“To mark the first anniversary of Microsoft Security Essentials, the company has released some sobering statistics it has gathered during the past year via the free anti-malware software. According to Microsoft, Security Essentials has been installed on 31 million computers worldwide. Out of that group, 27 million users reported malware infections during the year.”
… were using “MS Security Essentials”?
They were certainly running Windows.
“Hi there – Stuxnet has removed ahmadinejad.sys –
(A)bort (R)etry (C)elebrate”
Edited 2010-09-30 20:52 UTC
I didn’t personally have much luck with MSE. It seemed to handle all the test infections I through at it, but it had an annoying habbit of accessing my disk constantly for minutes at a time and thus slowing down my machine. It would also sometimes ramp up my CPU usage to 80% for no apparent reason and make the CPU fan fire up for a good ten minutes before it settled down again. All of this despite the fact that I had explicitly disabled periodic full system scans and scheduled scans, so in the end I removed it.
You might want to try it again. I too noticed the same about a year ago when I first tried it and switched to Comodo, which I still use on XP and Vista, but for some reason Comodo didn’t seem to play nice with certain windows updates nor the Windows 7 system restore (I use SR to test apps for compatibility).
So I decided to give it another try about a month ago and MSE works great now. Same as you I don’t do auto scanning and MSE has so far been well behaved and stayed out of my way. So you might want to give it another try, they seem to be fixing the older bugs quite quickly and have a pretty solid product now. And of course you can’t beat free!
I have exactly the opposite experience – MSE was the only antivirus I could find that is unnoticable on any system I’ve tried it on.
Started using it on my old laptop that came with XP, core 2 duo. Sold it (was too heavy) and bought a netbook. Never ever noticed any slowdown due to MSE there either. Granted, my netbook is a fairly powerful one (the ASUS 1201N, comes with dual core Atom, Win7 and NVIDIA ION), but I also installed it on my girlfriend’s crappy Acer (the standard Atom 270, 1 Gb Ram, WinXP). She’s very happy with her current setup – after removing all the vendor crap and the horrible MacAffee antivir, performance doubled, better than new she said. Lastly, I have it on my PC without any problems, but no surprise there, I have a quad core that could handle even Norton I guess. Well, I wouldn’t bet too much money on that, but you get the idea…
All in all, I’m really happy with MSE, it stays out of the way, easy to forget you even have it until you plug in an infected pendrive (a word of advice here: you have to enable scanning usb storage, MS for some reason has it disabled by default).
Edited 2010-09-30 22:06 UTC
It was about a month ago that I was trying it out. I was surprised myself how poorly it performed for me, since most people loved it. Maybe I have an obscure driver conflict somewhere, it wouldn’t be the first time. My system is an Athlon-64 3400+ 2.4ghz single-core with 2 gb of ddr-433 ram. Should be more than enough to handle MSE, but I never got it to perform acceptably. Avast on the other hand runs perfectly on it, so I went back to that. I don’t use that machine daily anyway, I don’t put AV software on machines I use regularly. Firefox with noscript/adblock/ghostery and a firewall take care of that, and I don’t pirate software so I’m not worried about anything coming in from that vector.
Sorry, no idea what might cause this, MSE should run completely unnoticable on your hardware…
I agree that you don’t really need an antivirus if you know what you’re doing. I don’t download random shit from the internet either – I have a list of trusted programs for every task I need, use Chrome for browsing, don’t open unknown attachments. Unfortunately, where I live, almost every PC is infected, so whenever I get files on a pendrive, MSE catches something!
Whenever someone asks me to fix their Windows machine, and they insist they want a Windows machine and not just a computer to surf the web, I generally install MSE. Most machines can run it without grinding to a complete halt. MSE seems to be a fairly reasonable effort insofar as it goes, there is nothing to complain about it really in comparison with any other security program. I actually use it and recommend it above other options now.
However, I wonder how long this can continue. As I understand it, anti-malware software scans a machine for malware that has already infected the machine, and it tries to remove that malware … it is more of an attempt to diagnose and cure rather than prevent. Now as I understand it, there is normally an initial scan, an “on-demand” scan and a background scan process going on. This means that when first installed the entire disk is scanned against every virus signature, and then each program is re-scanned whenever it is loaded, and there is also a process that continuously but slowly re-checks the entire disk in the background.
This is not good news for Windows PCs. Every time I install or repair a Windows PC, even though the machines themselves are getting faster I notice their performance is dropping. Windows machines take ages to boot, ages to update, ages to install new software, and there is backgrond disk activity and net activity going on all the time.
I think I know why:
http://www.jonboy60.com/2010/09/26/99-4-percent-of-malware-is-aimed…
http://www.theregister.co.uk/2010/09/13/malware_threat_lanscape/
Apparently there are going to be about two million new pieces of malware for Windows just this year alone. Two million. The rate of new malware has apparently doubled since last year. Doesn’t this mean that in order to keep up to date, two million new virus definitions have to be added to anti-malware databases for just this year alone? Doesn’t every program installed on the disk have to be re-scanned by the background process against these two million new definitions? Aren’t there now an additional two million new patterns to be searched on every on-demand program load?
Oh my. No wonder even new Windows machines are staggering to achieve even modest performance.
Seriously, isn’t it time people started to call this for what it is? This is surely a losing battle if ever there was one.
Four million new malware pieces next year?
Edited 2010-09-30 23:36 UTC
Certainly it’s a losing battle. Windows is embattled right now due to it being the dominant player. If *NIX were to rise to the top someday, I guarantee you that the battle would be just as nasty. These people go after Windows not because it’s inherently less secure (although the defaults are) but because that’s where they’ll hit the most number of users. Most malware these days isn’t even a traditional worm or trojan, but a social engineering effort. Here, click this link in this fake greeting card email… woops, your system is infected but if you give us your credit card number we can remove it, etc. Whichever dominant platform will always have to be fighting a battle against these malware writers, and it will be a losing battle regardless of platform. The only way we’ll win the battle regardless is for people to get a little common sense and not click links in emails they don’t recognize or run files they didn’t download, but common sense seems to be on the decline.
Not only is most malware installed voluntarily but there is still a huge problem with people having older versions of XP installed with updates off.
It’s an easy numbers game for criminals to play, they don’t even have to go poking around for holes.
Agreed. The paradigm needs to change. It should be impossible to install software outside of a software installation manager, which requires even then a locally-entered password for a special-to-purpose account with elevated priveledge.
Clicking “OK” is not enough.
Hmm, as I recall that’s exactly what the iPhone does now isn’t it? We all know just how much we love that…
Repositories won’t solve the problem. Openness won’t solve the problem. Why? Because people don’t care. They’re not going to vet the software, and given how easy it is to add repositories in, say, Ubuntu, the paradigm will simply shift from “click this link” to “want some naked pictures? Just add this repository…” Next thing you know, you’ve got an infected glibc or worse. It’s been verified all right… by the repository owner, who signed it with their gpg key which *you* validated when you added the repository! Do you really think malware writers won’t think of that should this shift ever happen on a broad scale? They won’t need to infect existing repositories. Most users will do anything they’re told if told correctly, so they need only add *new* repositories. Again, social engineering, right out in the open.
So, how do we stop that? Only allow software to be installed from approved repositories? Wait though, isn’t that exactly what we hate about the iPhone and Apple?
Bottom line: No matter what paradigm shift may happen, the malware will not be far behind. Package managers are superior, but they will not end the problem. They’ll shift the delivery mechanism, but they’ll only divert it not stop it.
There’s only one way to stop this: user education. People need to stop treating their computers like magic boxes, get some common sense, and a little basic knowledge. They need to treat computers like tools, you have to know at least a little about how to keep them running well and how not to damage them.
Good try, but no. AFAIK, iPhone applications can be rejected by Apple for reasons other than that they contain malware.
There are thousands of repositories, many of them are binary repositories. Because of the community nature, however, if a bad apple were to show up such as you suggest, the repository and key would quickly be added to a blacklist.
No system is perfect. There was a very isolated case with an IRC server sofwtare that had got “poisonned” on one or two servers recently, because the original authors did not provide any signatures. It was quickly fixed when discovered, and I believe the two dsitributions that picked up the bad software (Gentoo and Arch) have already changed their policy about unsigned source packages.
Once again, it doesn’t require everyone to vet the software. In fact, it only requires one person to find the malware, and it will get fixed for everyone who uses the distribution. Quickly, without much fuss. According to the experiences so far, this is what happens in the real world. It isn’t as though there have been no attacks via repositories, just very, very few successful ones. Maybe a dozen machines, worldwide, at most, in ten years, have ever been compromised via repositories.
Blacklisting.
Whitelisting restricted repositories, shouldn’t be necessary, blacklisting malevolent repositories has been more than enough so far. Actually there haven’t even been any of those, the one instance of malware getting into a repository was through pure slackness by the repository maintainers including unverified source.
That is your contention but it it is not really supported by real-world outcomes with real wrold repositories and real world distributions.
In the real world, this delivery mechanism has been used for over a decade by many distributions for thousands of packages for millions of users, and the instances of malware can still be counted on the fingers of one person’s hands.
Your claim is not at all supported by the actual facts.
All that needs to hapen is to eliminate packages where only the author can know the functionality of the code. Make it so that such packages cannot be installed. Make it so that in order to get any ability to be installed, at least some real world actual end users of the software have to have the ability to know how it works.
That single step would eliminate malware.
After all, people won’t buy or eat rotten fruit if they can tell it is rotten. At the very least, if rotten fruit is inspected and the inspectors could emplace a sign which says “this is rotten fruit” … the amount of rotten fruit eaten would reduce from kilotonnes down to tens of grams.
Why should software be any different?
Edited 2010-10-01 04:52 UTC
Totally agree. A repository just puts several pieces of software together, it does not magically make each of these pieces of software malware-free. Unless of course we only use “trusted” repositories, and looking at the iPhone we know that it does not work that well as far as freedom is concerned. Plus, old-fashioned infiltration techniques still allow one to put malware in the repository.
The major advantage of the repository system is that it gets rid of the horrible installer ecosystem where you have to give admin rights to anything bearing a NSIS or Windows Installer icon. And OSX-like bundles do that just as well.
It would be the best solution, and it’s the sole solution to problems like phishing in fact. After all, that’s why we have driving licenses. On the other hand, that education program should be made as short as possible.
But even a properly educated user can’t face an extreme lack of information.
Consider the following scenario : on Windows, you open an installer-looking program, and give it admin rights through the UAC prompt. It has a perfectly normal installer behavior, except it also silently installs malware in the background. The user won’t know before the malware goes wild.
What went wrong there (apart from use of installers) ? Admin rights. They are a binary system where software either can do nearly anything or can do nothing outside the user directory. So malware and legit installers both require the same admin rights and can’t be distinguished from each other.
The solution to this class of problems is a more fine-grained security model, allowing one to know what untrusted software is up to before agreeing or denying. Such a thing could eliminate a lot of malware by only telling the user to be careful with untrusted software and common social engineering tactics, and a tiny bit about the basic structure of their OS (folder hierarchy and things like that, nothing technical).
Edited 2010-10-01 10:54 UTC
That isn’t a viable solution due to all the existing third party software. I would also rather not see all software go through MS first.
Getting people off XP would make a huge difference. XP isn’t secure enough by default and so many of those old installs are hopelessly infested and need to be reformatted.
Adobe reader needs to be dumped as well. It’s a completely unnecessary security risk.
Unfortunately alternatives suck badly. Foxit’s text rendering is plain terrible, and IIRC even sometimes shares some vulnerabilities with Adobe Reader.
This argument is often put forward, but it ignores a “paradigm shift” that could be possible.
Malware can only exist if it can be hidden. It must be possible to distribute and install software such that the functions the software contains are knowable only to the author. In this way a malevolent author can embed functions which suit his or her nefarious purpose, but which are decidedly not in the interests of the owner of the target machine.
So what is required is a “paradigm shift” towards a situation where only software that can be vetted by anyone and everyone who owns a machine can be installed on a given machine. It doesn’t require everyone to actually vet software, it requires only a small percenatge of people to actually vet software. What needs to be assured is that there are people who did not write the software, who can and have vetted the software, and who use it themselves.
If everyone is able to tie down their machines so that ONLY software which is openly vetted as described above can be installed, then malware can’t exist on such machines. This won’t entirely eliminate malware, as any system can have holes and leaks, but it would reduce the scope of the problem from literally millions down to perhaps tens of pieces of malware that have to be explicitly secured against.
“Here, click this link in this fake greeting card email… woops, your system is infected but if you give us your credit card number we can remove it, etc.” … becomes instead … “Here, click this link in this fake greeting card email… System warning: attempt to install unsigned software has been prevented.”
Windows is a million miles away from such an arrangement. Other systems are much closer to being able to ensure this.
If I may be a little cheeky:
http://www.freesoftwaremagazine.com/files/www.freesoftwaremagazine….
Edited 2010-10-01 02:02 UTC
You’re suggesting that all software be open source.
That isn’t possible due to software economics and some malware would still slip through. It also doesn’t stop the phishing problem.
There is no single solution. Better software and education is the best way forward.
Not quite. I’m suggesting that at the very least all software should be at least one of these:
http://en.wikipedia.org/wiki/Shared_source#Non-Open_Source.2Fnon-Fr…
These are not open source licenses.
Possibly this one should be the absolute minimum:
Microsoft Reference Source License (Ms-RSL)
If only Ms-RSL (which is not open source) were the minimum standard in terms of disclosing source code, then even then there would no malware.
While the situation persists that source code is routinely allowed to be more restricted (less visible) even than Ms-RSL, then there will be malware.
Edited 2010-10-02 07:47 UTC
MSE is only good in XP. Unless you have an 8 GHz 16-core CPU and 32 GB of RAM, don’t bother with it in Vista or 7. You might as well install Norton and you’ll get a less bogged down system. Open a folder with many executables… such as your Downloads folder and it’ll take an eternity for the system to respond while MSE scans those EXEs, even those that have already been scanned and have not changed. Yes, MSE seems to keep track of files that have already been scanned to make accessing them faster, but that track is lost on every reboot… and you know how “rare” reboots are in the Windows world…
Microsoft: How about celebrating the anniversary of MSE by releasing a version that allows decent performance when using your current OS?
… falls off the chair with shock.
I’d say its clear MSE if your not willing to pay money, NOD32 if you are. If your not willing to pay for an AV or Windows life will be grim.
Not if you have Vista or 7 and employ common sense.
Of the friends and family that I help with computers only one has gotten a virus in the past few years and that was after installing a game he had downloaded from a p2p network.
I was more thinking of XP as most pirate Windows still seem to be running XP – I tempted to say if you running Vista life is already grim. However, pirate Windows will not get all the updates and are more prone to malware. Obviously one could always run a Linux BSD etc which is a more intelligent choice for cheapskates and many of the rest of us.
Repositories and maleware – will they save us from pathological stupidity? Obviously not, however, I disagree about them offering no help.
Picture the seen, you’ve had a few beers and you receive an email see Keira Knightly in a thong with the attachment pic.jpg you click and it asks for authorization. It is in fact pic.jpg.pif your PC is infected is that stupid – yes but not in the same league of pathological stupidity as adding
deb http://pr0n.p0rn.com/xxx/freeapps/deb/ girls main
to your sources list which requires both some technical expertise combined with brains out stupidity.
Edited 2010-10-02 07:21 UTC
In the current linux/BSD ecosystem, most tutorials have you typing several LOCs which novice users don’t understand and which return little to no feedback about what you’re actually doing. Despite not understanding them, novice users end up using such tutorials quite often. So this could work just well…
Edited 2010-10-02 07:51 UTC
I’m not sure we disagree much and I fully accept that as Linux becomes more popular some users may need protecting from themselves, However, using the much loved car analogy
i.e. saying yes when the screen greys – maybe like driving to the local store without a seatbelt.
i.e. opening a terminal putting in your sudo password typing a command pasting in the source to the sources file saving and closing – may be like driving 150 miles to see the sunset after drinking fourteen cans of larger whilst chain smoking splifs.
I’m not saying it wont happen we’ve seen it on police camera action, but it is pathological stupidity rather than ordinary stupidity.
Obviously software cannot save you from this level of idiocy
Windows 7 is mostly Vista with a new coat of paint. The major security advantages over XP were developed for Vista and carried into 7.
I agree, Linux is a much better choice than pirated Windows with updates turned off.
I never said they offer no help, I just don’t think they are a silver bullet.
What they are good for is keeping users from Googling for software. A similar effect could be achieved if Windows users were directed towards software archives like Softpedia where it is much harder for malware to get through. The fact that Vista and 7 come with defender is a big improvement since it always provides a basic level of defense.
Alternative systems can definitely play a role in reducing the malware problem, especially by taking high-risk users out of the pool. Countries like India should take a harder stance against piracy and encourage Linux as an alternative. Botnets like Mariposa do serious damage in these countries thanks to all the older XP installs.
Please don’t feed the troll, the guy is called ‘AnythingButVista’, I think that is a subtle hint that you’re dealing with someone who is mentally unstable and irrational.
Something else is wrong with your machine.
I have a mid level laptop with Windows 7 pro and MSE impact is basically un-noticeable.
Great product.
Morglum
Is MSE only for home and non commercial use ? And in a public school or university ?
Anyone can use it – the limitation of MSE has nothing to do with licence and everything to do with how it is designed. It is designed for home, small businesses and so forth because it lacks the enterprise management that comes with Microsofts Forefront.
Personally MSE is the best out of all of them with the icing on the cake being that MSE is free – too bad people put their hatred of Microsoft ahead of honestly reviewing the software as ‘AnythingButVista’ has.
Edited 2010-10-02 07:04 UTC