Microsoft Security Essentials is not good enough

[wjfcomputers]

http://malwareresearchgroup.com/malware-tests/flash-test-results/

Time and time again I see security experts on this forum recommending MSE over-and-above other solutons, with the most common reason being "it's used in forefront by businesses so must be good" or "I've used it for years and never been infected".

The fact is malware has changed.

MSE protects you at the point of detection, not infection. How do you know you have never had a virus?

Malware these days is targeted and lots of viruses delete themselves. You may have been infected for a few minutes, hours or days. By the time Microsoft have written a signature for the threat and your machine has downloaded it, it's too late - and you have no idea that your data has been stolen.

Please stop recommending MSE on this forum without doing some more research.

 

[wjfcomputers]

and to be honest have not had a virus in over 3 years.

How do you know you have not had a virus in 3 years? You completely missed the point of my post.

Malware isn't like it used to be. You may have been infected for just a few minutes, or long enough for it to upload your Word docs, Excel Spreadsheets and Username/Password for your email account.

After it has what it needs it deletes itself.

MSE users have no idea, as far as they're concerned their machine operates correctly, and MSE says there is no infection.

 

[wjfcomputers]

Another one who doesn't use the antivirus thread, sigh.

Ps...

http://www.emsisoft.com/images/awards/mrg_flash_2011_550_en.png

Emisoft comes out top on that chart? Who you trying to kid buster? Get back in ya hole.

Check the first link, the results are independent.

I've got no agenda, just trying to help people.

 

[wjfcomputers]

Research shows malwareresearchgroup.com to be completely bogus

http://www.av-comparatives.org/forum/index.php?page=Thread&threadID=934

Wrong, back in 2009 there were concerns about them being legitimate, these concerns were unfounded.

The results of the test still stand, and these test results are the most meaningful because they test against unknown malware, with a focus on information theft.

 

[wjfcomputers]

I would use AV-comparatives and AV-test for better results.

That's terrible advice - the vast majority of their tests are against "known" malware. Their zero-day tests are weak.

 

[wjfcomputers]

Please stop dissing mse for not doing well in the jobrole it isnt aimed for.
You will find most folks when advising suggest mse in combination with mwb, whichnis my current usage and indeed has been for several years now.

I guarantee 90%+ of the experts on these forums are so happy with MSE they use it as their sole real-time scanner.

 

[wjfcomputers]

You trying to sell everyone Emisoft I take it?

Yawn, no.

 

[wjfcomputers]

http://forums.comodo.com/general-di...ernet-security-58-fake-review-t76329.120.html

Take a read yourself. Banned user who has something to do with that site. Maybe you go do YOUR research first?

In the nicest way possible, you have no idea what you're talking about.

I have no problem with you or anyone else running MSE on their PC, I just object when you decide to advise people on security without knowing what you're saying.

If you're concerned about information theft, you need to take steps in addition to MSE to secure your PC, or you need to run a more comprehensive suite. My personal preference is Prevx or Webroot SecureAnywhere, but I don't endorse any particular product.

Regarding research, I've lived and breathed information security for many years and I'm constantly researching every single day (Sad, I know). That's one of the reasons why I feel I'm more qualified to advise about security than you

 

[wjfcomputers]

I don't give a damn who is more qualified or anything else for that matter. You said it yourself, personal preference. I don't run MSE on my PC. I have a mac.

Then all I ask is you stop recommending MSE to newbies, as you don't know what you're saying.

Enjoy your Mac.

 

[wjfcomputers]

Is that so? Here's a link for you to check out then.

http://jobs.mcdonalds.co.uk/

Not really sure what that's supposed to mean. I already have a job at Burger King.

 

[wjfcomputers]

I'm sensible when it comes to being safe on the internet. 99% of viruses come from people clicking on really stupid links.

I know plenty of people who will click on stupid links and get viruses. And yet I don't. I have MSE, Malwarebytes, and a Kaspersky root-kit killer which I run every so often to be sure.

And just who on earth ARE Malware Research Group? No recognisable mention in the news anywhere. Just results leading to their website, and claims they are bogus.

Interesting review of an older version of Emsisoft: http://www.pcmag.com/article2/0,2817,2364196,00.asp Basically, it could find things, but not remove it.

I've never even used Emsisoft, nor am I recommending it. Not sure what value linking to an older version brings. Did you know that Windows 95 has some problems? Better not buy Windows 7.

There are too many people on this forum recommending MSE as the be all and end all of security, I'm trying to help show why that's a mistake.

 

[wjfcomputers]

microsoft update MSE sometime 2 times a day other AV`s your lucky if its every few days and some once aweek

This is a common misconception. Why do you think its acceptable to have to wait until the vendor releases an update before you're infected? Having to wait several hours before your AV updates leaves your data exposed during an unacceptably long window of exposure.

 

[wjfcomputers]

No one ever CLAIMED it was the be all and end all of security.

Do a search for MSE on this forum.

 

[wjfcomputers]

So you're saying that heuristics are the be all and end all of AV. Fair enough, but that depends what you want from an AV. Without definitions, you may be able to alert the user to potentially malicious software (and no heuristics are 100% accurate or even near that), but you won't know how to effectively clean the software. You don't know what operations the malware has performed before you picked up malicious changes. Furthermore, heuristics by their very nature have a high performance overhead. Not everyone wants to trade off that sort of overhead.

MSE doesn't necessarily have to be the best to be recommended, it just needs to be good enough for most users, which it is.

I'm not talking about heuristics.

 

[wjfcomputers]

What the hell are you talking about then?

I'm talking about a solution that leverages a vast online database of billions of files and behavioural data (not Panda).

 

[wjfcomputers]

No not really. It's a standard AV with a online whitelist and some sandboxing technologies. The heuristics and sandboxing have performance overheads, this is a fact of life, and some people (a lot on here) don't want that overhead. They also won't be 100% effective.

No, it GENERICALLY ensures that my keys etc cannot be stolen. No heuristics or sandboxing required.

The change journal feature providing perfect clean-up routines is also excellent.

I don't mind if you carry on running MSE, just be aware that you are at risk of being infected from legitimate web sites that have been compromised, exploited software vulnerabilities and other methods.

Like I said, so much malware these days is targeted or drive-by. You'll have no idea you were EVER infected.

Just saying

 

[wjfcomputers]

Or, you could just be careful with what you download/install and then run on your system...

Given it scores well in detection tests, but that is it, it doesn't really prove much. Detection must be easier than removal.

Also, they're website claims to be protecting 6,133,226 users. That's not really a lot considering how many use the internet now is it. That's just slightly more than the population of Scotland.

It can't be THAT good if only 6 million people are using it...No wonder they need sales people.

I have no idea what product you are talking about.

I'm still not recommending Emsisoft if that still hasn't come across yet.

 

[wjfcomputers]

Please explain what you mean by this exactly.

In basic terms it ensures that no other process or object can interfere with the event.

 

[wjfcomputers]

You love using the word "generically" don't you.

What's your problem? You've contributed nothing to this thread and now you've resorted to frivolous one-liners because you've clearly got nothing intelligent to say about this subject.

 

[wjfcomputers]

I'm guessing he's referring to an IPS like Defensewall or Threatfire.

Name the software chap.