

Not seeing or forcing upgrade / restart?

[echucker]

No new version is being pulled down on an update, and the "upgrade" option only appears on the help menu, which claims version 1.0.2498.0 is the latest version. What gives?

Re:Not seeing or forcing upgrade / restart?

[jonbryce]

It is not on the update servers yet. I guess it gets rolled out gradually to stop a huge surge in traffic. You can download it from microsoft.com, google or bing "microsoft security essentials" to find it

Re:Not seeing or forcing upgrade / restart?

[Blakey+Rat]

It's a staged release, just in case there's a horrible flaw in it somewhere. (Maybe you've been asleep the last year, but there have been a couple incidents with AV software killing people's computers; you can imagine why they would want to be careful.)

You can either wait a few weeks, or install it manually. The definitions are the same either way.

Re:good

[migla]

Presumably, Comodo doesn't care if Windows is pirated? (

I ask not for me, I only use linux, but for friends who are filthy windows pirates whom I still fail to ditch as non-paying computer support customers.(I think I will teach them about google next time I'm called upon.))

From a Computer Repair Shop

We deal with computers that have been infected with Viruses all day long. Most of these have Norton, McAfee, Avira or AVG. We almost always remove and put MSE in its place. Our return rate of infected computers is VERY low. Thumbs up for MSE from us.

So long Avast!

[blitzd]

I have switched to MSE and so far am happy with it. Got tired of the Avast nags to upgrade. Poor approach on their part.

Is being successful a bad thing?

[box2]

What happens when >50% of Windows computers are using MSE, will malware be written specifically to bypass it the same way it does for the other major AV players? Is too much success a bad thing?

Re:Is being successful a bad thing?

[cbhacking]

A software monoculture of any kind (including Windows itself, though it helps that there are three major versions out right now) is more likely to be subject to widespread attack. In fact, this applies to most monocultures; too many of one type of crop will generally spawn a disease that destroys that one crap, for example.

However, I don't see Symantec, McAfee, or the rest (including the free alternatives) disappearing any time soon, especially not down to Linux or even OS X-level market shares. MSE may eventually hurt itself with its own success, but not soon.

Also, Microsoft is already trying to reduce software monoculture as much as possible through better technology. For example, Address Space Layout Randomization makes it far harder to create a successful worm, because each computer loads its libraries at a different base address, making return-to-libc or return-oriented-programming attacks much more difficult. Even though it's the same software, the malware that works perfectly on one machine will fail with a harmless crash on another even if they are the exact same hardware and software versions. I'm not sure how to reduce monoculture in an antivirus program, but I'm sure people at MS are aware of the issue.

Re:Is being successful a bad thing?

[Riceballsan]

very true, and for roughly the same reasons. Norton, Mcaffee, webroot have one thing protecting them, regardless of how bad their products get. It dosn't have to catch anything, because 75-80% of consumers don't bother to contact any technical relatives friends etc... They just go to the local store and ask what's good, not knowing that the salesmen have been bribed and trained to push one of the established ones. (staples salesmen get a bonus few bucks for every copy of norton they sell, geek squad's numbers and ratings are based off of webroot sales, I'm sure mcaffee has a deal with someone, etc...)

Re:good

[Opportunist]

Sorry, but any software calling home without me first of all asking for permission and second of all telling me honestly what it transmits is malware. Period.

Re:Let the bloating begin...? Get out of Spynet!

One options that comes as new to me and a good welcome: in the Settings tab the user has a change to say "I do not want to join Spynet".

I remember once the only option available being: Basic (minimum needed) or Advanced.

Apparently the chaps at M$ have collected enough information, now they let who chooses to do so to get out of it. If confirmed: well done.

Re:MSE fails genuine check, no install, on validat

And it installs perfectly on a cracked Win 7 Pro x64.

Genuine Advantage, heh...

XP64

Fancy that -- It looks as though MSE now supports 64 bit Windows XP.

Virus free the last few years

[p51d007]

I was a Nod32 fan since the beta of XP, but switched to MSE when it came out because Nod32 kept getting more bloated by each version, and having to pay for it each year, versus FREE was a good push to try it. I visit "questionable" sites weekly (mostly torrent/hacker) and it's blocked several items. I use a 1-2 punch of MSE, and just to be on the safe side, I check malware using Malware Bytes Anti-Malware.

Re:good

[hairyfeet]

I have a few of the moron crowd, and yeah Comodo doesn't give a crap. That said maybe you ought to offer them Windows 7 Home Premium for $50? You can pick up the three pack for around $119 now, so you can convert three pirates into legit machines and STILL make $30 on the deal. But if all you want is a free AV that will keep that old XP Corporate from getting pwned? Yeah Comodo is the way to go.

"I am the Lord of the Wasteland"... apk

"Whatever exists here is mine..." -> http://it.slashdot.org/comments.pl?sid=1916240&cid=34612834

APK

P.S.=> Including ITT Tech Man, Professor hairyfeet, who got owned by not only proof from myself, but also others here on /., with more by request no less (but, I think what's there does the job - my std. "Kung Fu" has been HUGELY administered, & it was, as-per-my-usual? Just too, Too, TOO EASY... 2 EZ! RofFlMaO... apk

MSE vs. AdAware

[deadweight]

Would you run both at once? Right now MSE seems to think AdAware is malware LOL.

Re:MSE vs. AdAware

[pdragon04]

Adaware has become a bloated mess that I've avoided for several years now. That and its horrid detection rating at anything besides advertising cookies. Bloatware seems to be the trend in all anti-malware software the longer it's out. I'm impressed with MSE so far, and it is my current software of choice for my residential customers. Time will tell if it goes the same way as all the others.

yet more sticking plaster

[doperative]

"Following a four-month beta program, Microsoft Security Essentials (MSE) 2.0 has been released. The new version significantly revamps the heuristic scanning engine, adds Windows Firewall integration as well as network traffic inspection .."

Yet more sticking plaster for a system that is unfixable ..

Re:MSE fails genuine check, no install, on validat

http://social.answers.microsoft.com/Forums/en-US/msestart/thread/22930cda-a0bd-4263-890b-ddf812859ca4

3rd hit on Google. You must be a project manager.

Re:MSE fails genuine check, no install, on validat

[jaunty]

I've got W7 Ultimate - MSE has worked for me since I installed it. And the upgrade also works, never any nags about some issue or other. You might have something else that's stopping the trouble-free installation of this update.

maybe they can read

[helios17]

It could be that the "linux youth" read the MS EULA and they weren't quit comfortable with it.

Re:Cannot find MS malwares

[SenseiLeNoir]

Pity I have no modpoints.

I am no MS fanboy, but I agree with what you say. I liek that Live DOES remember you deselecting it last time, and doesnt nag you on further updates. Microsoft is obviously going to peddle Bing, but they do make it quite clear, and do it in "the right way".

On the other hand.... take recent versions of Java, and its Yahoo bar... grrrrrrrrrrrrrrrrrrrrrr

Some questions

[alexo]

Some questions:

1. Is it less resource-intensive than 1.0? I know that the general view is that MSE is light on resources but my (admittedly old) single-core AMD 3500+ sometimes pauses for several seconds with MSE maxing out the CPU usage.

2. Does it integrate with 3rd-party firewalls as well? I happen to run Comodo.

3. Is it available from outside the US? I had to get 1.0 from a 3rd party host.

Re:MSE fails genuine check, no install, on validat

[twomi]

http://social.answers.microsoft.com/Forums/en-US/msestart/thread/22930cda-a0bd-4263-890b-ddf812859ca4

3rd hit on Google. You must be a project manager.

You missed the point by a mile, so that probably makes you upper management... 1) This "fix" you reference doesn't work for me. Yes, I can google for stuff. 2) Users shouldn't have to jump thru hoops like this, _ever_. If you think making legit users do things like this is acceptable... well, I'm sorry for you. 3) M$ seems to have at least three different ways to check for activation status (the one at System Properties, one at Web and one at MSE)... WTF?