AV and other security tools available from Microsoft

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

AV and other security tools available from Microsoft

Post by GµårÐïåñ »

No no no my friend, M$ is not just a passive scanner with manual detection, it uses a hook into the Defender backbone and provides real time scanning. Hence why when you download something, 9/10 time it catches is AS it is writing the puppy to cache, before its even done (almost similar to Avast stream scanning, without the hanging and corruptions that often occurs with Avast). But almost always it hits on it the minute it is recompiled and is finally accessible on the dependency scanner. I forgot to mention Avast and no offense to anyone, I find it slow, too bloated, heavy on the resources and way too intrusive, especially with the relatively extreme number of false positives. I KNOW things are clean but it tells me its some generic this and that, which has made me not trust it. If it was a program I got from someone, then I might give it the benefit of a doubt but when I am the person who wrote and complied the code, KNOWING FULL WELL that its not infected or malicious, getting that makes me angry, disappointed and frankly voids their credibility for me on anything else they say is infected.

Here is a little something that might be helpful: http://forums.informaction.com/viewtopi ... 18&start=0
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: Strange script tries to run when connection is down

Post by computerfreaker »

computerfreaker wrote:Monty ran, as far I can recall, HJT, MB and a virus scanner (although I don't recall which).
Tom T. wrote:Avast, and also Ad-Aware. I recalled incorrectly about him running all four of the recommended tools. My mistake.
I periodically run AAW on my computer... apparently it's not nearly as good as I had thought. (And my view of AAW wasn't good to begin with)
GµårÐïåñ wrote:Norton and McAfee have gone down the tube as well, its a pity.
Tom T. wrote:Agree that that happened a long time ago.
I agree wholeheartedly about Norton, but I have to differ with you guys on McAfee. I had their scanner (lost it when I moved to my new computer) and it saved my hide the one time I had a virus - that was when I was still stupidly using IE, but McAfee saved me anyway. And their built-in cleaner was a nice tool... (although CCleaner rocks more)
GµårÐïåñ wrote:That's why the M$ AV is such a refreshing welcome
Tom T. wrote:Unfortunately, from my reading (please correct me if I'm mistaken), it is not a true, full, real-time AV service, only a one-time scanner that you should run periodically or if you think you're infected -- just like the scanners that come with most AV products. But It does not provide real-time, automatic scanning of files you open, Web pages, etc.
I think you're wrong - as I mentioned, I copied overlay.xul into Notepad, hit "Save" - and the MS thing was all over me the instant I hit "Save". No action from me, but a LOT of action from that scanner. (I've got to stop this or I'll sound like a MS fanboy... :lol:)
Tom T. wrote:So is there *any* good, real-time, full-service AV out there, Guardian? Or anyone else?
Hate to say this, but the MS scanner is really good... McAfee did the job for me too.
GµårÐïåñ wrote:No no no my friend, M$ is not just a passive scanner with manual detection, it uses a hook into the Defender backbone and provides real time scanning. Hence why when you download something, 9/10 time it catches is AS it is writing the puppy to cache, before its even done (almost similar to Avast stream scanning, without the hanging and corruptions that often occurs with Avast). But almost always it hits on it the minute it is recompiled and is finally accessible on the dependency scanner.
That tallies with my experience.
GµårÐïåñ wrote:I forgot to mention Avast and no offense to anyone, I find it slow, too bloated, heavy on the resources and way too intrusive, especially with the relatively extreme number of false positives. I KNOW things are clean but it tells me its some generic this and that, which has made me not trust it. If it was a program I got from someone, then I might give it the benefit of a doubt but when I am the person who wrote and complied the code, KNOWING FULL WELL that its not infected or malicious, getting that makes me angry, disappointed and frankly voids their credibility for me on anything else they say is infected.
Unfortunately, that matches what I've heard at some popular tech sites - techsupportalert.com, portableapps.com, and others. Avast and a few others have some really high FP rates... sad, since a lot of users use these AV's and consequently get legit apps flagged. (This also smears the reputation for a lot of good, legit apps - including some PortableApps.com apps - because many users trust their AV completely)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Strange script tries to run when connection is down

Post by Tom T. »

@ Guardian and computerfreaker:
Guardian wrote:it uses a hook into the Defender backbone
That's exactly what I'm saying. By itself, MS scanner is not a stand-alone AV tool. You have to be running Windows Defender -- which I'm not, ATM.

So given that, is my original statement not correct? (MS Scanner is not a complete AV solution.)

And then -- what is your experience with, and opinon of, Windows Defender? ... still consider "Microsoft Security" an oxymoron, but am willing to keep an open mind.

It's possible that this portion of the topic should be split off into Forum: Security, if it runs more than a couple of more replies. We are getting O/T to the thread.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Strange script tries to run when connection is down

Post by GµårÐïåñ »

My friend, it IS indeed a stand-alone full featured. The hook to Defender is to prevent BOTH of them trying to do something at the same time. The hook is to control is behavior not really to use its functionality. Make sense? Defender now comes default but the AV is not, so this way it won't have conflicts, hope that helps.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Strange script tries to run when connection is down

Post by Tom T. »

GµårÐïåñ wrote:My friend, it IS indeed a stand-alone full featured. The hook to Defender is to prevent BOTH of them trying to do something at the same time. The hook is to control is behavior not really to use its functionality. Make sense?
Uh-oh, I'm afraid we might be talking about two different things, my friend. I'm looking at http://onecare.live.com/site/en-us/default.htm
Get a free PC safety scan

Windows Live OneCare safety scanner is a free service designed to help ensure the health of your PC.

* Check for and remove viruses

Firefox users: see the special instructions for running the scanner using Firefox.
[[Because it requires installing an ActiveX control, which is not supported by Fx -- T.T.]]
I have the very strong feeling that you guys are talking about a different service or product. I am so sorry for the mistake. What and where is it?
GµårÐïåñ wrote:Defender now comes default but the AV is not, so this way it won't have conflicts, hope that helps.
Default on your Vista and Win 7, perhaps, but you'll notice that OP Montagar, computerfreaker, and I are still on XP. No Defender by default for us, Brother. Thanks as always for your further enlightenment.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Strange script tries to run when connection is down

Post by GµårÐïåñ »

As I said earlier, or it might have been in the guide, Live OneCare was a product based on one that they had acquired and it was good but not exactly as granular as they had hoped. So it has been discontinued, they no longer sell or support it and those who had it will continue to have it until the beginning of next year and then its replaced with the free Essential Security. Since there was no mention of OneCare, I didn't realize you are talking about that but I was talking at all times about the Essential Security and I thought I was clear about that but if not that's my fault.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
User avatar
computerfreaker
Senior Member
Posts: 220
Joined: Wed Sep 16, 2009 10:03 pm
Location: USA

Re: Strange script tries to run when connection is down

Post by computerfreaker »

GµårÐïåñ wrote:My friend, it IS indeed a stand-alone full featured. The hook to Defender is to prevent BOTH of them trying to do something at the same time. The hook is to control is behavior not really to use its functionality. Make sense?
Tom T. wrote:Uh-oh, I'm afraid we might be talking about two different things, my friend. I'm looking at http://onecare.live.com/site/en-us/default.htm
We might actually be talking about 3 different things - I'm talking about Microsoft Forefront Client Security. http://www.microsoft.com/forefront/clientsecurity/
Tom T. wrote:I have the very strong feeling that you guys are talking about a different service or product. I am so sorry for the mistake. What and where is it?
I'm talking about a different product, all right - see my link...
GµårÐïåñ wrote:Defender now comes default but the AV is not, so this way it won't have conflicts, hope that helps.
Tom T. wrote:Default on your Vista and Win 7, perhaps, but you'll notice that OP Montagar, computerfreaker, and I are still on XP. No Defender by default for us, Brother. Thanks as always for your further enlightenment.
No Defender for me - just MFCS. I don't think that was default, either - I got my comp preloaded with a LOT of sw.

(Side note, I think it's time to split the topic)
With great power comes great responsibility.
Learn something new every day, and the rest will take care of itself.
Life is a journey, not a destination. Enjoy the trip!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3365
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Strange script tries to run when connection is down

Post by GµårÐïåñ »

The Forefront is their commercial solution, it was intended to replaced the old ISA while the Essentials was designed to replace the Live OneCare and the Defender has been available as a free tool for a while since XP. Essentially three different solutions but my detection was using Essentials, I thought that's what was used by the OP to detect theirs as well but all the products are part of the same family, same principle, just different editions for different usage.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

MS security tools

Post by Tom T. »

computerfreaker wrote:(Side note, I think it's time to split the topic)
Agree. Done.

:? :shock: "Three" different products... no wonder there was confusion. I'll review all mentioned; also, all who are interested in this topic, please see Guardian's separate (and excellent) thread, "More in Depth Look at Microsoft Security Essentials".
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20
luntrus
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Re: AV and other security tools available from Microsoft

Post by luntrus »

Hi forum friends,

I had expected a somewhat less outspoken opinion where general layered protection and av is concerned. Well, enfin, so be it. I know the avast product somewhat better, because I am one of the top posters on their forums and mainly in the virus and worms and FP section/sector. An stand-alone av solution that finds them all and fully protects is a non-existing animal, rara avis and it won't be around for a long time to come. Not a lot of tools get to the status of our beloved NS - a cure for all script code related malware in the past, the present and foreseeable future...
Being protected on the Internet also is a non-existing thing, but we can get nearer to the ideal situation and then we have to bring in somewhat more as a combination of a stand-alone resident scanner and a dual-way fw. There are some measurements that make our position somewhat more secure, change from a la default (tweak for security - use wwdc (close all you do not need- watch processes, files and the register), use programs sandboxed and with just normal user rights when no admin rights are needed, use site blocking with tools or an updated hosts file, SpywareBlaster etc.) Take your in-browser security serious as we all do here - NS, RP etc. Know where you are going online and what to expect when you haven't ventured out there before, every 3.6 sec a site is being hacked, injected, etc, well comes provided with re-directing, obfuscated malcode. I use a combination of a resident av, a fw, in the cloud av (Immunet Protect) and a combination of non-resident occasional scanners )SAS, MBAM, memory scanner, and a bundled product like Hitman Pro.
FPs have come to av solutions and won't go away, you hear from this once in a while, because of friendly and unfriendly obfuscation methods or packers mix up, the Delphi Borland thingie last misled a lot of av solutions. Malcreants will go to great length to go under the radar and I think MS is missing some out as well. The day I hear that MS solutions are protecting users against a malicious file infection like Virut, where all av solutions have to throw in the towel - game up, file infector won- total system recall immanent, then I will change my attitude. Until then I will be moderate in either bashing a product or being a fanboy of it. The main problem with computer security sits between the keyboard and chair, if there is SafeHex there and the right educated attitude not a lot can go wrong,

luntrus aka polunus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.16) Gecko/2010010414 Firefox/3.0.16 Flock/2.5.6
Logos
Junior Member
Posts: 43
Joined: Wed Oct 28, 2009 5:11 pm

Re: AV and other security tools available from Microsoft

Post by Logos »

Hi Polonus and the others ;)

running Avast 5, not much to complain about so far (as to the AV components). As said the FP issue was a one time issue, and happened to 99.99% of other Av companies. I was lucky to be offline when it happened with Avast and online again when the issue was corrected. Concerning the interface, there's not much to add, there's no other free product out there with such a complete interface. Remains the main purpose of an AV, detection and ability to block/remove malware. I don't browse in areas where I could put avast 5 at stake on a regular basis, so there's just nothing I can tell about this. As to MSE, I've tried it, and I liked it. A minimal interface but everything needed to face threats it seems, well according to many good reviews, and many were surprised, not expecting that from Microsoft. So if for any reason I decided to not use Avast anymore (which is very unlikely to happen), I would find MSE a very decent solution and I would use it. No need to argue. MS provided at last a really good anti-malware product for the non-techies, and I wouldn't hesitate a second to advise it, again, not just because it's easy to use, but because it does seem to have a strong system protection potential. I'm not going to elaborate about why I stick to Avast, that's not the topic here. But it was important to mention that one or two things that were said about it, here, are just not true.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Post Reply