Linked by Kroc Camen on Tue 29th Sep 2009 16:47 UTC, submitted by REM2000
Microsoft Microsoft have released their free anti-virus and anti-malware software (codenamed 'Morro') to the public, under the name of 'Microsoft Security Essentials'.
Order by: Score:
its not bad
by Nex6 on Tue 29th Sep 2009 16:57 UTC
Nex6
Member since:
2005-07-06

I loaded the beta on my laptop a little while ago, and it was not bad.

Reply Score: 4

RE: its not bad
by Googol on Wed 30th Sep 2009 20:29 UTC in reply to "its not bad"
Googol Member since:
2006-11-24

you guys are killing me. Yes, all of you who voted this up to 4 ;)

Tell me, are you running an anti-virus lab? Yes? No? How do you know it is "good"? It is good if the detection rate is good, and in NO OTHER circumstance. But of course you have no clue about that simply by installing it. omg...

It is good when competent sources test it and find it to be good, certainly not because you guys think so.

Reply Score: 2

RE[2]: its not bad
by Nex6 on Wed 30th Sep 2009 21:37 UTC in reply to "RE: its not bad"
Nex6 Member since:
2005-07-06

yeah, and avg and other 'free' AV are consider good? i never said it was "good" I said it was "not bad".

as for how i came to that, i did not do massive testing. i said i loaded on my laptop. and played with it. The AV engine is no worse then sophos or avg.

when, i scaned it aganist some old archives it found stuff neither avg or sophos was able to find.

and, when surfing "bad" sites it blocked stuff That sophos or avg never did. so, yea, my impression so far it not bad probley at least as good as sophos or avg.

Reply Score: 2

Definition Based AV is obsolete
by TheTaz on Tue 29th Sep 2009 17:29 UTC
TheTaz
Member since:
2008-05-30

Lightweight HIPS systems are better... like Eeye Blink (Home or Small Business level) or Triumfant Resolution Manager (Enterpise level).

Signature based prducts can't prevent zero-day attacks and they are becoming more abundant.

Reply Score: 1

Live OneCare still around
by jonathane on Tue 29th Sep 2009 17:30 UTC
jonathane
Member since:
2009-05-31

As far as I know, Live OneCare is still around (I am using it).

http://onecare.live.com/standard/en-us/3/default.htm

Also, this Ars Technica article (http://arstechnica.com/microsoft/news/2009/09/first-look-microsoft-...)claims that MS will be pushing Live OneCare upon installation instead of MSSE to avoid antitrust problems.

Should I discontinue subscribing to Live OneCare and switch to MSSE?

Reply Score: 1

RE: Live OneCare still around
by Kroc on Tue 29th Sep 2009 17:39 UTC in reply to "Live OneCare still around"
Kroc Member since:
2005-11-10

I’m going to be ditching AVG and installing MSE on my customer’s computers to see how well it holds up for regular use and abuse. I install probably ~1000 copies of AVG a year, if not more. If things go good or bad with MSE, I’ll write a follow-up article in a month detailing my findings. My own personal use of the product doesn’t really put it to the test in real life scenarios.

Reply Score: 3

RE: Live OneCare still around
by ecruz on Wed 30th Sep 2009 05:06 UTC in reply to "Live OneCare still around"
ecruz Member since:
2007-06-16

There is no reference in the Ars article regarding MS pushing Live One Care after you install MSE. You are misreading.

The fact is that Live One Care will go away and MSE is the one to stay.

Reply Score: 1

Gecad?
by b100dian on Tue 29th Sep 2009 17:58 UTC
b100dian
Member since:
2009-02-04

Could this be based on the AV they bought a few years back?

Reply Score: 1

v It's malware ..
by noisyjazzman on Tue 29th Sep 2009 18:53 UTC
Comment by motang
by motang on Tue 29th Sep 2009 19:10 UTC
motang
Member since:
2008-03-27

I kinda like it. It's actually lightweight and works well on my 3 year old lap with WinXP running in VirtualBox on Ubuntu 9.10. ;)

Reply Score: 1

not bad but.....
by DREVILl30564 on Tue 29th Sep 2009 19:42 UTC
DREVILl30564
Member since:
2008-04-18

they need to fix the software so it doesn't pull updates through the windows update site. At my company we have a corporate level group policy that restricts access to download updates directly from the windows update server (they push selected updates directly to us but they won't add updates for stuff like this). I installed this to try it out on a test box that was joined to our domain, and it downloaded the initial update, but when I tried to get it to update again it kept failing with an error. I had the same behavior for windows defender so I knew immediately it was because it is trying to pull definition updates through the windows update site.

seems like decent software other than this. I'll probably install it on my personal system at home, just so I can get rid of the nag screens for avira free edition antivirus.

Reply Score: 1

RE: not bad but.....
by jpr82 on Tue 29th Sep 2009 23:49 UTC in reply to "not bad but....."
jpr82 Member since:
2009-09-29

Is the program even meant to be used in a commercial machine?

Reply Score: 1

RE[2]: not bad but.....
by btrimby on Wed 30th Sep 2009 00:18 UTC in reply to "RE: not bad but....."
btrimby Member since:
2009-09-30

Not really. That's what Forefront is for.

Reply Score: 1

RE[2]: not bad but.....
by DREVILl30564 on Wed 30th Sep 2009 00:23 UTC in reply to "RE: not bad but....."
DREVILl30564 Member since:
2008-04-18

I didn't see anything that stated that it couldn't be used in a commercial environment. But I wanted to try it out for evaluation purposes on a test box that I routinely reimage it wasn't a production machine.

Reply Score: 1

RE[3]: not bad but.....
by jpr82 on Wed 30th Sep 2009 01:23 UTC in reply to "RE[2]: not bad but....."
jpr82 Member since:
2009-09-29

Sounds reasonable enough, having said that, if it's meant for home users, then MS update IS the site to get updates from.

Reply Score: 1

RE[4]: not bad but.....
by jptros on Wed 30th Sep 2009 02:44 UTC in reply to "RE[3]: not bad but....."
jptros Member since:
2005-08-26

With that said, if you can push the updates out via WSUS it would suffice in a corporate environment also assuming the software is up to par with other offerings. Time will answer that latter for us.

Reply Score: 2

Nice move!
by Stratoukos on Tue 29th Sep 2009 20:34 UTC
Stratoukos
Member since:
2009-02-11

Nice move from Microsoft. If this is as successful as it sounds it could bring a whole new generation of antivirus software, where taking over your pc isn't the norm.

Reply Score: 1

Hmm... nah
by darknexus on Wed 30th Sep 2009 00:37 UTC
darknexus
Member since:
2008-07-15

I just have one question: If Microsoft is competent to release what most seem to think is a decent AV and security sweet, why not just redirect that competence into plugging up your os in the first place? They have all those security features in the NT kernel, but rarely are they ever used and instead Microsoft waste time with things like UAC while giving their own programs a backdoor through it. Now, they develop an av solution... why not just fix it in the first place? Keep on top of the os with windows update while keeping this as a way to clean viruses that already have taken root, but when the av finds something immediately put it on the list of things to investigate and plug up for good. They did it with conficker after all, so they are capable of it. Conficker spread because of millions of outdated computers, and if users can't use windows update due to pirated copies of Windows or whatever reason, then this av software updating through windows update isn't going to help them either.

Reply Score: 3

RE: Hmm... nah
by ecruz on Wed 30th Sep 2009 05:11 UTC in reply to "Hmm... nah"
ecruz Member since:
2007-06-16

So you are one of the believers that other OS are immune to viruses?

Keep dreaming fool! It is all about market share!

Why isn't Photoshop release for anything but Windows? Do you think that Adobe would not make a Linux version if they could make money with it? Like I told you earlier, it is about marker share.

Reply Score: 2

RE[2]: Hmm... nah
by lemur2 on Wed 30th Sep 2009 06:21 UTC in reply to "RE: Hmm... nah"
lemur2 Member since:
2007-02-17

So you are one of the believers that other OS are immune to viruses? Keep dreaming fool! It is all about market share! Why isn't Photoshop release for anything but Windows? Do you think that Adobe would not make a Linux version if they could make money with it? Like I told you earlier, it is about marker share.


Linux has a lion's share of the server market. Presumably there is more important data held on servers than on desktop machines.

BTW, the GIMP is coming out soon at version 2.8. It will have a choice of traditional GUI or a single-window MDI mode, and it now supports wider colourspaces through GEGL. There is far too much competition in the Linux market for Adobe to be able to sell their hugely expensive paint program.

Reply Score: 1

RE[3]: Hmm... nah
by strcpy on Wed 30th Sep 2009 10:22 UTC in reply to "RE[2]: Hmm... nah"
strcpy Member since:
2009-05-20


Linux has a lion's share of the server market. Presumably there is more important data held on servers than on desktop machines.


LinuxRunsOnSupercomputers(tm)

BTW, the GIMP is coming out soon at version 2.8. It will have a choice of traditional GUI or a single-window MDI mode, and it now supports wider colourspaces through GEGL. There is far too much competition in the Linux market for Adobe to be able to sell their hugely expensive paint program.


JustAroundTheCorner(tm)
WaitForTheNextThing(tm)

Edited 2009-09-30 10:22 UTC

Reply Score: 4

RE[4]: Hmm... nah
by lemur2 on Wed 30th Sep 2009 13:15 UTC in reply to "RE[3]: Hmm... nah"
lemur2 Member since:
2007-02-17


LinuxRunsOnSupercomputers(tm)
JustAroundTheCorner(tm)
WaitForTheNextThing(tm)


SmellTheFear-1.02.1-ubuntu7.deb

LOL.

Reply Score: 2

RE[3]: Hmm... nah
by DrillSgt on Wed 30th Sep 2009 14:06 UTC in reply to "RE[2]: Hmm... nah"
DrillSgt Member since:
2005-12-02

BTW, the GIMP is coming out soon at version 2.8. It will have a choice of traditional GUI or a single-window MDI mode, and it now supports wider colourspaces through GEGL. There is far too much competition in the Linux market for Adobe to be able to sell their hugely expensive paint program.


Now be honest, Photoshop is more than a paint program. That would be like saying GIMP is just a paint program, and it is much more than that. And actually, in current iterations, GIMP really does match Photoshop for features that the majority of the people want or actually use. GO GIMP!

Reply Score: 2

RE[4]: Hmm... nah
by lemur2 on Wed 30th Sep 2009 23:12 UTC in reply to "RE[3]: Hmm... nah"
lemur2 Member since:
2007-02-17

"BTW, the GIMP is coming out soon at version 2.8. It will have a choice of traditional GUI or a single-window MDI mode, and it now supports wider colourspaces through GEGL. There is far too much competition in the Linux market for Adobe to be able to sell their hugely expensive paint program.
Now be honest, Photoshop is more than a paint program. That would be like saying GIMP is just a paint program, and it is much more than that. And actually, in current iterations, GIMP really does match Photoshop for features that the majority of the people want or actually use. GO GIMP! "

I know, I was merely stirring.

However, I do stick to my point that it is hardly worth the huge expense of Photoshop just to get the program with the better name.

Reply Score: 2

RE: Hmm... nah
by plcreno on Wed 30th Sep 2009 13:42 UTC in reply to "Hmm... nah"
plcreno Member since:
2009-09-30

True, but don't forget about the other route infections make it onto a machine - thru security holes/bugs in 3rd-party software, such as java, flash, video players, all the browser add-ons and extensions, etc. etc.

We'd still need a good AV to stop those, unless a complete re-architect of the OS is done to sandbox every single application/plug-in that runs on it...

Reply Score: 1

RE[2]: Hmm... nah
by lemur2 on Wed 30th Sep 2009 23:20 UTC in reply to "RE: Hmm... nah"
lemur2 Member since:
2007-02-17

We'd still need a good AV to stop those, unless a complete re-architect of the OS is done to sandbox every single application/plug-in that runs on it...


Or perhaps we could add "execute permission" flags in the filesystems that could only be set via a local authorised user supplying a correct password, and we could make the kernel honour the execute permission flags instead of just running any file at all without question.

Or perhaps in addition we could make it so that every person who might want to run the code gets to examine the source code if they want to, and they can all verify that the source code makes the as-distributed executable, so that it can be audited before it gets to run on any end users systems.

Oh, wait ...

Edited 2009-09-30 23:22 UTC

Reply Score: 2

RE[3]: Hmm... nah
by Dachshund on Thu 1st Oct 2009 00:40 UTC in reply to "RE[2]: Hmm... nah"
Dachshund Member since:
2009-10-01


Or perhaps in addition we could make it so that every person who might want to run the code gets to examine the source code if they want to, and they can all verify that the source code makes the as-distributed executable, so that it can be audited before it gets to run on any end users systems.

Oh, wait ...


Percentage of Linux users that currently have the time/inclination/know-how to examine the source code for every bit of software running on his/her computer: 0.0001%

Reply Score: 1

RE[4]: Hmm... nah
by lemur2 on Thu 1st Oct 2009 01:36 UTC in reply to "RE[3]: Hmm... nah"
lemur2 Member since:
2007-02-17

" Or perhaps in addition we could make it so that every person who might want to run the code gets to examine the source code if they want to, and they can all verify that the source code makes the as-distributed executable, so that it can be audited before it gets to run on any end users systems. Oh, wait ...
Percentage of Linux users that currently have the time/inclination/know-how to examine the source code for every bit of software running on his/her computer: 0.0001% "

Percentage of Linux users that have to have the time/inclination/know-how in order for every Linux user to benefit from this process: 0.0001%.

As long as there are some individuals, somewhere, who did not write the code, but who nevertheless can read the code and understand it, and who use the code themselves, and who therefore have a vested interest in it being clean ... then the code will be audited.

Don't believe me? Then consider this ... the system has an impeccable record. Perfect.

There has never been even one documented case ever of a piece of malware getting through to an end users machine via the open source repository distribution system. This is so even despite the fact that the vast majority of the users do not ever read the source code, nor would they be able to understand it if they did read it.

Many, many millions of users, many thousands of packages, many years of use of the open source software distribution system. No malware, ever. Impeccable record.

Edited 2009-10-01 01:44 UTC

Reply Score: 1

RE[5]: Hmm... nah
by talaf on Thu 1st Oct 2009 13:52 UTC in reply to "RE[4]: Hmm... nah"
talaf Member since:
2008-11-19

Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17.

Mozilla recommends to our Korean users who have downloaded affected products to run an AntiVirus product on their machine to scan for the Linux.RST.b virus and delete infected files. Further information about the Linux.RST.b virus can be found here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=9...


Bursting your bubble right here. Your record isn't impeccable anymore.

And it's pretty biased because you consider "official" distribution repositories which are, in fact, tested and audited.

You've proven yourself biased once again.

(And there are execute flags, and the OS does enforce them, stop spouting random crap).

Edited 2009-10-01 13:56 UTC

Reply Score: 1

RE[6]: Hmm... nah
by lemur2 on Thu 1st Oct 2009 23:23 UTC in reply to "RE[5]: Hmm... nah"
lemur2 Member since:
2007-02-17

"Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17. Mozilla recommends to our Korean users who have downloaded affected products to run an AntiVirus product on their machine to scan for the Linux.RST.b virus and delete infected files. Further information about the Linux.RST.b virus can be found here: http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=9...
Bursting your bubble right here. Your record isn't impeccable anymore. And it's pretty biased because you consider "official" distribution repositories which are, in fact, tested and audited. You've proven yourself biased once again. (And there are execute flags, and the OS does enforce them, stop spouting random crap). "

Sorry ... try again. That was a virus detected in 2002. This software does not get on to users machines via open source repositories.

In order to get such a virus, one would have to search the internet, find a dubious binary-only executable being pushed by someone (in your instance it was apparently a "Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2"), download it with your web browser, save it yourself somewhere in the local filesystem, exit the browser, navigate to where you had saved the file, and manually set the execute permission flag, then manually run the program.

That is the backwards Windows-think way of getting software installed. Laborious, long-winded, requires a web browser, requires long and patient searches all over the net, and it is a huge security risk.

This instance has nothing at all to do with the open source repositories and package management system:

http://en.wikipedia.org/wiki/Apt-get
http://en.wikipedia.org/wiki/Synaptic_Package_Manager
http://en.wikipedia.org/wiki/Software_repository

The open source repositories and the package management programs are the system with the impeccable record.

The message is clear: don't istall binary stuff you simply downloaded from the net from some unkown. Use the package manager.

PS: Please note that a software repository does not HAVE to be open source. It is ONLY the open source repositories for which an impeccable record is claimed.

Your challenge is to find even one recorded instance, at any time, over the many years these have been used, for millions of users, for thousands of packages, for many different versions, where a piece of malware has EVER got on to an end users system via the use of these open source repositories and package management programs.

The one virus you did find from 2002 is just not it.

Try again, troll.

Edited 2009-10-01 23:38 UTC

Reply Score: 2

RE[6]: Hmm... nah
by lemur2 on Fri 2nd Oct 2009 01:12 UTC in reply to "RE[5]: Hmm... nah"
lemur2 Member since:
2007-02-17

Security Advisory (September 21, 2005) The Mozilla Foundation is aware of the Linux.RST.b virus that infected Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2, as reported by Kaspersky Lab. No versions of Mozilla Firefox were infected. Infected files have been removed from the Mozilla ftp mirror network as of September 17.


I am just a little curious here. Why would some go to all this trouble to find an odd case (all the way back in 2005) of a binary file on the Mozilla ftp mirror network with a virus infection, when that was nothing like the claim that was made that this search was an attempt to refute?

To what end? What was someone hoping to prove with this? That it is possible to hide a virus in binary files, even if they are for Linux? Of course it is, but so what? If anything, this instance supports the original claim made. If you want to try to infect a Linux system, you don't do it via the open source repositories and package management distribution mechanism.

The system that has the impeccable record is the open source distribution system using open source software repositories and package managers. An essential feature is that anyone has to be able to download the source code, compile it for themselves if they want to, and then be able to verify that it makes the executable. It has to be auditable.

The system whereby one can get malware infections on ones machine is where one downloads binary files from somewhere on the internet and then one installs and executes them. As one routinely does with Windows.

Why is this simple fact apparently so hard for Windows fans to accept?

Edited 2009-10-02 01:17 UTC

Reply Score: 2

RE: Hmm... nah
by MollyC on Wed 30th Sep 2009 16:56 UTC in reply to "Hmm... nah"
MollyC Member since:
2006-07-04

Lots of malware doesn't rely on holes/flaws in the OS.
For example, I recently got hit by the "Delphi" virus. It's a virus that affects the Delphi development environment, and infects any program compiled by that Delphi environment. I happened to use a Delphi-built program and my anti-malware program detected it. I had to get an update from the developer to get a virus-clean version of the program. This virus doesn't rely on any OS holes at all. As it turns out, all the virus does is spread, and only spreads if it finds a Delphi environment on the system. If the virus code actually tried something nasty, then it might rely on an OS hole to do so (though, something like trashing the user's home directory wouldn't require any holes).
Here's a description of the Delphi virus, discovered just last month:
http://news.cnet.com/8301-27080_3-10312628-245.html
http://delphi.about.com/od/humorandfun/f/w32-induc-a-delphi-virus.h...


Other malware rely on holes that have been plugged by security updates, but people haven't applied the updates.

Also, if I read what you're saying correctly, Microosft already does what you're suggesting. When a hole is discovered, a security update is issued with the next month's scheduled update, or an out-of-cycle update is released if the problem is urgent enough. And each schedulted security update runs a malware quickscan that cleans out viruses that are on the system.

Edited 2009-09-30 17:13 UTC

Reply Score: 2

RE: Hmm... nah
by Dachshund on Thu 1st Oct 2009 00:35 UTC in reply to "Hmm... nah"
Dachshund Member since:
2009-10-01

I just have one question: If Microsoft is competent to release what most seem to think is a decent AV and security sweet, why not just redirect that competence into plugging up your os in the first place?


They could patch every hole and lock it up tight, but that's not going to stop users downloading and running meganfoxnude.exe

Reply Score: 1

Comment by talaf
by talaf on Wed 30th Sep 2009 07:13 UTC
talaf
Member since:
2008-11-19

Why isn't Photoshop release for anything but Windows?


Yeah Photoshop has never been historically available on Macs or anything ;)

I saw an Adobe PR telling that the porting work was too great, and there were little market. Photoshop is still a "power user" product, used by people (and usually enterprises) buying Mac/PCs and buying the Adobe licenses.

Reply Score: 1