Microsoft Security Essentials is not good enough

Burnsy2023

Burnsy2023

Burnsy2023

Man of Honour
Joined
17 Nov 2003
Posts
36,743
Location
Southampton, UK
wjfcomputers said:
I appreciate that this method includes some heuristics, but I'm sure you'll agree its a lot more than that.
Click to expand...

No not really. It's a standard AV with a online whitelist and some sandboxing technologies. The heuristics and sandboxing have performance overheads, this is a fact of life, and some people (a lot on here) don't want that overhead. They also won't be 100% effective.
 
Last edited:

madindehead

madindehead

madindehead

Soldato
Joined
30 May 2009
Posts
4,620
Location
Maidenhead
wjfcomputers said:
I'm talking about a solution that leverages a vast online database of billions of files and behavioural data (not Panda).

When I execute a file on my machine, a classification is obtained from the cloud database. If the file is good, it will be allowed to do what it needs to do. If it's bad, it'll be cleaned-up. If it's unknown the file will be placed in 'monitor' mode.

While in monitor mode, the file is first executed in a sandbox (transparent to the end user and takes seconds) where heuristical analysis takes place and behaviour is monitored. If it exhibits malicious behaviour at this stage the file is cleaned-up.

If no further malicious behaviour is witnessed in the sandbox, the file while be allowed to execute, but will still be continuously monitored. If the file tries to replicate, I'm protected. If it tries to still my keys, grab my screen or any other information stealing techniques, I'm generically protected even if no security vendor on the planet has seen the virus before.

Once my AV vendor has identified that the file that executed on my machine is a virus, a bad classification is pushed down. When my system receives the bad classification, it reverses every single change that the virus made to my system because while the file was being monitored a local change journal was recorded on my system, resulting in a perfect clean-up.

I also have visibility of everything the virus did or tried to do to my system.

I appreciate that this method includes some heuristics, but I'm sure you'll agree its a lot more than that.

The AV client itself is half a megabyte and uses up no noticeable system resources. It can also run alongside other AV products.
Click to expand...

Or, you could just be careful with what you download/install and then run on your system...

Given it scores well in detection tests, but that is it, it doesn't really prove much. Detection must be easier than removal.

Also, they're website claims to be protecting 6,133,226 users. That's not really a lot considering how many use the internet now is it. That's just slightly more than the population of Scotland.

It can't be THAT good if only 6 million people are using it...No wonder they need sales people.
 

wjfcomputers

wjfcomputers

wjfcomputers

Associate
OP
Joined
12 May 2005
Posts
134
Burnsy2023 said:
No not really. It's a standard AV with a online whitelist and some sandboxing technologies. The heuristics and sandboxing have performance overheads, this is a fact of life, and some people (a lot on here) don't want that overhead. They also won't be 100% effective.
Click to expand...

No, it GENERICALLY ensures that my keys etc cannot be stolen. No heuristics or sandboxing required.

The change journal feature providing perfect clean-up routines is also excellent.

I don't mind if you carry on running MSE, just be aware that you are at risk of being infected from legitimate web sites that have been compromised, exploited software vulnerabilities and other methods.

Like I said, so much malware these days is targeted or drive-by. You'll have no idea you were EVER infected.

Just saying :)
 

wjfcomputers

wjfcomputers

wjfcomputers

Associate
OP
Joined
12 May 2005
Posts
134
madindehead said:
Or, you could just be careful with what you download/install and then run on your system...

Given it scores well in detection tests, but that is it, it doesn't really prove much. Detection must be easier than removal.

Also, they're website claims to be protecting 6,133,226 users. That's not really a lot considering how many use the internet now is it. That's just slightly more than the population of Scotland.

It can't be THAT good if only 6 million people are using it...No wonder they need sales people.
Click to expand...

I have no idea what product you are talking about.

I'm still not recommending Emsisoft if that still hasn't come across yet.
 

Burnsy2023

Burnsy2023

Burnsy2023

Man of Honour
Joined
17 Nov 2003
Posts
36,743
Location
Southampton, UK
wjfcomputers said:
No, it GENERICALLY ensures that my keys etc cannot be stolen. No heuristics or sandboxing required.

The change journal feature providing perfect clean-up routines is also excellent.

I don't mind if you carry on running MSE, just be aware that you are at risk of being infected from legitimate web sites that have been compromised, exploited software vulnerabilities and other methods.

Like I said, so much malware these days is targeted or drive-by. You'll have no idea you were EVER infected.

Just saying :)
Click to expand...

Most malware that requires a process to run on my machine I would notice. This is the vast, vast majority of malware. There are exceptions but they're so rare it's not really worth bothering about.

Zero day vulnerabilities will always be a threat, that's the nature of it being zero day. As long I keep software updated the chance of being compromised is small and if I do get compromised then well, I can deal with the consequences.
 

Vore

V

Vore

wjfcomputers said:
I'm talking about a solution that leverages a vast online database of billions of files and behavioural data (not Panda).

When I execute a file on my machine, a classification is obtained from the cloud database. If the file is good, it will be allowed to do what it needs to do. If it's bad, it'll be cleaned-up. If it's unknown the file will be placed in 'monitor' mode.

While in monitor mode, the file is first executed in a sandbox (transparent to the end user and takes seconds) where heuristical analysis takes place and behaviour is monitored. If it exhibits malicious behaviour at this stage the file is cleaned-up.

If no further malicious behaviour is witnessed in the sandbox, the file while be allowed to execute, but will still be continuously monitored. If the file tries to replicate, I'm protected. If it tries to still my keys, grab my screen or any other information stealing techniques, I'm generically protected even if no security vendor on the planet has seen the virus before.

Once my AV vendor has identified that the file that executed on my machine is a virus, a bad classification is pushed down. When my system receives the bad classification, it reverses every single change that the virus made to my system because while the file was being monitored a local change journal was recorded on my system, resulting in a perfect clean-up.

I also have visibility of everything the virus did or tried to do to my system.

I appreciate that this method includes some heuristics, but I'm sure you'll agree its a lot more than that.

The AV client itself is half a megabyte and uses up no noticeable system resources. It can also run alongside other AV products.
Click to expand...

Plugging ENZO I see... :)

Stick to what you are comfortable with (whatever product that may be) - ultimately there is no better prevention than common sense.
 
Last edited by a moderator:

wjfcomputers

wjfcomputers

wjfcomputers

Associate
OP
Joined
12 May 2005
Posts
134
Throrik said:
Looks like MSE has been keeping my system pretty secure. Prevx found nothing. It's annoyingly lengthy to shut down though.
Click to expand...

I'm not sure if you're serious or if people are just trolling me now. You think because Prevx didn't find anything NOW that MSE has been protecting you? Sigh.
 
Last edited:

Throrik

Throrik

Throrik

Soldato
Joined
15 Sep 2009
Posts
2,901
Location
Manchester
MSE and MWB scans my systems for exactly the same things. They haven't found anything, nor has Prevx or Webroot SecureAnywhere, so why would I use one of these instead of my usual combo of MSE/MWB?

It's a simple question really. I'm not a security expert, you supposedly are, so sell these products to me in the layman terms, why are they better than my previously used solution?
 

Scougar

Scougar

Scougar

Soldato
Joined
30 Jan 2007
Posts
15,441
Location
PA, USA (Orig UK)
Sounds to me like you need a seperate machine to do all the checking/cleaning/faffing/washing/dropping the soaping/trying to forget it happened(ing) ;)

Frankly, if you are 'checking every single day' for security information, I think YOU are more suspectible to getting caught out than the majority of people here.

And like your generic wash away comment of "how do you know?".. well.. how do you know that even though something was caught.. it didn't get away with some dirty work first?
 

wjfcomputers

wjfcomputers

wjfcomputers

Associate
OP
Joined
12 May 2005
Posts
134
Throrik said:
MSE and MWB scans my systems for exactly the same things. They haven't found anything, nor has Prevx or Webroot SecureAnywhere, so why would I use one of these instead of my usual combo of MSE/MWB?

It's a simple question really. I'm not a security expert, you supposedly are, so sell these products to me in the layman terms, why are they better than my previously used solution?
Click to expand...

No problem. As a first step I'd recommend reading through everything I said in this thread: http://forums.overclockers.co.uk/showthread.php?p=20612377.
 
You must log in or register to reply here.
Back
Top Bottom