A little over two weeks ago, Microsoft released Microsoft Security Essentials, a security software suite protecting users of Windows against malware and viruses. The company has released data about the number of downloads and fixed infections, and the results are encouraging.
In the first week of MSE’s availability (September 29 to October 6), the program was downloaded1.5 million times (after week two, 2.6 million times). In its first week, MSE made almost four million detections on a total of 535752 unique machines, so it seems like it is doing its job.
Over half of the detections were made on Windows XP machines, and just under a third were made on Vista machines. The remainder detections were probably on Windows 7 machines. Another interesting tidbit: the most popular Windows version among MSE downloaders is Windows 7, and one third of these Windows 7 installation is 64bit. The 64bit version of Windows (since XP) has additional security measures such as Kernel Patch Protection.
All this data comes from Microsoft’s SkyNet SpyNet, which collects information about malware to improve future detection measures. “Providing high quality detection capabilities requires that we collect information regarding malware when detected so that we can properly react to deliver the level of PC protection we are promising to customers,” a Microsoft spokesperson explained, “Users can change the membership level at any time from basic to advance and back however to continue using Microsoft Security Essentials, they need to remain a member of this online community. More information about Microsoft Security Essentials collection and use of information can be found in our privacy statement.”
It seems like the tool is doing its job. Due to antritrust worries, MSE can sadly not be included by default in Windows, despite the fact that it is by far the least obtrusive and invasive antivirus tool out there. The entire install package – not a downloader, but the entire package – is only 7MB, and takes up little to no system resources while doing its thing.
Everybody would be better off if MSE had been a default part of Windows 7. Oh well, I guess the financial prospects of companies like McEpic and Failtec McAfee and Symantec are more important than users’ security.
…if Microsoft can create a package that small which uses that few resources why can’t the others? A skeptic may think that Microsoft is somehow holding back information that would allow these companies to create something as small that uses as few resources. Of course we can discount that because it wouldn’t be in the best interests of Windows security to do that would it?
It’s Microsoft’s OS, that’s why. They had better be able to create the best, most accurate AV out there because they have the access to all the source. They can drill down to the lowest common denominator using programming calls, and functions that are hidden from the rest of the world.
Personally, I want MS to succeed at this. It’s their holes, they should be the ones to fix them.
Let’s hope OEMs ship this stuff. For all I care, Microsoft hands out big sacks of money to Dell, HP, etc. to ship MSE by default.
Edited 2009-10-17 14:00 UTC
You are aware that those crapware scanner Dell et al ship atm do make them real money .. not the imaginary kind you are talking about.
It may not be in the customers interest, but we have to face reality here.
That could mean the end of botnets and distributed spam delivering.
As far as I know (from talking with people who work on MSE several years ago), it’s one of the few AV systems that does not use non-public APIs or unsupported hooking.
Most Microsoft software that ships outside of Windows does not use internal Windows APIs. There are tools that are run during the build process which enforce this restriction.
“They can drill down to the lowest common denominator using programming calls, and functions that are hidden from the rest of the world.”
That’s sort of exactly what he was saying was the problem.
And my point was basically, “Yeah, so?” How is that a problem? I would expect them to release enough information for devs to code apps to work efficiently with the OS, and that’s it. Maybe the AV companies get a little more, due to what they’re end goal is, but at the end of the day, MS is protecting their investment.
If you compare other antivirus tools, you’ll see that they seem to compete on who’s got the most advanced and glowing user interface. Instead of using the windows standard widgets and theming, they use whatever crappy toolkits they see fit. But even 7MB is a lot for an antivirus. I assume the antivirus Microsoft ships doesn’t include all but the newest definitions and the rest is downloaded from internet.
I’m still not convinced an antivirus solves any problem. If you use a good browser filter and you don’t download shit from e.g. crackz.ru, the chances you’ll get infected are very narrow. After all, isn’t current Windows iteration supposed to be the most secure OS ever made, as marketed by Microsoft? Why would you need an antivirus?
Try going to NY Times a few weeks ago and you would have got yourself some good old Fake AV.
So, for one you don’t need to download stuff from crack site to get infected. As for web filters? It just one layer of defense. Why not add another?
As for antivirus software, most of the better ones do include heuristics and behaviorial detection these days (Not sure if MSE does). If some software start writing weird things to the registry startup, add new hidden folders to the recycle bin, those will get flagged up on stopped outright.
Which is why I don’t download software from ad banners on any website. If I want to try an antivirus software, I type the address of its software company. Heck, even if a website ask me to install an update to Flash, I download it directly from Adobe’s website, not from some popup message on a third-party website.
Or maybe the others are just peddling bloatware full of crap?
Well anything that protects users and reduces the amount of Malware is a good thing, but I wonder how good MSE is certainly I will be continuing to use NOD32 when using Windows.
Also we will still have that great mass of reserve infection in pirate copies of XP that are ubiquitous in the developing world not including all the XP boxes not connected to the Internet.
It runs as another program MsMpEng, in the background. Just make sure to check “show processes from all users”. In reality is uses around 40 MB of RAM when it is inactive. It still does seem lighter than most AV programs. Whether it works well in the long run, we will see. It has been known to flag ok sofware as malware. (I had seen it do that with quicktime (I know, maybe it was being proactive)
Am I the only one who wonders what other data Microsoft is copying from their customers since in order to know how many “unique” PCs and infections that are opening a backdoor???
Option 1:
Do not download MSE. Stick to McAfee and Symantec if that’s your preference.
Option 2, if option 1 failed:
Start > Control Panel > Uninstall program > uninstall MSE.
Personally, I turned on the ‘advanced’ membership option to SpyNet, which sends more information about malware and viruses to SpyNet so it may help others. Of course, I’ve never had an actual virus, and I haven’t seen malware or spyware on my machine in 4 years, but still.
Edited 2009-10-17 15:59 UTC
ugh. Personally, I think McAfee and Symantec AV suits should be labeled as malware. Horrible, horrible, horrible software.
Remember: The more question marks, the lower IQ.
I’m just kidding. No hard feelings.
Seriously though, they have a privacy statement like anyone else. You can always just opt not to use the software…
As the article states, the data is gathered via “SpyNet”.
When one installs MSE, the user is given the option to join SpyNet (the option is unchecked, by default), which allows MSE to send information regarding detected malware to SpyNet (i.e. Microsoft).
Here’s the privacy statement:
http://www.microsoft.com/security_essentials/privacy.aspx
Edited 2009-10-17 17:24 UTC
The statement talks about it as a “voluntary community”. Then says that you have to remain a member once opted in to continue to run MSE, and that’s kind of OK.
But then later on:
“Running Microsoft Security Essentials requires you to be a member of Microsoft SpyNet.”
Umm.. what?
You voluntarily install MSE, therefore it is voluntary…
I see that, but I was reacting to MollyC’s observation that there is a checkbox in the installer which supposedly lets you NOT become a SpyNet member. It is plain misleading, at least based on quoted sentence of the privacy statement.
Because when Windows Update runs each month, it runs the MSR (Malicious Software Removal) applet that searches for and cleans out malware in the most obvious places (i.e. a quick scan, not a full blown scan), and that sends statistics to Microsoft, even without the user joining SpyNet.
Really, it’s only the privacy policy that prevents any software from reading data and sending it to the developer of that software over the internet (uless a firewall is disallowing it).
The question is, “Do you trust any outside entity with th privacy of Your data?”
The question is: Do you trust your Programmer/Packager/Distributor chain?
You have to be able to trust EVERY person who has power to potentially install a backdoor in your system.
Linux distros have central repositories, here I have to make up my mind once if I trust the people behind this repository, and then I can use the whole lot of software residing within.
On Windows you install software from many different places, and every once in a while you get a malware package instead of decent software. That seems to be one of the many reasons why Windows is much more malware plagued than Linux. Other reasons are market share, stronger administrator separation in Linux and centralized, faster security updates (updates peripheral software too, not just the core system).
It is actually a little easier than this. Because each Linux distribution has a repository system for software, and all of the various servers for that distribution mirror the exact same packages then you can work out from daily traffic statistics roughly how many people download their software from that set of packages. You can then find out how many people have ever complained even once of some malware being present in such a package delivered from said repositories.
I think you may find that the first number is surprisingly large, and the second number is zero. No malware ever delivered to an end users machine via the repositories. Impeccable record.
Then, from there, it is relatively easy to evaluate if this software distribution system is worthy of your trust, compared to the situation with Windows.
but it didn’t surive long.
In other words: It’s crap and I got rid of it.
The best thing is still to configure your system to be secure. If you get a malware installed it’s to late for a virus scan from the infected system anyway.
If really want to scan a file for some reason I use these online scanners which use about 20 scanners, so I can be pretty sure, if it contains a known virus.
Sp there are two big reasons for not using a virus/malware scanner:
If your system is infected you can’t trust a virus scanner.
The virus scanners (mostly) find known viruses.
About once a year I scan my system, while it is not booted and with various scanners and I never found something. Even with heuristics, etc. turned on.
What data do you have to support this statement?
I suppose he actually tried it and didn’t find it worked as expected. Why do you need to collect data? Why does anyone here need to support own opinions based on real life experiences? You talk like a machine.
This is exactly my point. Make a blanket statement with no supporting information. Maybe others would find it useful to know why the OP thinks it is “crap”. Otherwise he’s just ranting… and that is not interesting.
For what it’s worth, the OP sounds like he is of the opinion that only those who don’t know better get their machines infected with malware. Unfortunately, there are millions of PC users that don’t have the desire or the need to learn about securing their machines. For this class of users, I’m glad to see Microsoft has provided a solution that just works and doesn’t bother the user with needless pop-ups and etc.
I suppose he actually tried it and didn’t find it worked as expected. Why do you need to collect data? Why does anyone here need to support own opinions based on real life experiences? You talk like a machine. [/q]
Well, thanks. You are right partially.
But I could have added a bit more information.
To make it clear: My statement is not based on anything technical. It’s just that I don’t see any reason for this scanner. The only effect it could have is to shrink the market share of other companies. A lot of people will use it simply because it is made by Microsoft.
It’s not faster, not better integrated, has no better detection ratio or anything else. I don’t know any reason to prefer it over any other scanner.
I downloaded it mainly because I hoped it is better integrated/makes better use of what Windows provides. It doesn’t. If you really want a good scanner, I would recommend one from a company having more experience in this business.
Well, maybe crap was too harsh. I mean, you can use it, but don’t expect anything from it. There are other free scanners out there and I think most of them would better fit for most people.
On it’s own it’s okay, but compared to other scanners it’s at least at slower.
Oh, I haven’t read the EULA. Maybe it could be an other reason for not using it.
Sorry, I simply hoped for something better. So maybe ignore what I said.
Someone asked a question in a comment on the last article about MSE on OSAlert. That question was, on what did people base their decision that MSE was good.
I’ll tell you. It’s 7MB. I install it. It runs. It’s sitting there in my tray and protecting me. It doesn’t bother me about anything. I downloaded eicar to test, and the process to clean was practicle and simple.
And I have access to free virus scan (employee of DoD) and I would not install any of that filth on my system. They are more obnoxious than some of the viruses.
All I ever used was clamwin, which does not have an always on scanner. I’ve used MSE for two weeks, and it has not pestered me once; and surely it is protecting my two computers better than the nothing I had running in the background before.
I even managed to convince my wife to let me install it on her computer as well; she’s more hostile to the spamming, obnoxious, bloated, and idiotic AV programs out there today than I am. Cheers to Microsoft for creating a simple program with some sense. Your computer should not be about catering to your f–king AV program.
Edited 2009-10-17 17:30 UTC
On my systems at home and in the office. I have also been testing it on infected systems that come into the shop. (We are a small repair shop.) I like it so far, but I have run across the following issues:
It seems that you must run as administrator to receive program updates, at least on XP. I’m not sure about definition updates. This is a step backwards from other AV programs. I can’t see why the service responsible for the updates can’t run at a higher privilege level than the logged in user and perform the update.
I also have seen a few instances where MSMPENG.exe decides to take 100% of the CPU. This was only on a small minority of machines, mostly older boxes.
Other than these two issues, I absolutely love it.
Not true. That means exactly nothing. Throwing numbers around in a case like this proves exactly nothing. Unless you have the real number of infections and threats. The number of detections means exactly just that: the number of detections. There’s no way of knowing whether those machine got infected another four million times over which were not detected. A number of detections in itself doesn’t prove of disprove the goodness of MSE.
That said, I don’t know or care how good or bad MSE is. Still, those numbers are not enough to prove anything.
Not proven is not the same as not true.
…and ironically, on a 64-bit version of Windows 7.
Antitrust or not, MSE is something that NEEDS to be in Windows from the start. Something security-related like this, IMO, shouldn’t be disallowed by the government… especially when Microsoft pretty much put it out to protect their own OS that was flawed to begin with.
MSE will likely be one of the first things I tell people I know to install from now on, up there with SpywareBlaster and an alternate browser. I have gone the past decade probably without anti-virus, simply because they all pretty much sucked… this one’s actually quite usable, doesn’t seem to try to tangle itself up in the OS to make itself impossible to remove, and doesn’t constantly warn about nothing while sucking up resources and making the whole machine unstable.
Probably the best thing is that it’s also released for Windows XP… finally… I’ve gone years (pretty much XP’s entire shelf life and beyond) without a good, free anti-virus program to recommend to people.
Edited 2009-10-17 18:59 UTC
I used to recommend the free version of AVG without reservation, but that whole stupid debacle over their “link scanner” left a sour taste (not to mention the increasing tendency of avgsrx.exe to jump to 100% of the CPU).
For probably the past decade, I’ve protected my computer from malware by making wise decisions on what software I download and install. This has kept me clean. The only infection I’ve had was a worm a few years back when I stopped using and disconnected my wireless switch and had forgotten to activate XP’s firewall.
It’s always been my opinion that most AV software was so intrusive that it reduced usability to the point where using the computer was a chore.
Remember in “Demolition Man”, when Stallone’s character wrecks the car and it’s instantly filled with that cool crash foam? AV software is like that stuff, only it’s deployed from the moment the car is started. It kinda makes driving difficult.
My only complaint is a false positive on my Mom’s computer that was picked up on her digital picture frame. Oh well. I can teach her to deal with that if it pops up again.
I can’t testify to effectiveness of it’s protection, but it’s usability is vastly improved over all other AVs that I’ve tried.
If Microsoft can Gather those kinds of statistics from your PC, How much more personal “data” can they “gather” form your PC at will?
Probably as much as they want, from the currently running user account. Just as Apple can gather as much as they want when OS X’s System Update runs. Just as Google can gather as much info as they want when their updates run. Just as McAfee, Symantex, Sonic, Roxio, Sun, etc, can gather any info they like when their updates run. They can read any data in the currently running user account.
But they all have privacy policies, explicitly stated.
Caveat: If the update software is running at a low user level (like IE7+ on Vista+), then that software can’t access user files, in which case, it couldn’t gather any private data. I doubt most update software does that, however. Someone correct me if I am in error.
Which is extremely unsettling to me for use of any closed source OS or App. I do not know to what extreme that Microsoft or Apple has, would, or are capable of delving into your private files, pictures, bank info, or Identity. Most users have Admin or Superuser rights. Antivirus Programs are so low level, that They have the ability to be in all intents and purposes, Spyware whether for government or for the parent company to sell your personal information.
I’m so glad that I don’t run Windows, and I therefore don’t have to get involved in any of this stuff.
No anti-virus, no need for background scanners, no performance losses, no spyware, no fretting about firewall effectiveness, no need to clean the registry, no complicated removal procedures to have to follow, no need to wonder about the trustworthiness of downloaded software packages, in fact …
No malware at all. One simple policy to follow: only install stuff via the package manager.
I suspect that you’d be no more virus-ridden on Windows. I’m sure that you’d have no trouble keeping a machine equally clean on Vista or Win7 without the need for antivirus, Defender or anything else.
On behalf of other people, I’ve had to restore any number of computers to a useable state over some years now. I’ve fixed many different types of software and hardware problems.
The only consistent factor is that if it is a case of software that used to work fine, and doesn’t work or is horribly slow now, yet the hardware is working the same as it has always has, then the software system that has got screwed up is Windows.
Windows every time. Something different every time, but always Windows. I’m a bit sick of it, frankly. I wish people would use something better.
Edited 2009-10-19 10:08 UTC
My experience is the same. But lies 7 years in the past.
Had windows machines crashing on me, and I also had 2 Linux machines crashing on me, one of them brand new.
It turned out, with Windows it happened much more often, and >90% of the issues have been software related. With Linux, both crashing machines have been hardware faults (one memory/CPU and one graphic chip failure).
I am amazed, that you seem to have similar experiences with current windows systems, as the song on the street sings of the “great stability” windows now is supposed to have.
Make them standard users, and the “problem” is a non-problem.
Microsoft Security Essentials suffers from the same irritating issue as Trend Micro and AVG. They all start with decent performance so you say “Hmm, this isn’t as bad as Norton. I can keep it.” As days go on and definition updates keep piling up, performance goes down the drain. All of a sudden, it’s a nightmare to boot into Windows, which it’s already slow and painful in Vista. Opening a folder with many programs, like your Download folder is enough to make you want to hurl your computer out the window, and you end up thinking that you’d be better off with the viruses than with such a performance-hogging antivirus.
To me, viruses aren’t the biggest problem with Windows, though admitedly I don’t engage in high-risk activities. The worst part about using Windows is using performance-draining security software. Whether it’s a slow-out-of-box software like Norton or McAfee, or one that starts decent and gets just as bad with time, like Trend Micro, AVG, NOD32 or MS Security Essentials, it’s the use of such software the one that makes using Windows miserable.
Hear hear.
As the number of files on a Windows box increases (as one installs more applications), and also as the size of the anti-malware database increases, then the time required to scan increases as the product of these two (more files to scan, more patterns to check against).
Ouch.
What is required is a way for end users to be assured that the packages they are downloading contain no malware or spyware BEFORE they get on to the end users systems. This will continue to be impossible for Windows systems while it remains the case that the only parties who know exactly what is in any given package are one and the same as those who wrote the package in question.
Edited 2009-10-19 00:26 UTC
And how is that being provided for the other systems?
Centralized repositories. Every package is cryptographically signed, and as the people behind the additional packages are the same as those behind the operating system, IF they would have wanted to screw you, they would already do it at installation of the base system. As they didn’t do it then, it can be assumed they are trustworthy.
Not only is every package cryptographically signed by the people who put together the original system, but there are over 1.5 million open source developers (who did NOT write the code but who want to use the code) who are able to see, download and compile the source code, and confirm for themselves (these are developers we are talking about, remember) that the source code matches the cryptographically signed package, and that the source code contains no malware.
This is how the system has achieved its impeccable record.
Edited 2009-10-19 13:33 UTC
it shows you how many virus we now are bombarded by.
an average of more or less 8 virus per user were detected.
yet, despite these numbers, how many people are running systems without av or appropriate security?
after all these years, still people don’t seem to learn
It’s probably more like, “of the computers that have more than one virus, the average count is eight.” Malware often likes to bring friends along for the ride.
I seriously doubt the average computer user has 8 viruses on their machine (but I have no data on hand to back up my assertion).
If I encounter a compromised computer, which the owner describes as “it has become very slow” … then in my experience the number of detected viruses often is more than twenty, and is sometimes fifty or more.
Some of the newer ones are all but impossible to remove. I generally save all the user data files, wipe the disk and re-install the OS, then re-install all the applications. It’s a lot quicker that way than trying to find cures for twenty or so nasty and persistent viruses.
Edited 2009-10-19 10:05 UTC