Free M$S Security

Since I'm having to keep 2 PCs at present we were taking stuff off the big desktop and sorting out security - as what was on had time expired

What are anyone's thoughts on the new "free" Microsoft anti-virus software that is to be released ?

http://news.bbc.co.uk/1/hi/technology/8095932.stm

In reply to a post by goldenoldie:

What are anyone's thoughts on the new "free" Microsoft anti-virus software that is to be released ?

http://news.bbc.co.uk/1/hi/technology/8095932.stm

If it gets released as I expect the EU to step in and demand it's withdrawal due to anti-compettive practices !

Also I expect ESET, Norton, McAfee won't be pleased as they offer paid for security products.

Suppose it depends how good it is?

In reply to a post by blfamily:

Suppose it depends how good it is?

Yes.

Microsoft can't win though as if it's dire then no one will bother with it and yet if it's good then it will be downloaded by the masses and other AV vendors will moan that they are losing business to Microsoft !

In reply to a post by CurlyWhirly:

If it gets released as I expect the EU to step in and demand it's withdrawal due to anti-compettive practices !

I was thinking about this just a few days ago. It'll be interesting to see whether this would invoke anti-trust investigations and charges under competition law. Microsoft successfully bundled their basic firewall with XP & Vista without the EU beginning a case, so who knows what will happen when Morro software is officially launched.

@ OP: It's a wait-and-see job. Who knows how effective it will be. It's basically being produced due to the failure of their Live OneCare and if that is anything to go by, it will not be up to scratch.

In reply to a post by cozumel:

I was thinking about this just a few days ago. It'll be interesting to see whether this would invoke anti-trust investigations and charges under competition law. Microsoft successfully bundled their basic firewall with XP & Vista without the EU beginning a case, so who knows what will happen when Morro software is officially launched.

That is, of course, true but the anti-virus market is much more lucrative than the firewall market besides most routers come with a (free) NAT hardware firewall built in which is enough for most people (although not me as I insist on using a software firewall as well)

In reply to a post by cozumel:

I was thinking about this just a few days ago. It'll be interesting to see whether this would invoke anti-trust investigations and charges under competition law.

I suppose it depends whether Microsoft bundle it in as standard with windows or encourage/force it through windows update.
If it is a free optional download then surely it will be viewed no differently than offering like AVG or Avast Personal.

Well, it has now been released, kind of, if you go to the dedicated site, it says you are not in a listed country, yet you are still able to download it from :
http://www.microsoft.com/security_essentials/default...

If anyone has used it, I would be interested to hear what they have to say about it!

I dont like it. I tried it on a fresh install of XP sp3 in a virtual machine.

First time I installed it made my machine very slow. So I removed and re-installed. First install seem to get stuck on the update process when installing definitions. Second install seemed to go ok with a quick scan lasting about 10 minutes but still some lag on doing tasks and the SE window seemed slow to respond.

But on subsequent reboots the SE service failed to start automatically so the machine was "At risk" because the real time scanner had not started. Think this is a windows problem as some other programs have this problem but you would think MS would delay the icon until the SE service starts like Nod32 do.

Interesting, thanks Tim for responding.

I think I shall have to look at sometime myself because customers will ask !

Wouldn't update; PC was left on for over 24hrs, came and checked to find it still had the original update on it.
It just looked like a rip off of AVIRA's Free AV.

updating fine here.....


microsoft also seam to be releasing updates at more than once a day........


as soon as they have new update definations there released right away.....

apart from a slight lag it seams to be ok...........

http://forums.thinkbroadband.com/freechat/t/3712744-...

my post in another thread on this.

they proabbly sorted it.

I'm jolly pleased with Microsoft's offering. I installed it on the ageing P4 2.8Ghz 1Gb RAM XP SP3 'family' computer previously running the latest from AVG. If anything it has significantly improved boot times as well as picking out and eliminating a Winfixer threat on its first scan, something clearly missed by AVG.

The initial updating process was somewhat lengthy but not noticeably different from clean installs of Norton, Sophos or McAfee, we run alsorts in this house.

The interface is basic and it is lacking some of the bells and whistles of the paid-for suites but I'm confident in its performance to guard the downstairs machine. The question is now do I renew my 360 subscription in January.

No.

Because no matter what norton is still a pig of an AV.

Tried this for a couple of days, and really liked it... apart from the random cpu usage spikes.
Right clicking on files would sometimes hang for what seemed like ages and cpu usage would shoot up to between 50- 100%.
Then sometimes even while not doing anything MSMPENG.exe would be eating 100% cpu for ages.

Microsofts pat answer for the cpu usage problems seems to be "well yeah, something running on your pc is clashing with our software". Fair enough. But i'm not about to go through the process of uninstalling stuff on my pc trying to find out what it might be.

Was using Avira free but the increasing number of fp's and update problems made me look elsewhere.

Using Avast now, which i'm not mad keen on but it seems to do the job.

If the cpu usage get's sorted in a future update i would switch to it without hesitation.

I can't help thinking that Microsoft are quite right!

Trevor Adcock

Have replaced AVG with Microsoft's offering on three machines and it's running well. Picked up some viruses that AVG failed to so I'm happy. Have just installed on my Windows 7 machine and its working fine. Something that you set and forget.

Ok I have re-tried it on a fully patched XP SP3 (with all updates installed) and there were no problems. Nice and fast and fairly light. Maybe it didn't like a virtual machine without all the updates applied although SP3 was applied.

It's a widely reported issue.

I agree with you on this, everyone has their own views.

To some a anti virus has licence to do what it wants as long as it protects them.

To me I will let an anti virus run as long as it does not affect what I do, this means performance and stability. My main security against virus's is my own actions, thinking about what I download, which web sites I visit and opening any attachments on emails. The anti virus is a backup to that just incase I do the wrong thing. I cannot imagine a situation where I would catch a virus that isn't from http or email. Which makes real time file scanning probably a redundant thing on my own computers but I will run it if I do not notice it.

Edited by Chrysalis (Mon 12-Oct-09 15:50:30)

To some a anti virus has licence to do what it wants as long as it protects them.

In this day and age, with malware evolved to what it is today, AV software has to have a license to do what it wants to be as effective as possible. It's the lesser of two evils; malware can bury itself so deep and hidden these days it's only natural an AV must also do the same to combat it. Would you rather undetected malware had free license over your machine, or a trusted AV program? I know which I'd prefer. Look at the Sony rootkit fiasco, imagine if that was real, real malware, delivered by a mechanism other than http or email, to thousands if not millions of unsuspecting punters. Without deep rooted AV it would never be noticed, until way to late. It's still true that most is still spread via email but it's only a matter of when not if..

In reply to a post by Chrysalis:

My main security against virus's is my own actions, thinking about what I download, which web sites I visit...

That may not be enough these days - merely viewing a reputable site such as that of the New York Times could be enough to catch something nasty!

"In the most-recent case, NYTimes.com and other established sites hosted malware-infested ads. The New York Times described the attack in a Sept. 14 article.

When malicious ads � or "malvertisements" � enter the rotation on these sites, your system may become infected if you merely view the page. This is especially true if your versions of media players based on Java, Flash, or QuickTime are out-of-date." quoted from Windows Secrets newsletter article.

Another reason for using Ad block software I'd say.

I don't block ads per se but I do use NoScript with FireFox 3.5 which keeps most things at bay .

The problem is, for the general punter, advice to stay away from dodgy sites is no longer enough if they can be infected by visiting "respectable" sites.

malware can do a lot of things.

however it is a lot of if's. Generally speaking it is scaremongering.

To answer your question.

I would rather have a malware on my machine for a few days or however long before I format and reinstall than have a 24/7 impact from an anti virus. Some anti virus's affect machines far worse than malware do.

Not to mention the best malware will get by any AV.

hence the reason I scan http content, I acknowledge the risk on http.

also a reason I block adverts.

The problem is, for the general punter, advice to stay away from dodgy sites is no longer enough if they can be infected by visiting "respectable" sites.

I am not a general punter, I meant more than staying away from sites. I do take other precautions as well. I have not been able to read the article you link to as their server is down, but will check later on and post my views on it.

There has been various occurences in the past of malicous code buried in images etc. on websites but these viruses need specific things to play right for a successful infection.

Someone been vigilant far exceeds what an AV can do it is as simple as that, an AV is just one security layer of many.

Edited by Chrysalis (Tue 13-Oct-09 19:00:05)

Unfortunately even sites we trust can be hacked to serve up malware. We can't win, just minimize our losses!

I would rather have a malware on my machine

What strange logic.

In reply to a post by RiffRaff:

I would rather have a malware on my machine

What strange logic.

sure is. I know some security software can slow a machine down, Norton was one of the worse, but they are better now.

But, even a basic security software is better than nothing, I did use Comodo, but it have problems, so I have now gone back to Avast,

not really.

There seems to be an assumption been made that if one doesnt have real time file protection (an anti virus that scans everytime you do anything such as opening notepad.exe) then they going to be swamped with malware.

Essentially you dont need a software firewall if you have a router or hardware firewall, if a software firewall detects something dodgy going out then its too late you infected. That same infection can then of course control your software firewall, thats the reason I dont bother with software firewalls, its just downsides with questionable upsides.

This leaves http and email scanning, as well as document scanning, all these are covered by seperate modules in the best anti virus programs which leaves the real time file-scanning as a duplication that can have severe downsides.

The worse thing about all this is people buy into it, they will buy norton, kaspersky or whatever, turn everything on and think thats it job done. Malware bytes and some other programs will detect many things these anti viruses do not, so it pays to regular on demand scans with these programs.

So given that I have not been infected in over a 10 year period, any anti virus I have ran has only ever detected TWO viruses in a 10 year+ period from normal use (both over email) I think I would rather have the slim chance that I could pick up a malware, and then format and reinstall afterwards then put up with the slowdowns and incompatabilities of an agressive anti virus.

Many malware will typically be far less disruptive than an antiv virus program as well. Most malware is harmless.

I have known people who have caught viruses, all of them have kids, who install any software they come across, toolbars etc.

If you wonder what do I do if someone sends me a file over msn or irc or something similiar then the file is scanned using a on demand checker by myself.

Some anti viruses arent too disruptive such as nod32 v2.7 others are aweful, my dad runs norton and I expect a machine with 10 viruses on would run faster than his.

So yeah I prefer having malware (for a short period) then dealing with anti virus protection issues, however its not a choice I make since I dont get malware in the first place.

If I setup someone else's pc for them, I set them up with something like nod32 v4 everything turned on or if they not willing to pay for an av then avast (defenitly not comodo). I will then put something like spywareblaster in place on top of that and some adblocker combo. Tighten up their cookie/javascript/activex settings and tell them to use opera or firefox for browsing. Then hope for the best.

I myself I use nod32 v4 (recently just jumped from 2.7) with http/doc/email scanning enabled and on agressive settings, currently real-time file scanning is also on but is possible I will turn it off as I am already seeing things I do everyday been slowed down by it. Now I have configured it so it detects more stuff. Meaning my nod32 setup even without file scanning will detect more than a out of the box nod32 because out of the box advanced heuristics is disabled. In addition I block various malware links in my hosts file, disable a load of insecure activex stuff, tighten up my IE settings so only sites I add to my trusted zone can use javascript etc, use firefox with adblocker, use proximitron to block ads and dodgy code, manually scan anything I download, keep my software up to date, block all cookies without approval, all flash content will not play in any of my browsers without me approving it. My email is converted to text by default, and I do regular scans with both nod32 and malwarebytes. I do some other things as well and I expect I will be far less likely to get anything than joe bloggs who downloads big security package, turns it on and thats it. I also dont really use removable media much, anything burnt is what I burn myself and my usb stick is just used as a boot device and file backups.

So the question is since I scan everything that is inbound to my computer and I then run regular scans to check for infections, why do I then need to scan every file open/execute? There is a lot of FUD been spread around but again it is down to simply been aware of what you doing and how malware works.

Microsoft Security Essentials isnt too bad for a free program, I did find the performance impact too noticeable so wont use it myself now but will likely at some point start putting it on others machines if they not willing to pay for a better anti virus.

Everyone I know who has had an infection (not many people) all ran anti virus's with default settings. These apps do reduce the risk but thats it they dont protect against human error.

Edited by Chrysalis (Sat 17-Oct-09 12:22:29)

In reply to a post by Chrysalis:

Essentially you dont need a software firewall if you have a router or hardware firewall, if a software firewall detects something dodgy going out then its too late you infected.

Actually, that's a dangerous combination of arrogance and complacency.

A router (of itself) will not prevent an external attack. A hardware firewall, as found on most broadband routers, is intended to offer protection from an external attack only. It doesn't care what goes out from the internal network.

Having a software firewall helps to identify, isolate and prevent unauthorised or unwanted outbound traffic. The PC may not necessarily already have been infected; the outbound connection may be an agent "dialing home" in order to obtain the infective payload.

In reply to a post by Chrysalis:

So given that I have not been infected in over a 10 year period, any anti virus I have ran has only ever detected TWO viruses in a 10 year+ period from normal use (both over email) I think I would rather have the slim chance that I could pick up a malware, and then format and reinstall afterwards then put up with the slowdowns and incompatabilities of an agressive anti virus.

Like I said, complacent in the extreme.

In reply to a post by Chrysalis:

So yeah I prefer having malware (for a short period) then dealing with anti virus protection issues, however its not a choice I make since I dont get malware in the first place.

...that you know of...

I also installed the new microsoft security application on my laptop/vista and desktop/ xp. I am happy to report that so far no problems with my systems. In fact I removed Norton from my desktop despite having 3/4 month still to run. I am hoping to avoid the occasional conflict between applicatios and the antivirus software I had before.

and how can you get infected from from traffic going out from your own pc? as I said if something is doing that then it has already got itself on the computer and needs cleaning (infected).

The firewall would simply be either blocking or making it harder for it to communicate with its controller, but of course if its a good rootkit it can easily bypass the software firewall.

I am not complacent I just know that there is different ways to stop infection than real-time file protection and that real-time file protection on a/v that scans http/email is typically duplicated checking. In fact its complacent to think thats all you need to be protected.

Of course this is me, for others there is different scenarios such as when children would be accepting files over msn and on removable media.

Edited by Chrysalis (Wed 21-Oct-09 22:22:35)

In reply to a post by Chrysalis:

and how can you get infected from from traffic going out from your own pc? as I said if something is doing that then it has already got itself on the computer and needs cleaning (infected).

Not necessarily. Believe me I've seen it done; some form of applet is executed as a consequence of viewing a web page, this connects out to "home" and provides a mechanism for the PC to be compromised. HTTP scanning doesn't pick it up.

In reply to a post by Chrysalis:

The firewall would simply be either blocking or making it harder for it to communicate with its controller, but of course if its a good rootkit it can easily bypass the software firewall.

If a "good rootkit" is involved, your AV scans aren't going to be worth a lot anyway. But something is better than nothing, and if the firewall does alert to unusual outbound activity then it may help to catch things early rather than late.

In reply to a post by Chrysalis:

I am not complacent I just know that there is different ways to stop infection than real-time file protection and that real-time file protection on a/v that scans http/email is typically duplicated checking.

For all that it costs in terms of CPU time or memory usage, I'd rather have the "belt and braces" approach.

In reply to a post by Chrysalis:

In fact its complacent to think thats all you need to be protected.

I never suggest it was all that one needs, it was you who suggested it wasn't required at all!

In reply to a post by Chrysalis:

Of course this is me, for others there is different scenarios such as when children would be accepting files over msn and on removable media.

Of course, this is your view, and maybe it works for you. But it's dangerous to offer it to others as a strategy given that they may not be as "savvy" as you, may not appreciate the full extent of the risks out on the Internet, and that their PC may be used by other members of the family.

In reply to a post by Babylon5:

Of course, this is your view, and maybe it works for you. But it's dangerous to offer it to others as a strategy given that they may not be as "savvy" as you, may not appreciate the full extent of the risks out on the Internet, and that their PC may be used by other members of the family.

and this is why I deploy security software different configuration on other's machines (typically everything turned on that isnt going to cause compatability problems). I have never been arguing the point everyone should turn something off, just that there is a reason for some of us to turn it off.

Not necessarily. Believe me I've seen it done; some form of applet is executed as a consequence of viewing a web page, this connects out to "home" and provides a mechanism for the PC to be compromised. HTTP scanning doesn't pick it up.

If you trying to tell me a app can download over http not be picked up as a virus but then when it executes it is picked up as a virus then to me that can only be one of two things. Either the http scanner of the a/v is poor and not working properly (or not configured properly), or that the user has approved something to allow that app to be downloaded in a different manner perhaps not using the http port. (such as dodgy activex installation). Or even could be a bad browser configuration which is too lax.

Edited by Chrysalis (Sun 25-Oct-09 08:50:39)

Well, I keep seeing that there are new posts about Microsoft Security Essentials, and I have a look because I'm interested in what people have to say about that - but this thread seems to have become a largely unrelated duologue. Perhaps the duo concerned would like to change the subject title?

p

I think you're overreacting, they've made a couple of posts each on a discussion forum...