Proof that MSE SUCKS!

[Berryracer]

I have said it many times but noone believes, MSE is one of the worse antivirus programs out there! Yes it is light on resources but it sucks big time in protection!

I have had 2 viruses crawl twice on to my system even though I am a safe user. Furthermore, it sucks in deleting any threats

AV-TEST - The Independent IT-Security Institute: Jul/Aug 2012

 

[abaez]

Why are they testing on Windows XP? Where's the Win7 test?

 

[Phynaz]

1. XP is much more vulnerable to virus's than Win 7.
2. Most of the world is still running XP
3. Are there any Win 7 exclusive virus's?

 

[mechBgon]

https://www.virustotal.com/file/93e...829ff7cc1f8b1f428310ab60/analysis/1347591910/

^ Pretty much all antivirus sucks. If you read up on malware like the BlackHole exploit kit, they actually integrate antivirus scanning in their product to make sure their polymorphic one-off malware files DON'T get detected. WHILE serving them live! Sophos has a writeup, for those interested: http://nakedsecurity.sophos.com/2012/03/29/exploring-the-blackhole-exploit-kit/ Pro tip: unlike these testing outfits, the bad guys don't use stale collections of malware to attack you.

I'd say if there's a feature to look for, behavioral detection has potential. But the products I've used that have host IPS/behavioral detection slow the system down, which is a logical result when it's watchdogging everything.

I have had 2 viruses crawl twice on to my system even though I am a safe user.

I have ten systems at work running MSE in the hands of average people, as well as my own at home, with no infections. But as you probably can guess, the antivirus software is just a third-string player in my security gameplan. I've uploaded tens of thousands of malware samples at VirusTotal, and the results teach one lesson: DO NOT rely on antivirus protection. Use it, but don't think of it as a solid defense.

Use low user rights, use Software Restriction Policy or Parental Controls to prevent your low-rights account from executing anything it's not supposed to, use EMET, max out UAC, disable AutoRun, use a browser with sandboxing/Protected Mode, remove all unnecessary software (most of all Java), and update the rest rigorously and check it with Secunia PSI. Got all that? Ok, now throw on an antivirus.

 

[Magic Carpet]

I use no anti-virus, for the reasons mechBgon brought up ^.

 

[tommo123]

https://www.virustotal.com/file/93e...829ff7cc1f8b1f428310ab60/analysis/1347591910/

^ Pretty much all antivirus sucks. If you read up on malware like the BlackHole exploit kit, they actually integrate antivirus scanning in their product to make sure their polymorphic one-off malware files DON'T get detected. WHILE serving them live! Sophos has a writeup, for those interested: http://nakedsecurity.sophos.com/2012/03/29/exploring-the-blackhole-exploit-kit/ Pro tip: unlike these testing outfits, the bad guys don't use stale collections of malware to attack you.

I'd say if there's a feature to look for, behavioral detection has potential. But the products I've used that have host IPS/behavioral detection slow the system down, which is a logical result when it's watchdogging everything.



I have ten systems at work running MSE in the hands of average people, as well as my own at home, with no infections. But as you probably can guess, the antivirus software is just a third-string player in my security gameplan. I've uploaded tens of thousands of malware samples at VirusTotal, and the results teach one lesson: DO NOT rely on antivirus protection. Use it, but don't think of it as a solid defense.

Use low user rights, use Software Restriction Policy or Parental Controls to prevent your low-rights account from executing anything it's not supposed to, use EMET, max out UAC, disable AutoRun, use a browser with sandboxing/Protected Mode, remove all unnecessary software (most of all Java), and update the rest rigorously and check it with Secunia PSI. Got all that? Ok, now throw on an antivirus.

isn't intel going to try and combat that with mcafee (their version of it i mean)?

 

[cl-scott]

I don't know... The fact that you became infected with something would tend to take issue with your assertion of being a safe user.

But AV programs are based on a reactionary model. They have to identify the threat, get a sample of it, dissect it, figure out how to safely remove it, package that all up into an update, test that update, then finally push it out to people.

Heuristics are more proactive, but you can't build a subscription model on heuristics.

 

[nemesismk2]

1. XP is much more vulnerable to virus's than Win 7.
2. Most of the world is still running XP
3. Are there any Win 7 exclusive virus's?

This is very true because I know some people from Russia and China who tell me that everyone is using Windows XP and they didn't know what Windows 7 was. Some are even running Internet Explorer 6 which is just crazy because Internet Explorer 8 is much better and more secure.

 

[wirednuts]

i run no antivirus. i just go by how my machine feels. if its sluggish, i start digging for malware.

 

[GrumpyMan]

I have had 2 viruses crawl twice on to my system even though I am a safe user.

Viruses don't crawl onto pc's. You go to unsafe sites, you get infected. If the only sites you go to every day is say Anandtech, you will never catch any viruses. So what does that tell you? Viruses just don't do drive by's and infect pc's.

 

[Mr. Pedantic]

I have said it many times but noone believes, MSE is one of the worse antivirus programs out there! Yes it is light on resources but it sucks big time in protection!

I have had 2 viruses crawl twice on to my system even though I am a safe user. Furthermore, it sucks in deleting any threats

AV-TEST - The Independent IT-Security Institute: Jul/Aug 2012

Avast! Free Antivirus FTW!

If you didn't believe MSE was a good antivirus, why did you keep using it? And if you managed to get 2 viruses even with a working antivirus, how could you possibly qualify as a 'safe user'?

I remember in the last days of my old PC when I was just running it into the ground, I ran it on Windows XP for 6 months with no antivirus, and I was visiting much dodgier sites than I am now (*wink wink nudge nudge* :sneaky. Not once did I get a virus or any other form of malicious software. So given what you say happened to you, your story doesn't really gel with me.

 

[SunnyD]

Viruses don't crawl onto pc's. You go to unsafe sites, you get infected. If the only sites you go to every day is say Anandtech, you will never catch any viruses. So what does that tell you? Viruses just don't do drive by's and infect pc's.

Now that's factually wrong. AnandTech serves up ads, and user facing (and user generated) content includes offsite links, image hosting and other sites. The site itself is database-driven using a scripted content engine. Ad networks are ripe for malware hacks. Offsite links and image hosting are easy avenues for infection. Just by visiting AnandTech you are literally 0 steps away from potential infection thanks to SQL injections, page redirects and other content hijacks. I'm not saying it's likely, but saying never is akin to saying you'll never catch a cold.

The ONLY way you can ensure you're not going to get infected by the internet is to not jack in.

 

[Berryracer]

If you didn't believe MSE was a good antivirus, why did you keep using it? And if you managed to get 2 viruses even with a working antivirus, how could you possibly qualify as a 'safe user'?

I remember in the last days of my old PC when I was just running it into the ground, I ran it on Windows XP for 6 months with no antivirus, and I was visiting much dodgier sites than I am now (*wink wink nudge nudge* :sneaky. Not once did I get a virus or any other form of malicious software. So given what you say happened to you, your story doesn't really gel with me.

good for you, the test results speak for themselves

I didn't personally have MSE installed, I had it installed for my little sister who goes to Games sites for kids

when I visited home, I checked her PC and she had a popup from MSE saying that it detected 2 viruses, they were not viruses, but rather, false positives (I think one of them was a program that could extract your Office product keys / windows product keys so you can back them up incase you didn't have them), so I thought anyway,let me just delete them through MSE and get done with it since I never used those 2 apps anyway, MSE did its thing and I thought greaT! now we're done

then a few mins later, that same pop up from MSE comes up again saying that it dected them again, and it kept doing it! I restarted, went into safe mode, but MSE kept reporting them. and I am 100% sure they are safe as they were not detected by my previous Kaspersky Internet Security nor Eset Smart Security nor Bitdefender Internet Security

That's my simple story and it is just false positives, I can only imagine how one might be infected but never know since he has that piece of crap called MSE that many people believe in. But tests online show the opposite

Just go to Wilders Security Forums and see what people think of that junk

 

[jkroeder]

It's true that MSE has never been that great of a performer in terms of high detection rate. However, they typically also have low false positive rates. On the other hand, anti-virus software that generally have high detection rates also have high false positive rates.


This is why I don't use anti-virus.

 

[GrumpyMan]

Now that's factually wrong. AnandTech serves up ads, and user facing (and user generated) content includes offsite links, image hosting and other sites. The site itself is database-driven using a scripted content engine. Ad networks are ripe for malware hacks. Offsite links and image hosting are easy avenues for infection. Just by visiting AnandTech you are literally 0 steps away from potential infection thanks to SQL injections, page redirects and other content hijacks. I'm not saying it's likely, but saying never is akin to saying you'll never catch a cold.

The ONLY way you can ensure you're not going to get infected by the internet is to not jack in.

Whatever, you know what I mean. I only go to safe sites, have never had a problem running MSE even clicking of all of the dumbasses links here at Anandtech.

 

[wirednuts]

The ONLY way you can ensure you're not going to get infected by the internet is to not jack in.

this is what they teach in pretty much any security related class.

 

[SunnyD]

Whatever, you know what I mean. I only go to safe sites, have never had a problem running MSE even clicking of all of the dumbasses links here at Anandtech.

Zero day exploits, kits like BlackHole, bot nets and idiot kiddie groups like Anonymous make it so that there's no such thing as a "safe site" out there.

I know know what you intended to say, and I can only hope that you understand what I'm trying to say. If not, I'll be a bit more blunt: It doesn't matter if you have anti-virus or not or what types sites you go to; as long as you're on the 'net, you're at risk. Period.

If you want to be online, all you can do is mitigate the risk percentage, which is what you're talking about. Regardless, you should never, ever consider any site as "safe". And that is my point to the OP in particular.

 

[alkemyst]

Viruses don't crawl onto pc's. You go to unsafe sites, you get infected. If the only sites you go to every day is say Anandtech, you will never catch any viruses. So what does that tell you? Viruses just don't do drive by's and infect pc's.

Anandtech serves third-party ads, these have been known to have been exploited in the past on other sites.

 

[GrumpyMan]

I understand what you are saying. And it is getting more dangerous to surf the net now, just because I was safe yesterday surfing Anand's site doesn't mean I won't get infected tonight, but that is just the risk we run unless of course we "unplug" the machine. Having said that, I don't find MSE worse than an other product out there for the same reason, just because the op's Avast worked yesterday doesn't mean it will be as effective tomorrow surfing his sites. And I don't look at ads with the adblockers I use in FF.

 

[Broheim]

Now that's factually wrong. AnandTech serves up ads, and user facing (and user generated) content includes offsite links, image hosting and other sites. The site itself is database-driven using a scripted content engine. Ad networks are ripe for malware hacks. Offsite links and image hosting are easy avenues for infection. Just by visiting AnandTech you are literally 0 steps away from potential infection thanks to SQL injections, page redirects and other content hijacks. I'm not saying it's likely, but saying never is akin to saying you'll never catch a cold.

The ONLY way you can ensure you're not going to get infected by the internet is to not jack in.

no, it's called telnet.

 

[alkemyst]

no, it's called telnet.

Hey bro, telnet was how the first viruses got around.

 

[Broheim]

errr, telnet is text only, bro.

 

[Nothinman]

They all suck, if you run Windows the only real choice is how badly the A/V you choose kills performance of your PC.

 

[ControlD]

good for you, the test results speak for themselves

I didn't personally have MSE installed, I had it installed for my little sister who goes to Games sites for kids

when I visited home, I checked her PC and she had a popup from MSE saying that it detected 2 viruses, they were not viruses, but rather, false positives (I think one of them was a program that could extract your Office product keys / windows product keys so you can back them up incase you didn't have them), so I thought anyway,let me just delete them through MSE and get done with it since I never used those 2 apps anyway, MSE did its thing and I thought greaT! now we're done

then a few mins later, that same pop up from MSE comes up again saying that it dected them again, and it kept doing it! I restarted, went into safe mode, but MSE kept reporting them. and I am 100% sure they are safe as they were not detected by my previous Kaspersky Internet Security nor Eset Smart Security nor Bitdefender Internet Security

That's my simple story and it is just false positives, I can only imagine how one might be infected but never know since he has that piece of crap called MSE that many people believe in. But tests online show the opposite

Just go to Wilders Security Forums and see what people think of that junk

How do you know they were false positives? Programs like the one you described above are notorious for containing any number of malicious packages. The same goes for key generators and cracked exe files.

 

[Berryracer]

How do you know they were false positives? Programs like the one you described above are notorious for containing any number of malicious packages. The same goes for key generators and cracked exe files.

Because MSE can't be more right than the kings, Kaspersky, Bitdefender, Eset, avast! which have all reported those files as safe

MSE is known to have the highest number of false positives, but the lower detection rates

It surprises me that anyone who really knows his stuff about computers use such a horrible so called antivirus which is merely an upgraded version of the old and useless Windows Defender