Windows 8 and 8.1 Forums

MSE low detection rate?

  1. #11

    In my "day job", i test AV software and so far MSE has proven to be very effective...

      My System SpecsSystem Spec

  2. #12

    Posts : 110
    Windows 7 Home Premium x64 / Windows 8.1 Pro x64 Dual Boot

    Quote Originally Posted by DMGrier View Post
    I have been a member on another forum in which use to recommend MSE to everyone and these days they are saying that MSE recently has been suffering from a low detection rate, does anyone know this to be a fact? I currently rely on Windows Defender but I am considering installing Avast! as that seems to be what everyone is recommending these days from what I am seeing on the web.
    MSE's detection rate has always been low. I would not recommend it to anyone. What it does detect it cannot remove, this in turn makes you resort to third party removal tools.

    If you look at the latest antivirus program test scores (not that THAT really means anything because some or most are fixed) you will see that MSE on more of those tests than none is not even listed due to the fact that Microsoft cannot seem to even get it to pass certification.

    To me MSE is a last ditch antivirus, when absolutely nothing else is available and even then I would think you'd be safer without it.

    I speak from personal experience and use of MSE, I can personally tell you about three instances I got caught with my pants down using MSE. Stuff it did not detect at all and just gave it entrance to my system and by the time it did detect anything it was too late and could not even remove it. To me MSE is useless and personally I will never use it again.
      My System SpecsSystem Spec

  3. #13

    I've been using Comodo Internet Security since release, recommend it, and haven't had an "infection" while using it. Here's a link that shows plenty of current tests to compare. MSE has always been proven a weak contender in it's field. Microsoft even recommends using something else instead.
    Last edited by MacG32; 15 Nov 2013 at 13:38. Reason: Comodo Internet Security (CIS) update link
      My System SpecsSystem Spec

  4. #14

    Posts : 328
    Windows 8.1 (x64)

    I disagree about the "always low detection rates".

    First you have to understand from where you hear those "rumors". Mainly I guess from sites testing AVs. Many are in the security business one way or another (noone does it for free), meaning all this malware/virus craze is good for them : they get more traffic and more money from ads, more money from security sponsors, etc... So you have to take all their testing with a grain of salt.

    Now MSIE is very good at what it does : detecting known threats. When testing AVs, the focus is on modified viruses (new ones not directly registered in the av signatures database, but still based on known ones) where 3rd party shine, they use heuristic algorithms based on known signatures to expand them to possible threats. This comes usually at the cost of cpu usage, the more complex the algorithm the "heavier" the program is on resources, and the more fake positives are shown....

    Still the main virus definitions from MSIE is one of the best since MS has so many users who report to base it on. If a new virus shows up in the wild, the first to know will probably be MS. That's why their database is actually used by most AV vendors.

    The main problem is new threats show up exponentially and more and more are totally brand new (meaning the base signatures are useless) so even all those great AVs aren't that good against them. When you have an exponential number of threats turning up every day, a strategy based on blacklisting (basically you try to list all known malware and check it against the user files), is rapidly becoming useless even with heuristics. Now all the big names are turning instead to hips or behavior analysis to try and check if an application displays any malicious activity... But by then the malware/virus is already installed, probably has administrative rights to your system and can basically do you a lot of grief.

    MSIE when launched was actually lauded for its efficiency, and recommended by many. Just google the tests from the time and you'll see many reviews affirming so. In my opinion this actually turned against MS because security products aren't its focus, so they were stepping on their partners toes without real benefit. This might explain this perceived lack of interest of MS in their AV : since it's becoming futile to try and predict new viruses with a regular signature system, MSIE only protects against known ones with very low overhead, and let MacAfee, Norton and others do their business if users want something a bit more proactive.

    But overall if you want protection against malware I think the best solution isn't any 3rd party AV but actually a whitelist based strategy (compared to the blacklist by regular AVs) which is completely doable with built-in windows tools : Software Restriction Policy (Deny All), or Applocker plus Limited User Account, UAC, and integrated sandboxing (Low Integrity Level introduced with vista I think)... When done right this restricts any unknown executable from running, protecting from most current malware. For example if when browsing a site, a virus executes itself (drive-by download), it will be either blocked completely (SRP/Applocker) if the user doesn't approve, or given low rights (Low Integrity Level, User Account/UAC) and won't be able to change your system or install its payload. When you are suspicious of a new program, then before installing you can always calculate its hash and send it to VirusTotal (sigcheck from sysinternals does it automatically if you're lazy) and you get a much better preventive security than any known single AV.

    Here are a few guides on how to implement some good security basics. You can apply most on them even on windows xp, even on home versions but you have to manually edit the registry to implement SRP (I might add a guide if some people want)... :
    mechBgon's guide for first-time PC builders... Best practices for ongoing security
    How to make a disallowed-by-default Software Restriction Policy
    Hardening Windows 7 Guide. Part 1 | Harden Windows 7 for Security

    And if you want a nice read to illustrate why AVs isn't the solution to the malware problem, check The Six Dumbest Ideas in Computer Security, especially Enumerating Badness which is basically the main concept of AV.
    Last edited by oneeyed; 25 Nov 2013 at 09:17.
      My System SpecsSystem Spec

  5. #15

    I prefer MSE because of the light footprint. All other anti virus programs I have tried have used much more of the system resources. I have limited W8/8.1 experience but I have never had a problem with MSE on any of my Win7 machines. I do use SASW and active MBAM. My new LT came with McAfee and I like it so far.
      My System SpecsSystem Spec

  6. #16

    Posts : 529
    Windows 8.1 Pro

    Read this all those articles posted are falls and not the truth, Do I Need to Stop Using Microsoft Security Essentials? ? Ask Leo!
      My System SpecsSystem Spec

Page 2 of 2 FirstFirst 12
MSE low detection rate?
Related Threads
Source: Improving Malware Detection in Firefox
Does Anyone have an idea to turn off the detection of new hardware? I have almost all services turned off and it keep detecting a secondary monitor. I'm using an ELO 3200L with a dual core computer module windows 8.1 Pro with all current updates. I try disabling the secondary monitor and it just...
Read more at: Microsoft fixes bad patch detection | ZDNet
SSD Detection under Windows 8 in Installation & Setup
Greetings! I'm about to do some "cloning" of Windows 8 HDDs to SSDs and have a quick question. WIn7 used some crude method at build time to determine whether the build volume was an SSD or not. Once the build was done, any change in storage family for the OS-based drive (i.e. HDD to SSD...
Help with touch PC detection in Drivers & Hardware
Hey everyone, I've had windows 8 running for a while and all was going great. But one day, I decided to use splashtop too control my PC with my iPad. The problem is, even when splashtop is off, windows seems to think im running a touch pc, even though I have a normal desktop. This has caused...
When I installed Windows 7, there were tons of devices on my Asrock Z77 Extreme4 motherboard that were detected but not identified. Windows 8 detected, identified and installed drivers for all of them except for 1. (In fairness, I have disabled some stuff in the motherboard, like infrared...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook