Proof that MSE SUCKS!

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.

ninaholic37

Golden Member
Apr 13, 2012
1,883
31
91
Hey bro, telnet was how the first viruses got around.
What about browsing the net inside a Virtual Machine (i.e. VMWare)? Can't you just backup the original OS image, then copy/use the backup each time you get a virus? Can viruses travel through the image into your real OS? :hmm:
 

alkemyst

No Lifer
Feb 13, 2001
83,769
19
81
What about browsing the net inside a Virtual Machine (i.e. VMWare)? Can't you just backup the original OS image, then copy/use the backup each time you get a virus? Can viruses travel through the image into your real OS? :hmm:

no but that virus can affect that VM and you'd be just as exploited during that time.
 

lxskllr

No Lifer
Nov 30, 2004
59,210
9,701
126
I think there's some proof of concept stuff where viruses break out of the vm, but I don't think there's anything in the wild(yet).
 

alkemyst

No Lifer
Feb 13, 2001
83,769
19
81
I think there's some proof of concept stuff where viruses break out of the vm, but I don't think there's anything in the wild(yet).

If you knew the environment, you could pull it off. Windows is still too strong a platform for many to worry outside the box (pun intended).
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Viruses don't crawl onto pc's. You go to unsafe sites, you get infected. If the only sites you go to every day is say Anandtech, you will never catch any viruses. So what does that tell you? Viruses just don't do drive by's and infect pc's.

Like the guys said, even that isn't necessarily safe. As Sophos emphasizes in the writeup I linked to, the main goal of BlackHole is to compromise sites that ARE normally safe. By the tens of thousands, hundreds of thousands. And yeah, malvertising is another avenue of attack. A site's ad partners can be duped into accepting a malvertisement that has a scripted attack hidden in, say, a .SWF (Flash file).

I saw a military catchphrase:

The enemy will attack on two occasions:

1. When they're ready
2. When you're not


There's some truth to that :sneaky: Defense in depth, people!

MSE is known to have the highest number of false positives, but the lower detection rates

AV-Comparatives found MSE to have very low false-positive rates. http://www.av-comparatives.org/images/stories/test/summary/summary2010.pdf for example. There was one noteworthy FP that incorrectly called the Google homepage malicious about 8 months ago, that's the only major MSE-related false-positive I recall hearing about.

Because MSE can't be more right than the kings, Kaspersky, Bitdefender, Eset, avast! which have all reported those files as safe

I see you mentioned a particular file that Kaspersky wasn't detecting. I can say from personal experience that you should send it to them for analysis. I've sent them thousands of files they weren't detecting, and unlike many companies, I would shortly get a response from a real malware analyst, confirming that it was indeed malware and they would have detection added shortly, and for them, that generally means within an hour. But it's still an hour too late, if you're the victim and your Windows/Office keys just got swiped.



I think there's some proof of concept stuff where viruses break out of the vm, but I don't think there's anything in the wild(yet).

Tangentially, there's now malware that breaks into VMWare VMs and infects them from outside: http://www.zdnet.com/crisis-malware-targets-virtual-machines-7000002986/ And that's just its sideline! It also exfiltrates data on Windows and OS X systems.
 
Last edited:

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Oh, and
What about browsing the net inside a Virtual Machine (i.e. VMWare)? Can't you just backup the original OS image, then copy/use the backup each time you get a virus? Can viruses travel through the image into your real OS? :hmm:

Yes they can. I'd guess a VM breakout is far less likely than the obvious: a network worm or classic file-infecting virus that spreads to network shares and mapped drives (since the VM is effectively another computer on your network that can attack the others), or an ARPoison/ARPiframe approach (in which your otherwise-harmless network traffic is infected on-the-fly by the infected VM's OS). Compromising a home router that's still using its default password is another angle of attack... change those factory passwords on your network equipment.

If you plan to use a VM for high-risk activities, it's still not a bad idea to apply a defense-in-depth configuration to it, maybe even tighter than you use on your host system. And make sure the VM's OS doesn't have access (via the network or directly) to anything on the host OS that it doesn't have to.
 
Last edited:

Tsavo

Platinum Member
Sep 29, 2009
2,645
37
91
The ONLY way you can ensure you're not going to get infected by the internet is to not jack in.

Or off, if you are using the internet.

Kapersky has been finding junk that MSE has been missing, at least on my PC.
 

Binky

Diamond Member
Oct 9, 1999
4,046
4
81
Claiming "proof" of something based on YOUR usage scenario is ridiculous at best. People don't always use things the same way. MY problem with the people that I personally support is that they are completely tech-ignorant (think teenagers and old ladies) and no mater how many times I tell them to update their AV programs if it pops up, they don't. So when Avira or Avast or name-that-free-AV-program times out after a year, these people run for 1, 2 or 3 years with zero AV protection because they are just too stupid/uninformed/ignorant/? to tell me that that damned little box by the clock (i.e. the system tray icon) kept telling them to upgrade. But...noooo....they didn't do a damned thing about it. Welcome to reality.

So for me, MSE is by far the superior choice for some people since at least it's free and it stays current through normal (forced) Windows updates. I'm very happy that MS finally was able to put something like this out and not be sued for some anti-competitive bullshit. On my own machine, I use ESET, which is pretty damned annoying compared to MSE. Eset seems fine, and it works on WHS2011 which is why I bought it, but it's really no better than MSE for me.

I've seen almost no viruses on Avira, Avast, or MSE on most machines, excluding human stupidity. No AV program can save you from a stupid user.
 
Last edited:

dagamer34

Platinum Member
Aug 15, 2005
2,591
0
71
Anecdotes aside, I don't think viruses or other self-propagating forms of malware is really the problem, but social engineering attacks are far more crafty since they rely on the low level of computer proficiency of the user. There's no way to stop someone from entering their credit card information into a program that promises to protect them from malware but is really stealing their info.
 

Berryracer

Platinum Member
Oct 4, 2006
2,779
1
81
Claiming "proof" of something based on YOUR usage scenario is ridiculous at best. People don't always use things the same way. MY problem with the people that I personally support is that they are completely tech-ignorant (think teenagers and old ladies) and no mater how many times I tell them to update their AV programs if it pops up, they don't. So when Avira or Avast or name-that-free-AV-program times out after a year, these people run for 1, 2 or 3 years with zero AV protection because they are just too stupid/uninformed/ignorant/? to tell me that that damned little box by the clock (i.e. the system tray icon) kept telling them to upgrade. But...noooo....they didn't do a damned thing about it. Welcome to reality.

So for me, MSE is by far the superior choice for some people since at least it's free and it stays current through normal (forced) Windows updates. I'm very happy that MS finally was able to put something like this out and not be sued for some anti-competitive bullshit. On my own machine, I use ESET, which is pretty damned annoying compared to MSE. Eset seems fine, and it works on WHS2011 which is why I bought it, but it's really no better than MSE for me.

I've seen almost no viruses on Avira, Avast, or MSE on most machines, excluding human stupidity. No AV program can save you from a stupid user.

WOW! So you use MSE simply because it's bundled in the Windows Update for free?? That just comes to show me what an experienced user you are!

1) There are a myriad of FREE AVs that are way better than MSE, take avast! free Antivirus which even rivals many of the paid AVs according to test tesults and has an auto sandbox feature! Then you have Avira Antivir with its excellent detection rates, another is Comodo Internet Security (FREE), and the list goes on. So your excuse that you use MSE because it's free is just basically saying you are too lazy to spend a minute or two to download a real antivirus risking your entire PC's security.

2) You have never had a virus with MSE? Sure? how do you know? if it doesn't detect the virus, how do you that you are virus free? why does it always get the lowest results in real world AV comparative tests and others? Why do some tests omit MSE totally? One just has to wonder.

3) Microsoft has always been crap when it comes to computer security, the most insecure web browser, IE, Windows Defender, a wanna be anti-malware program that never works or detects anything, and now MSE, since when did Microsoft have experience in creating an Antivirus? 2 or 3 years ago? No thanks, ill pass and stick to a product from a well known company such as avast or Avira or even AVG for that matter.
 

Broheim

Diamond Member
Feb 17, 2011
4,587
3
81
Telnet email clients like Pine allow you to attach files.

We still had to use antivirus programs when Pine was a major way of checking email in the 90's.

sure but that's not part of the telnet protocol, pure telnet is 7-bit ascii.
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
Telnet email clients like Pine allow you to attach files.

We still had to use antivirus programs when Pine was a major way of checking email in the 90's.

There's no such thing as a "telnet email clent", they're text based but they don't use telnet in anyway. SMTP is a text-only protocol which they use and you can run them remotely via telnet or ssh, but telnet isn't involved in any other way.

And these days mutt is a much better text-based email client than pine.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
WOW! So you use MSE simply because it's bundled in the Windows Update for free?? That just comes to show me what an experienced user you are!

1) There are a myriad of FREE AVs that are way better than MSE, take avast! free Antivirus which even rivals many of the paid AVs according to test tesults and has an auto sandbox feature! Then you have Avira Antivir with its excellent detection rates, another is Comodo Internet Security (FREE), and the list goes on. So your excuse that you use MSE because it's free is just basically saying you are too lazy to spend a minute or two to download a real antivirus risking your entire PC's security.

Another sample I harvested last night: VirusTotal scan result And on any given day, it could be MSE, or Avast, or any of 30 other vendors that don't detect the sample. In this case, it was the BlackHole launcher, which if successful, would then evaluate my system for methods of exploitation (does it have Java, does it have Flash Player, does it have Reader? Which versions? Ok, let's try these seven exploits). If the exploit were successful, it would then download or construct a payload file and attempt to launch it. Possible outcomes include a ZeroAccess rootkit.

The moral of the story: don't rely on antivirus software alone. As I mentioned earlier, Flame went scott-free for over two years in the face of every antivirus vendor on the planet. Sandboxes, behavioral detection, heuristics... you name it, it failed.

2) You have never had a virus with MSE? Sure? how do you know? if it doesn't detect the virus, how do you that you are virus free? why does it always get the lowest results in real world AV comparative tests and others? Why do some tests omit MSE totally? One just has to wonder.

I realize you're replying to someone else, but in my case, I periodically do boot-CD scans with another vendor's product as a checkup. I generally use Kaspersky, with all settings maxed out. As for your AV-comparative claims, you might want to verify your facts, since MSE is mid-pack. There's definitely worse performers out there. Given that a lot of malware is unique one-offs that are constructed on the spot and only served one time, look at the proactive tests.

3) Microsoft has always been crap when it comes to computer security, the most insecure web browser, IE, Windows Defender, a wanna be anti-malware program that never works or detects anything, and now MSE, since when did Microsoft have experience in creating an Antivirus? 2 or 3 years ago? No thanks, ill pass and stick to a product from a well known company such as avast or Avira or even AVG for that matter.

2001 called, it wants its outdated information back I'll grant you the criticism on the old Windows Defender, which Microsoft bought the entire Giant Antispyware company to obtain. It was never worth much. But IE is now quite good, and Microsoft as a company is recognized for its security program. For as much backwards compatibility as they maintain, they're doing OK.
 
Last edited:

SunnyD

Belgian Waffler
Jan 2, 2001
32,674
146
106
www.neftastic.com
1) There are a myriad of FREE AVs that are way better than MSE, take avast! free Antivirus which even rivals many of the paid AVs according to test tesults and has an auto sandbox feature! Then you have Avira Antivir with its excellent detection rates, another is Comodo Internet Security (FREE), and the list goes on. So your excuse that you use MSE because it's free is just basically saying you are too lazy to spend a minute or two to download a real antivirus risking your entire PC's security.

We get it. You have an agenda, which is to pimp for Avast. Are you getting advertising money for them or something?
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
This is insane, it's like arguing about which STD is the best. They all suck, get over it. Try a few and see which side effects you dislike the least and use that.
 

Douglaster

Member
Aug 27, 2012
29
0
0
I use MSE for my mom and sisters PC´s and eveything is fine.

They isnt is :

Admins and cant install anything.
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
Because MSE can't be more right than the kings, Kaspersky, Bitdefender, Eset, avast! which have all reported those files as safe

MSE is known to have the highest number of false positives, but the lower detection rates

It surprises me that anyone who really knows his stuff about computers use such a horrible so called antivirus which is merely an upgraded version of the old and useless Windows Defender

It'll be interesting to see how well anti-virus built into Win8 does,will Win8 users stay with built-in one in Win8 or go with one of the many third party options?
 

Mem

Lifer
Apr 23, 2000
21,476
13
81
This is insane, it's like arguing about which STD is the best. They all suck, get over it. Try a few and see which side effects you dislike the least and use that.

I would not say suck exactly since any AV is better then nothing IMHO,some do better then others and I've seen Avast,Kaspersky,Avira etc all get top spot in detection rates depending on the month tested etc...however throw in the user at the other end and we all know how much damage they can do without common sense etc....
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
I would not say suck exactly since any AV is better then nothing IMHO,some do better then others and I've seen Avast,Kaspersky,Avira etc all get top spot in detection rates depending on the month tested etc...however throw in the user at the other end and we all know how much damage they can do without common sense etc....

They may have varying levels of suck, but every infection I've seen has been on a PC with A/V installed. IMO they're worthless and cause more harm than they do good.
 

vshah

Lifer
Sep 20, 2003
19,003
24
81
They may have varying levels of suck, but every infection I've seen has been on a PC with A/V installed. IMO they're worthless and cause more harm than they do good.


...how are you going to detect a virus without ANY antivirus to detect it with?
 
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |