Microsoft Security Essentials verdict...

[saint]

I've been using only the Microsoft Security Essentials as my anti-malware for the past few months. In that time I've been hit with three virus infections. Two of them were the "you're infected, buy this antivirus program to fix it" virus and one was a nasty bootkit that hijacked Google/Bing/Yahoo search results and would redirect you to various nefarious sites. I don't install many things from the Internet and never from an untrusted site or without a virus scan. I do click links fairly freely from Reddit.com and from images.google.com, and suspect those have been the vector of infection each time. The last one was so nasty I had to use:

A restore to a previous restore point
Malware Bytes
Spybot
HiJack This
Spyware Doctor
Lavasoft AdAware
(and a few others, including of course Microsoft Security Essentials)

all of which found a few minor suspicious things, but it wasn't until I used Hitman that I finally found and got rid of the bootkit. Being a bootkit, it of course re-infected my system each time I rebooted.

Nasty thing, affected all my browsers (Firefox, Chrome, and IE). Took me forever to track down and clean. Still thinking of a format/reload.

Anyway, verdict on Microsoft Security Essentials is close, but no cigar. Not recommended at this time. I will now be using a combination of Malware Bytes (paid), Spybot, and Hitman on my machine.

[J_K_M_A_N]

How do you think it compares to free versions of Avast or AVG? I have been using the Microsoft version for other people because it comes free with Windows 7 and I was thinking it would be a little better than some free versions of anti virus software but maybe not. Any ideas on that comparison? (I use a paid version of Avast myself)

J_K_M_A_N

[newmanfamilyvlogs]

Thanks for the heads up on Hitman. I'll have to look at that one.

[saint]

So the verdict is that the free software works pretty well but not perfectly, so we should pay for a suite of bloatware that combined kinda work?

Meh, take from it what you want. I gave MSE a good run and it didn't meet the need.

[wp34]

Aren't those more malware than viruses?  I don't think MSE covers malware anyway.

[saint]

Aren't those more malware than viruses?  I don't think MSE covers malware anyway.

Meh, I'd consider a bootkit a virus. Dunno.

[newmanfamilyvlogs]

The distinction between a virus, malware, trojans, worms, etc. is getting more and more vague. It seems like there is a growing mixture of both specific and general words to describe these software that the average person isn't going to appreciate the distinction between.

If a program masquerades as an antivirus, is it a trojan? Or does it actually have to provide some real functionality to get that title? Is it just malware otherwise? What if it loaded itself via a simple buffer overflow? Does that make it a virus? How about if it propagates itself on an internal network to other vulnerable machines? Does that make it a worm, too?

Also I havn't seen "bootkit" before, only "rootkit". So there's another one to add to the taxonomy

[SavannahLion]

Hitman is new. Never heard that one recommended by anyone....

[MonMotha]

I'm generally recommending MS Security Essentials to everyone running Windows at this point.  It does overall about as well as any other single antivirus solution might be expected to do in terms of what it seems to catch, and it stays out of the way, has minimal performance cost (at least compared to beasts like Norton or McAfee), and it's free.  I'd still recommend running things like Ad-Aware, Spybot, MalwareBytes, etc. with some regularity, and of course let the "Malicious Software Removal Tool" run monthly as part of Windows Update.

Also, ensure that your browser is patched.  Even IE is decent these days...as long as it's 100% fully up to date, though I'd generally recommend Firefox, Opera, or Chrome for various reasons.  You should not be getting "drive by" installs EVER.  Obviously don't "authorize" any installs or actions unless you know darned well what you're getting and where it's coming from, and don't run executables from seedy places.  Simply visiting a website should not be a problem, though, unless you get hit by a 0-day, which is fairly rare (those are usually saved for more "important" things than installing trojans on Joe Random's PC).

Also, run Win 7 and don't disable UAC.  It's not nearly as annoying as it was in Vista, and it will often catch programs trying to do things they shouldn't.

[newmanfamilyvlogs]

Another easy practice I've been suggesting is to visit Ninite.com and set up a custom installer/updater for all the major offenders (java, flash, firefox, adobe reader, etc) and set it as an autorun every week or so. If there's no update it passes over it harmlessly, otherwise it updates it mostly silently.

[knave]

I've tried most of the popular ones, they all still do about the same, which is protect you mostly. I do add one level of security however...I browse and perform my day to day computing from a user level account and only log in as admin when needed. Without access to the registry the bad stuff can do very little.

[ark_ader]

Granted with your website you need to have tools available to you to do maintenance.

I would suggest using a separate machine with a live distribution of Linux for just Internet use, or something with a temporary profile.

I do not trust anyone with my data anymore.  I am lucky enough to have machines spare that I can use with complete transparency.

No more eggs in one basket scenario for me.  I do use Norton 2012 in my server, but I do not experience any performance issues.

Norton 2010 was a big fat hungry pig though.   

[leapinlew]

I would suggest using a separate machine with a live distribution of Linux for just Internet use, or something with a temporary profile.

Nothing wrong with paranoia, but this might be a bit too much. As much as I hate it, I have to use ActiveX sometimes and some sites don't work right unless using IE.

[Howard_Casto]

AVG is still the best.... it can slow down a punier system, but it's still the best.  It's the best because unlike MSE, it will usually catch rootkits and "your computer is infected" viruses and like MSE it's free. 

Never pay cash money for an anti-virus suite expecting it to be better than the free versions.  None of them are perfect so you should pay as little as possible.

BTW you should NEVER use a combination of resident anti-virus/anti-malware suites...  they will "fight" each other for control of your system and slow everything to a crawl.  Pick one and be done with it. 

[saint]

Actually Hitman is specifically designed to work in conjunction with another AV. Interesting bit of work. Running MSE was a bit of an experiment. If it worked really solidly it would be an easy thing to setup on machines I have some responsibility for but don't want to have to support regularly (friends/family). Unfortunately I can't recommend it at this time. My computer is still acting flaky so I'm going to do a format/reload. Been running Windows 7 on it for about 6 months, it's been rock solid until this.

[hypernova]

Actually Hitman is specifically designed to work in conjunction with another AV. Interesting bit of work. Running MSE was a bit of an experiment. If it worked really solidly it would be an easy thing to setup on machines I have some responsibility for but don't want to have to support regularly (friends/family). Unfortunately I can't recommend it at this time. My computer is still acting flaky so I'm going to do a format/reload. Been running Windows 7 on it for about 6 months, it's been rock solid until this.

I got hit with one of those rootkit/bootkits about a month ago that kept hijacking search results (but it didn't hijack 100% of the time, only about 25-33% of the time).  I did alot of stuff, and fought with it off and on for two days.  I kept getting closer and closer.  I finally got rid of all of it.  Don't ask me how.  I used a half dozen different things.  I was very close to reformatting.  Annoying bastard...

[drventure]

I've used Eset's NOD32 for quite some time now, It's not free, but it's reasonable, and it seems to do a good job catching nasty bits while not dogging my machines down (I do software dev from home, so that's important).

Never had to pave a machine while I've been running it (and it has quarantined a few nasties over time).

[Gray_Area]

I've been using MSE for at least a year, and only just a couple weeks ago got something REALLY scary. I wasn't even visiting a porn site. I was looking at a map, clicked a link, then a blank page with a 'click if the page hasn't loaded' link top-left, which I didn't even have time to click, and then....suddenly my task bar was set to default options....!.....and all my bookmarks disappeared. Turned out almost all my files were 'hidden'. I restarted, and I got a BSOD half-way through boot. I ended up having to re-install. After that, MSE found something called Orsam!rts . Nearly all instances were linked to Wolfmame.

[Howard_Casto]

Oh another thing that I forgot to mention....

Run the 64 bit version of your favorite web browser.  It's lack of functionality is actually a pretty good virus stopper. 

90% of your malware comes from exploits in flash, embedded videos, and javascript that flat out won't load properly on the 64 bit versions. 

[MonMotha]

Oh yeah, disable flash (use an add-on that will selectively allow you to re-enable it if you absolutely must have it - note that Youtube is generally usable with HTML5 video, now), don't install any PDF plugins for your browser (instead open it in a separate window after confirming that you actually want it in the first place), remove the stupid Java plugin that you don't need, etc.

In general, don't let Adobe touch your web browser

I don't have ANY of those installed, and I don't really miss them, especially now that Youtube is usable so I can watch the silly cat videos people insist I absolutely must watch.  No need to run a 64-bit browser (are any other than IE popularly distributed for Windows?), but it doesn't really hurt, and it probably would break some actual browser bug exploits that haven't been specially tweaked for the 64-bit version.

If you could possibly manage to keep all those plug-ins and crap up to date, it might not be a big deal, but many of those vendors are not known for quick response to security problems, and the fact that each and every one of them has some convoluted update process that may or not be partially automatic makes that almost impossible.  Even IE is pretty decent, these days, but the popular plug-ins are awful.  That's probably why Microsoft is apparently trying to get rid of them for Windows 8's Tablet oriented usages.

All the major browsers are pretty good about warning you if you're intentionally initiating an action that could be an infection vector, such as installing plugins, running executables, etc., barring unpatched security issues of course.  Flash, Adobe Reader, Java, etc....not so much.

[TOK]

Also, run Win 7 and don't disable UAC.  It's not nearly as annoying as it was in Vista, and it will often catch programs trying to do things they shouldn't.

This alerted me to a problem I had... Some random string of letters and numbers kept trying to run and UAC asked if I wanted to allow it. Each time I clicked NO, it would change and ask again.

This was some malware type thing that lived in the /Temp file of my user profile (C:/Users/*username*/AppData/Local/Temp). MSE didn't detect it and and couldn't be deleted from within Windows, but I was able to delete it from a command prompt and that eliminated it. Not sure how bad it would have been had I clicked YES when UAC asked.

I'm generally a pretty safe user, I don't really visit many sketchy sites and don't use bit torrent. I'm not really even sure where I picked this thing up from, but it is the first time Security Essentials totally goofed it in the year+ I've been using it.

[saint]

I've been using MSE for at least a year, and only just a couple weeks ago got something REALLY scary. I wasn't even visiting a porn site. I was looking at a map, clicked a link, then a blank page with a 'click if the page hasn't loaded' link top-left, which I didn't even have time to click, and then....suddenly my task bar was set to default options....!.....and all my bookmarks disappeared. Turned out almost all my files were 'hidden'. I restarted, and I got a BSOD half-way through boot. I ended up having to re-install. After that, MSE found something called Orsam!rts . Nearly all instances were linked to Wolfmame.

Forgot to mention, a ton of icons on my desktop were set to hidden also.

[newmanfamilyvlogs]

I've been using MSE for at least a year, and only just a couple weeks ago got something REALLY scary. I wasn't even visiting a porn site. I was looking at a map, clicked a link, then a blank page with a 'click if the page hasn't loaded' link top-left, which I didn't even have time to click, and then....suddenly my task bar was set to default options....!.....and all my bookmarks disappeared. Turned out almost all my files were 'hidden'. I restarted, and I got a BSOD half-way through boot. I ended up having to re-install. After that, MSE found something called Orsam!rts . Nearly all instances were linked to Wolfmame.

Forgot to mention, a ton of icons on my desktop were set to hidden also.

yeah I saw a similar one not too long ago on a co-worker's machine. Set EVERY SINGLE ---smurfing--- FILE on the harddrive to system+hidden.

[leapinlew]

AVG is still the best....

I'm not a fan. I had to abandon AVG after it failed me several times across several systems. Avast seems to be doing a much better job for the particular issue I was having.

[Louis Tully]

.

[Xiaou2]

Install Sandboxie, run the sandboxed web browser.

[Malenko]

rkill, combofix, malwarebytes.

Im a bigger fan of Nuke and Pave but , hey whatever you want.

[leapinlew]

rkill, combofix, malwarebytes.

Im a bigger fan of Nuke and Pave but , hey whatever you want.

Exactly... once a computer is compromised I never 100% trust it.

[Gray_Area]

rkill, combofix, malwarebytes.

Im a bigger fan of Nuke and Pave but , hey whatever you want.

Exactly... once a computer is compromised I never 100% trust it.

Given that some bios's can be updated outside of a dos-like environment, and through the net, I'm surprised there hasn't been a software-hardware cross-over yet.

I've been using MSE for at least a year, and only just a couple weeks ago got something REALLY scary. I wasn't even visiting a porn site. I was looking at a map, clicked a link, then a blank page with a 'click if the page hasn't loaded' link top-left, which I didn't even have time to click, and then....suddenly my task bar was set to default options....!.....and all my bookmarks disappeared. Turned out almost all my files were 'hidden'. I restarted, and I got a BSOD half-way through boot. I ended up having to re-install. After that, MSE found something called Orsam!rts . Nearly all instances were linked to Wolfmame.

Forgot to mention, a ton of icons on my desktop were set to hidden also.

yeah I saw a similar one not too long ago on a co-worker's machine. Set EVERY SINGLE ---smurfing--- FILE on the harddrive to system+hidden.

This isn't that big a deal. It's shocking. And, probably like most everyone else, I went online looking for some global fix procedure or app. Which I did find (this should be obvious to the dos folks) : attrib -s -h *.* -S -D. However, it didn't seem to work quite as advertised.

Of course, Windows already has a feature for this: change the properties in any folder, then Tools>folders options>view, and press 'apply to all folders'. It automatically overlooks system folders. The only thing left was to manually un-hide the Favorites folder.

[newmanfamilyvlogs]

Yeah, utterly trivial to fix, but the shock the desktop, start menu, and then root of C being totally blank was pretty jarring.

[Samstag]

rkill, combofix, malwarebytes.

Im a bigger fan of Nuke and Pave but , hey whatever you want.

Exactly... once a computer is compromised I never 100% trust it.

Given that some bios's can be updated outside of a dos-like environment, and through the net, I'm surprised there hasn't been a software-hardware cross-over yet.

From March 2009:  New BIOS Virus Withstands HDD Wipes

[newmanfamilyvlogs]

rkill, combofix, malwarebytes.

Im a bigger fan of Nuke and Pave but , hey whatever you want.

Exactly... once a computer is compromised I never 100% trust it.

Given that some bios's can be updated outside of a dos-like environment, and through the net, I'm surprised there hasn't been a software-hardware cross-over yet.

From March 2009:  New BIOS Virus Withstands HDD Wipes

I can't wait to see the exploits that come out of this:
http://www.engadget.com/2011/09/19/realvnc-demos-bios-based-server-at-idf-2011-video/

[saint]

For what it's worth, I did nuke it from orbit (format/reload)

[Unstupid]

Along with Security Essentials It's good to have a Microsoft Stand Alone System Sweeper disk/stick handy.  You can boot into it and it'll run on its own and get everything that Security Essentials can't get like boot sector viruses...  Still in Beta but works great!

http://connect.microsoft.com/systemsweeper

[Malenko]

nuke and pave

[hypernova]

Apparently Microsoft had something against Google:

MSE nixes Chrome

[SNAAKE]

I have been using avg for like 2 years and never had any issues. it automatically scans all search engine links and warns me. if I download any suspicious files it blocks them until I manually put the files in "this is ok" list.


and windows7 backup system is about as good as any. it will back up your complete system and you can restore the image on a fresh new hard drive too. you should backup your main boot drive(get another drive for storage) every month. that way you wont have to start from scratch if you ever get any serious virus.

   I don't like when the computer talks to me.