Microsoft's Security Essentials Fails Latest Antivirus Test

[Ace]

Maybe the best anti virus is common sense.

Common sense doesn't protect you from drive by malware downloads.

[+Zagadka Subscriber²]

Common sense doesn't protect you from drive by malware downloads.

 

If you are selective on what is downloaded, it does - but it is really helped if you use security software in your browser and have AV and anti-malware tools as controls. It isn't a contest to select either common sense or security tools. Like sex, don't rely on one protection.

[Ace]

360 Total Security uses Bitdefender's and Avira's excellent engines, along with their own very effective engine, which makes it just about the best AV available today.

 

By using three difference AV engines wouldn't 360 Total Security be three times as vulnerable to being exploited?

http://www.slideshare.net/JoxeanKoret/breaking-av-software-33153490

 

  

 

  

[Ace]

If you are selective on what is downloaded, it does - but it is really helped if you use security software in your browser and have AV and anti-malware tools as controls. It isn't a contest to select either common sense or security tools.

By drive-by downloads I was thinking about things like malicious adverts that download malware to your computer just by visiting the website. The only way to stop that is to install an ad blocker, keep all of your software up-to-date and disable any plug-ins you don't need (especially Flash Player, Java and Silverlight).

 

Some examples of what I mean:

• http://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-serving-malware/''>YouTube ads serving malware 

[+Zagadka Subscriber²]

As Neowin just posted

 

https://www.neowin.net/news/new-facebook-tagging-scam-is-in-the-wild-containing-malware-that-can-infect-every-device

 

If the victim is running a Windows PC, the user is then redirected to another Facebook page where the person is prompted to download a "Flash player" to be able to view the video.

The downloaded file is reportedly not a Flash player installer, but instead an SFX file (self-extracting executable archive) will greet the user. Once clicked, it would install two pieces of malware contained inside the archive, under the file names "install.exe" and "setup.exe." It has been reported that "install.exe" is a generic backdoor that can be used to install other malicious software, while the latter is responsible for spreading the alleged scam on Facebook even further.

 

 

That completely relies on running an executable, but is reported as just a tagging security error.

[T3X4S]

By using three difference AV engines wouldn't 360 Total Security be three times as vulnerable to being exploited?

http://www.slideshare.net/JoxeanKoret/breaking-av-software-33153490

That would depend.

If engine 1 had an ABC vulnerability, and engine 2 patched the ABC vulnerability, the 3rd might have its strengths elsewhere -- resulting in an iron clad solution

Of course that is theoretical. 

 

I dont think 3x as vulnerable could be feasible

[Ace]

That completely relies on running an executable, but is reported as just a tagging security error.

 

That particular scam does, but not all of them do (as the links in my previous post demonstrate).

 

Many trojans are designed to exploit vulnerabilities in Flash Player and Java to automatically install whatever malware the criminals want. The user of the computer simply needs to visit a compromised website to be infected.

 

http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

https://twitter.com/kafeine/status/558946590011166720/photo/1

[HawkMan]

That would depend.

If engine 1 had an ABC vulnerability, and engine 2 patched the ABC vulnerability, the 3rd might have its strengths elsewhere -- resulting in an iron clad solution

Of course that is theoretical. 

 

I dont think 3x as vulnerable could be feasible

 

don't think it works quite that way, it would slow snit way down.

[JustGeorge]

I think the biggest threats to security on the net these days are:

 

1. Ignorant users

2. Java

3. Flash

4. Malicious Ads

5. Adware/malware (See #1)

 

If people would run an Ad Blocker, stop clicking Yes to every dialog box with reading and refuse to use anything that relies on Java/Flash, we'd all be better off. I know of someone last week that went out and bought a new laptop. Within effing hours they had a metric ######-ton of junk adware/malware applications installed. All of this because they didn't have the sense to obtain legit programs from their source. They simply Googled whatever program they wanted and clicked on the first link that came up. Those links were to 3rd party sites that bundled crap with the application they were after.

 

No damn excuse for such ignorance. Especially after being told in the past. I've told them about Sandboxie and its not going to work. Why? Cause using Sandboxie requires managing. It prompts you to delete your sandbox on occasion and when stuff is downloaded, the user has to export it to a non sandboxed section of the PC. This is too much work for them (or most average users that I know). Even if they did apply their mental faculties and use sandboxie, what good is a sandbox if they're going to export chrome w/ malware bundle from it to the unprotected portion to run?

 

I'm convinced the only way to put a stop to this madness is to have an OS that boots up into "read only mode" where everything is lost on reboot unless they type some 100+ character password to save changes. At least make them work to screw their PC up! No copy/paste and reboots are non optional every night @ 3am!

[Luc2k]

 One of the things the program determines is the footprint on resources; and since webroot is cloud-based, its resource impact is almost nil.

Since you're watching several PCs, do you know if it still needs a lot of disk space for monitoring suspicious files? I've used the trial over a year ago and set it to watch around ten files (give or take). After two months, my C drive was running low on disk space and it turned out that the files Webroot created for monitoring were almost 7GB in size.

[DarkyDan]

I just assumed anybody in the tech industry didn't bother.

 

All the paid AV's I've used have been bloaty to the point of making the computer almost unusable.. I did quite like NOD32 but I think there is a tad too much paranoia involved in purchasing an AV suite.

 

MSE/Defender is fine, no suite can block everything.

[sinetheo]

Best AV software on the planet is Adblock-plus!

 

Unless you willy nilly clock on things this and disabling java will cover you from 95.9% of all exploits. Think about it? A single website today has 20 different ad networks. That is right 20 different ad networks executables running on each tab! Mutliply that by 20 tabs and you have +400 executables running in your browser??

 

I want to help lowly website operators with income but they got waaay too greedy with these questionable ads.

 

Ghostery is popular and people on www.slashdot.org praise no-script but it disables the web itself and is like UAC for each script on every website. It is a must in 2015 on the scary internet. In the old days you would have 1-3 ad networks per page. Jeesh and then web site owners get mad when we refuse to play along with their annoying ads and malware infection points.

AR556, on 01 Feb 2015 - 19:21, said:

I think the biggest threats to security on the net these days are:

 

1. Ignorant users

2. Java

3. Flash

4. Malicious Ads

5. Adware/malware (See #1)

 

If people would run an Ad Blocker, stop clicking Yes to every dialog box with reading and refuse to use anything that relies on Java/Flash, we'd all be better off. I know of someone last week that went out and bought a new laptop. Within effing hours they had a metric ######-ton of junk adware/malware applications installed. All of this because they didn't have the sense to obtain legit programs from their source. They simply Googled whatever program they wanted and clicked on the first link that came up. Those links were to 3rd party sites that bundled crap with the application they were after.

 

No damn excuse for such ignorance. Especially after being told in the past. I've told them about Sandboxie and its not going to work. Why? Cause using Sandboxie requires managing. It prompts you to delete your sandbox on occasion and when stuff is downloaded, the user has to export it to a non sandboxed section of the PC. This is too much work for them (or most average users that I know). Even if they did apply their mental faculties and use sandboxie, what good is a sandbox if they're going to export chrome w/ malware bundle from it to the unprotected portion to run?

 

I'm convinced the only way to put a stop to this madness is to have an OS that boots up into "read only mode" where everything is lost on reboot unless they type some 100+ character password to save changes. At least make them work to screw their PC up! No copy/paste and reboots are non optional every night @ 3am!

 

Google and bing need to be held responsible for this crap! They claimed 2 years ago they fixed it but everytime I search for something they come back. Do they even have automated tools to detect malware for top 50 software searches? This should be common sense. I just tried it and saw infected versions of Firefox

[seta-san]

everyone should be afraid of the US government. but for now it's for piddly things like looking at your porn. I wouldn't install a Chinese or Russian antivirus. to me it seems that it's giving root access straight to their governments.

[FunkyMike]

Best AV software on the planet is Adblock-plus!

 

Unless you willy nilly clock on things this and disabling java will cover you from 95.9% of all exploits. Think about it? A single website today has 20 different ad networks. That is right 20 different ad networks executables running on each tab! Mutliply that by 20 tabs and you have +400 executables running in your browser??

 

I want to help lowly website operators with income but they got waaay too greedy with these questionable ads.

 

Ghostery is popular and people on www.slashdot.org praise no-script but it disables the web itself and is like UAC for each script on every website. It is a must in 2015 on the scary internet. In the old days you would have 1-3 ad networks per page. Jeesh and then web site owners get mad when we refuse to play along with their annoying ads and malware infection points.

 

Google and bing need to be held responsible for this crap! They claimed 2 years ago they fixed it but everytime I search for something they come back. Do they even have automated tools to detect malware for top 50 software searches? This should be common sense. I just tried it and saw infected versions of Firefox

 

Decided to give Avast a shot after checking the main article. 

 

Assumed I had viruses / malware since my HDD usage was beyond belief.

 

Long story short: No Viruses found.

 

Turns out Google Chrome 64 is a resource killer (even with ABP installed)

 

Counting the days till Spartan.

[+Warwagon MVC]

Turns out Google Chrome 64 is a resource killer (even with ABP installed)

 

Yep, sounds like chrome.

[spaceelf]

Sounds more like ABP is the resource killer heh.

[T3X4S]

don't think it works quite that way, it would slow snit way down.

No what I meant was if you had 3 engines - and that above scenario was in place - you would be OK.

But you cant be 3x more vulnerable - you are only as vulnerable as the thing attacking you.

Meaning, if you have an AV that uses 3 different engines, and none are patched for some zero-day malware, you aren't 3x as vulnerable as the person who has an AV pkg with 1 engine.

You are just as vulnerable, no more - no less.

Thats what I was trying to say, but I was really tired.

Its called something like a gambler's folly, or the gambler's dilemma - something like that - where you think you are 3x better, but you are not....

 

[T3X4S]

Since you're watching several PCs, do you know if it still needs a lot of disk space for monitoring suspicious files? I've used the trial over a year ago and set it to watch around ten files (give or take). After two months, my C drive was running low on disk space and it turned out that the files Webroot created for monitoring were almost 7GB in size.

No, I havent had anyone tell me this.  In fact, it would seem extremely strange since it is all cloud-based.  The resources are next to nothing, in fact, I just ran windirstat to take a look and the program was only using 3MB.

I am totally unaware of it doing some drive space hogging.

Was it webroot Secure Anywhere, or the old webroot ?  (which was a terrible hog)

 

[Joni_78]

I've been a happy MSE user since Windows 7. I've had Windows 8 installed for over a year now and really needs a clean install so I thought I give Avira a try to see what it finds.

 

I think these are false positives from cracks, I'm not sure though. MSE never notified anything about these.

I:\Indiana.Jones.And.The.Fate.Of.Atlantis\indiana_jones_and_the_fate_of_atlantis.zip
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [WARNING]   The file was ignored.

I:\marvel\3DMGAME-Lego.Marvel.Super.Heroes.Incl.2DLCs.Cracked-3DM.part7.rar
  [DETECTION] Is the TR/Black.Gen2 Trojan
  [WARNING]   The file was ignored.

D:\LEGO The Lord of the Rings\LEGOLOTR.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
  [WARNING]   The file was ignored.

D:\LEGO Marvel Super Heroes\steam_api.dll
  [DETECTION] Is the TR/Black.Gen2 Trojan
  [WARNING]   The file was ignored.

[HawkMan]

.

 

Turns out Google Chrome 64 is a resource killer (even with ABP installed)

 

.

 

actually ABP is the resource killer

[francescob]

ABP is an huge resource pig. Ghostery is not about ad-blocking but rather tracker-blocking but since the two things usually go hand-in-hand its filters mostly overlap with Adblock ones. If you don't mind video ads on Youtube and in few other places and empty spaces in pages (no element blocking) Ghostery blocks almost all the same stuff.

[Luc2k]

No, I havent had anyone tell me this.  In fact, it would seem extremely strange since it is all cloud-based.  The resources are next to nothing, in fact, I just ran windirstat to take a look and the program was only using 3MB.

I am totally unaware of it doing some drive space hogging.

Was it webroot Secure Anywhere, or the old webroot ?  (which was a terrible hog)

This is the issue. I haven't read through the topic to see if it's fixed yet, however I'm giving the trial another go.

[+Warwagon MVC]

This is the issue. I haven't read through the topic to see if it's fixed yet, however I'm giving the trial another go.

 

I just saw that issue last night on an expired Secureanyware pc.  The webroot folder in c:\programdata was 18GB in size.

[Circaflex]

Whats your guys take on Internet Security vs Anti-Virus. Ive alwasy been under the impression IS was more resource intensive and came with extra features I didnt care about nor wanted. Im still hesistant to put anything major on my desktop, its purely a gaming rig and I dont download much on it, but for my surface pro i want to put something on there. Was going to do eset antivirus but it wasnt rated too high, it seems most of the winners on Warwagons list are Internet Security Suites.

[+Warwagon MVC]

Whats your guys take on Internet Security vs Anti-Virus. Ive alwasy been under the impression IS was more resource intensive and came with extra features I didnt care about nor wanted. Im still hesistant to put anything major on my desktop, its purely a gaming rig and I dont download much on it, but for my surface pro i want to put something on there. Was going to do eset antivirus but it wasnt rated too high, it seems most of the winners on Warwagons list are Internet Security Suites.

 

I really hate the full internet security packages. Just give me the AV.