Linked by Thom Holwerda on Mon 4th Jun 2012 19:28 UTC
Windows "Microsoft's Windows 8 will activate its built-in antivirus software only if it senses that the PC is not protected by another security program, according to AV vendor McAfee." That's one way to appease antivirus companies, I suppose.
Thread beginning with comment 520784
To read all comments associated with this story, please click here.
Hm?
by WereCatf on Mon 4th Jun 2012 21:40 UTC
WereCatf
Member since:
2006-02-15

The article is quite light on details, leaving me wondering if these 3rd party AVs must be somehow signed by Microsoft for Windows to 'detect' their presence or will they just use some built-in functionality to alert Windows to their presence?

This is important because if it's the latter then what's stopping malware from doing that same thing? If it's the first then that would obviously be the safer choice, though it creates some extra steps for 3rd-party AV-makers to take.

Off-topic: I personally wouldn't touch any 3rd-party AV even with a barge pole anyways, so this doesn't affect me. I still loathe Microsoft and dislike how they do quite a few things, but Microsoft Security Essentials has so far been nothing short of excellent, both in terms of speed (also in the background), non-intrusiveness and actual detection quality. As such I applaud Microsoft for including it as part of W8, that'll save quite a few Joe Blows from malware attacks.

Reply Score: 5

RE: Hm?
by bassbeast on Tue 5th Jun 2012 03:50 in reply to "Hm?"
bassbeast Member since:
2007-11-11

I'm sorry Werecat but as a small shop owner while I use MSE myself on my gamer machine (because that's all it does and the only time I use the browser at all is when its sandboxed) I'm afraid as an AV that MSE leaves quite a lot to be desired.

For example, I bet you've never seen MSE block a website that has malicious code on it have you? me neither, in fact on an XP test box I have at the shop i tried sites I knew had drivebys just to see if MSE would raise a fit and it wouldn't. It seems to be great for detecting downloaded bugs, but how many bugs these days come from downloading infected .exe files anyway?

That is why I give my customers Comodo or Avast, as both have automatic sandboxing and both do scan before load on web pages, although lately I've been leaning towards Comodo as Avast has gotten too "chatty" with their plugs for other services. But with both I've yet to see a bug where the user didn't actively ignore it (such as the brainiac that disabled Comodo so he could install "the new Limewire' which of course was just a malware payload labeled limewire) but I have seen browser bugs get past MSE, especially if they had an out of date Java or Flash installed.

While I'm glad it works for you, and again on my gamer machine I do use it myself because I know what to watch out for, I'd strongly suggest keeping vigilant when using MSE on a day to day machine and the occasional scan from Trend Micro's online Housecall wouldn't be a bad idea. Remember that MSE wasn't even an AV originally, it was Giant antispy before being bought and rebranded by MSFT. It still does great against spyware, against browser bugs and drivebys? Not so much, at least from what i have seen.

Reply Parent Score: 4

RE[2]: Hm?
by WereCatf on Tue 5th Jun 2012 05:07 in reply to "RE: Hm?"
WereCatf Member since:
2006-02-15

For example, I bet you've never seen MSE block a website that has malicious code on it have you?


I do admit that the answer is no. But then again, I don't visit such websites anyways.

me neither, in fact on an XP test box I have at the shop i tried sites I knew had drivebys just to see if MSE would raise a fit and it wouldn't.


If that is true then it is indeed quite a big shortcoming, though MSE is designed to go hand-to-hand with IE so most Joe Blows will likely be quite fine. I would try this myself but I'm not aware of any website to try with.

Gonna make a Windows - installation in a VM and try to find some driveby to try with.

Reply Parent Score: 2

RE[2]: Hm?
by n4cer on Tue 5th Jun 2012 13:57 in reply to "RE: Hm?"
n4cer Member since:
2005-07-06


For example, I bet you've never seen MSE block a website that has malicious code on it have you? me neither, in fact on an XP test box I have at the shop i tried sites I knew had drivebys just to see if MSE would raise a fit and it wouldn't. It seems to be great for detecting downloaded bugs, but how many bugs these days come from downloading infected .exe files anyway?



On my work computer (running Windows 7), I've actually had MSSE block malicious javascript from running while I was looking for product info about a customer's Android phone. It also stopped a trojan dropper embedded in (or disguised as) an mp3 file.

Reply Parent Score: 5

RE[2]: Hm?
by WorknMan on Tue 5th Jun 2012 18:14 in reply to "RE: Hm?"
WorknMan Member since:
2005-11-13

ut I have seen browser bugs get past MSE, especially if they had an out of date Java or Flash installed.


Flash (and optionally adblock) should be blocked by default on every browser, and only whitelisted when necessary. And who the hell installs Java anymore? ;)

Reply Parent Score: 1

RE: Hm?
by DrillSgt on Tue 5th Jun 2012 14:13 in reply to "Hm?"
DrillSgt Member since:
2005-12-02

The article is quite light on details, leaving me wondering if these 3rd party AVs must be somehow signed by Microsoft for Windows to 'detect' their presence or will they just use some built-in functionality to alert Windows to their presence?

This is important because if it's the latter then what's stopping malware from doing that same thing? If it's the first then that would obviously be the safer choice, though it creates some extra steps for 3rd-party AV-makers to take.


If it works like it does now, they do not have to be signed by Microsoft, though they are detected. As it works currently, the Windows Security Center will warn you if you have no AV installed, and if you do have an AV installed, it will warn you if it is out of date.

There already is malware that detects certain AV and even disables them so the malware goes undetected. When that happens the AV companies are normally extremely quick to send an update, so most people don't even notice or get infected.

Reply Parent Score: 2

RE: Hm?
by zima on Mon 11th Jun 2012 23:55 in reply to "Hm?"
zima Member since:
2005-07-06

excellent, both in terms of speed (also in the background), non-intrusiveness and actual detection quality

NOD32 is very much like this, too (perhaps even better WRT speed, how "light" it is) ...or at least was half a decade ago, when I decided I don't really need any AV (so, yeah, I can't vouch personally for its detection quality - which supposedly is decent - since it pretty much had nothing to detect with me; I'm running the past few years without any AV, and I'm clean / yes, I do occasionally check HDD, also in "offline" mode - not running the OS instance that's on it). Doesn't seem it changed much. But yeah, not free.

Reply Parent Score: 2