| Author |
Message |
|
Acadia
|
 Posted: Fri Nov 30, 2012 9:54 am |
|
 |
| welcoming committee |
 |
Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
|
|
_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson
|
|
  |
|
 |
|
sboots
|
Posted: Fri Nov 30, 2012 2:28 pm |
|
|
| Site Admin |
 |
Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2959
Location: New Jersey
|
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
| |
|
|
|
MacDuffie
|
Posted: Fri Nov 30, 2012 4:27 pm |
|
|
| Fearless Leader |
 |
Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
|
|
Some very good info at that link, Steve.
_________________
Patty MacDuffie
Computer Haven Administrator
Live Long and Prosper
Mr. Spock
|
|
| |
|
|
|
sboots
|
Posted: Fri Nov 30, 2012 8:57 pm |
|
|
| Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2959
Location: New Jersey
|
Thanks, Patty.  -steve _________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
| |
|
|
|
Acadia
|
Posted: Fri Nov 30, 2012 9:25 pm |
|
|
| welcoming committee |
|
Joined: Wed Apr 11, 2012 6:45 am
Posts: 1073
|
Especially interesting was Rob Koch's post. Gee, this security stuff sure can get complicated.  Acadia
_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson
|
|
| |
|
|
|
Manny Carvalho
|
Posted: Sat Dec 01, 2012 12:28 am |
|
|
| welcoming committee |
 |
Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
|
That was an interesting discussion but it didn't really answer why - regardless of how the testing is done as long as it's all done the same way - MSE scored significantly lower that the industry average on protection. I mean either this test is biased towards MSE or it doesn't perform well compared to its competition. I'm not sure there's any other alternative explanation and I don't know which is right. It does seem though that MSE does great with old stuff but not so well with new junk. http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=123698
_________________
Best regards,
Manny Carvalho
MS-MVP since 2002
|
|
| |
|
|
|
MacDuffie
|
Posted: Sat Dec 01, 2012 2:05 am |
|
|
| Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
|
|
But it does answer why. MSE is a lighter client, and only part of a whole series of security utilities. It relies on all parts being utilized. (Firewall, UAC, SmartScreen filter, Windows updates, etc.) At least that is my understanding from reading the thread.
I can tell you from seeing lots of infected machines in the field, that they are generally infected with rogue AV/Anti-spyware trojans - and that it doesn't much matter what AV program was in use. All things being equal there, I'd go with the lighter footprint program.
_________________
Patty MacDuffie
Computer Haven Administrator
Live Long and Prosper
Mr. Spock
|
|
| |
|
|
|
Manny Carvalho
|
Posted: Sat Dec 01, 2012 9:47 am |
|
|
| welcoming committee |
|
Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
|
|
MSE is a lighter client? Meaning that it doesn't perform as well as others in the field? Surely one would perform the other security measures regardless of what client is being used. Right? I mean no matter what AV one uses one would still use a firewall and etc., etc.
If the AV doesn't matter for that particular malware then they would all be rated poorly in that area and MSE not suffer by comparison. I'd agree that all things being equal I'd also go with the lighter footprint but it does appear that something isn't equal.
_________________
Best regards,
Manny Carvalho
MS-MVP since 2002
|
|
| |
|
|
|
sboots
|
Posted: Sat Dec 01, 2012 11:53 am |
|
|
| Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2959
Location: New Jersey
|
|
I do have to agree that MSE needs to get better at detecting malware in general. We know that MSE, and OneCare before it, has always erred on the side of caution to reduce false positives. That would certainly go a long way towards explaining why it doesn't react to the newer variants out there. What has always bugged me is that so many of the infections are delivered via methods that are not apparently malicious and rely on the user to provide the entry point by allowing it to act. At that point the antivirus program is useless as the malware has been allowed to step in and take action by the user. It would seem to me that MSE should be able to detect the initial delivery -- much as the smart screen filtering detects potential phishing attacks.
-steve
_________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
| |
|
|
|
jaylach
|
Posted: Sat Dec 01, 2012 1:38 pm |
|
|
| Resident Geekazoid Administrator |
 |
Joined: Wed Mar 21, 2012 5:09 am
Posts: 9485
Location: The state of confusion; I just use Wyoming for mail.
|
|
While they may be of interest I don't hold that much stock in such reports. I'm more than happy with MSE and MBAM Pro. Shoot, I just the other day cleaned a system with the fake FBI thing. Norton didn't stop it but MSE and MBAM cleaned it. Not a big test as that rogue is pretty helpless if you disconnect the system from the internet but the point is that Norton didn't prevent the thing in the first place. No AV is perfect and systems will continue to get infected as long as humans sit in front of them.
|
|
| |
|
|
|
MacDuffie
|
Posted: Sat Dec 01, 2012 1:59 pm |
|
|
| Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
|
No AV prevents these rogues. MBAM does. I've never understood why MBAM can and nobody else can. By lighter, Manny, I would think they are referring to footprint, resources. Maybe I'm wrong in that. All I can say that in the real world, MSE is no worse than the others. In a perverse way, perhaps it is better. Folks get these big security suites like Norton, McAfee, even Kaspersky, and they think they are impregnable. The big suites do not handle real-world infections any better than MSE. I always like empirical evidence when I can get it. 
_________________
Patty MacDuffie
Computer Haven Administrator
Live Long and Prosper
Mr. Spock
|
|
| |
|
|
|
sboots
|
Posted: Sat Dec 01, 2012 9:04 pm |
|
|
| Site Admin |
|
Joined: Tue Apr 10, 2012 9:48 pm
Posts: 2959
Location: New Jersey
|
MacDuffie wrote: No AV prevents these rogues. MBAM does. I've never understood why MBAM can and nobody else can. Basically because they are quicker to update signatures for these things and they aren't as concerned about false positives because MBAM does not try to detect *everything* that an antivirus program needs to deal with. -steve _________________ stephen boots Microsoft MVP 2004 - 2020 "Life's always an adventure with computers!"
|
|
| |
|
|
|
Manny Carvalho
|
Posted: Sat Dec 01, 2012 11:39 pm |
|
|
| welcoming committee |
|
Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
|
|
I would agree that if they try to keep false positives down then they would be bad at the heuristics for new stuff. I admit that some of this can be prevented by common sense. If people can stay away from the stuff then MSE is good at getting stuff whose signatures are settled. Although this does make for a hole in prevention and it seems that's what this test is saying as well.
Personally, I'd prefer the false positive since one does have online resources to check things out but I can well imagine what a ruckus they can cause for MS with their larger user base. I wasn't aware of this aspect of MSE since I don't use it and thought that it's performance was fairly comparable to others in the field.
_________________
Best regards,
Manny Carvalho
MS-MVP since 2002
|
|
| |
|
|
|
JoanA
|
Posted: Sun Dec 02, 2012 9:56 am |
|
|
| Moderator |
 |
Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
|
I used to use NOD32 years ago but since getting Vista I went to MSE, mostly to do with cost, then carried on with it on Windows 7 alongside MalwareBytes Pro. It hasn't let me down yet but of course since first getting a computer I've been involved with reading forums, well it started with Newsgroups, so know the dangers and try to keep myself out of trouble. I've also got WOT installed and SpywareBlaster and have the settings to their recommended state. I've now got to start and make sure I have all systems good with this Notebook, took off McAffee that it came with and have Windows Defender but I've only had it a week so haven't got everything needed yet. Having too much fun trying to find my way around Win8. 
|
|
| |
|
|
|
Manny Carvalho
|
Posted: Sun Dec 02, 2012 10:18 am |
|
|
| welcoming committee |
|
Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
|
|
Here's the thing though Joan. Certainly MSE hasn't let you down but maybe it hasn't done anything for you either. You are a careful computer user and I bet you haven't had a malware infection in ages. So, it's likely that if you didn't have any AV installed [and I'm not recommending that] that you would of had the same results.
People like you, who are aware of the dangers and attempt to stay clear of them, aren't the best to indicate how an AV program functions when it's really needed. It's those folks who click any link that really need that protection so when a product fails to detect new threats because it doesn't want to show false positives then it is of concern. Really that's why these third party tests are of interest. They stress protection in a way that normal users should never do. It's kind of like that air bag in a car. You never want a false positive but if there's a real danger than you don't want it to think about it but just activate.
Then again that's why we all preach that education,as you have done, along with an umbrella approach is the best defense and I'm very glad that you are one those people.
_________________
Best regards,
Manny Carvalho
MS-MVP since 2002
|
|
| |
|
|
|
JoanA
|
Posted: Sun Dec 02, 2012 10:59 am |
|
|
| Moderator |
|
Joined: Thu Apr 05, 2012 3:25 pm
Posts: 1916
Location: Pembrokeshire, South Wales, UK
|
|
Thank you for that Manny. Now my hubby is a different matter, I've installed MSE on his Windows 7 64 bit machine alongside SuperAntiSpyware Pro. WOT and SpywareBlaster. I try to educate him but he's a man and does occasionally click where he shouldn't but he's never yet been infected and running SuperAntiSpyware only ever finds cookies.
|
|
| |
|
|
|
MacDuffie
|
Posted: Sun Dec 02, 2012 1:53 pm |
|
|
| Fearless Leader |
|
Joined: Wed Mar 21, 2012 5:42 am
Posts: 2819
|
Hate to disillusion you, Manny, but no AV is going to keep safe the user who clicks on everything. And, safe habits are not enough today. I have gotten these rogue pop-ups on one or two occasions, and I generally only go to a limited number of websites. It's knowing how to handle it when you get a pop-up like that, that determines whether or not you get infected. You hit Start, Shutdown, and nothing else. Then you run a Malwarebytes scan when you come back up, just in case.
_________________
Patty MacDuffie
Computer Haven Administrator
Live Long and Prosper
Mr. Spock
|
|
| |
|
|
|
Manny Carvalho
|
Posted: Sun Dec 02, 2012 8:24 pm |
|
|
| welcoming committee |
|
Joined: Thu Mar 22, 2012 1:35 am
Posts: 715
|
|
No disillusion on my part Patty. But it is obvious that some perform better than others particularly with new malware. If you are getting 85% protection from one AV but only 75% from another - just to make up numbers - in an unbiased comparison performance test then I know which one I would choose.
_________________
Best regards,
Manny Carvalho
MS-MVP since 2002
|
|
| |
|
|
|
