FBI Virus and Microsoft Security Essentials

[Ken's PC Repair]

So last night I was using google pictures for help with a project i'm working on. Clicked on about the 5th image and wham! Good ole FBI Virus. Full screen......inoperable . So I powered off my laptop with the power button.

I turned it back on, obviously expecting the worst. Much to my surprise Microsoft Security Essentials warned me I was infected at start-up and deleted the questionable file . Laptop continued to function properly. (I only use MSSE on this particular laptop because I don't really use it much.)

I knew there was no way it was knocked out that easily so I did my normal removal routine. The odd thing is I found absolutely no traces of it or any other viruses for that matter.

This makes me wonder if there is a weaker version of this going around or if MSSE actually caught it (which seems doubtful). I did notice that it failed to launch my webcam.

Anyone else ever experience this?

 

[katz]

Maybe MSSE has improved.

I have it installed on a laptop that a lot of kids use and I never get infections. I routinely run SAS, MBAM, others, and I very rarely find any traces of anything.

I recently tried to uninstall MSSE, and I can't seem to get it uninstalled - it just won't go away!

After your testimonial, I believe I may keep it!

 

[tim fitzgerald]

I had MSSE catch and remove it also last week. I could not find any trace of it on the laptop. Very pleasantly surprised.

 

[phaZed]

I would just throw in my observation that quite a few of the FBI virus infections I have seen had MSSE installed and it was easily "broken" and disabled.

While there are many techs on this very forum that swear by MSSE, I have not seen such favorable results. The following articles and info seem to fit well with my real-world experience with MSSE (It sucks):

Microsoft Security Essentials Loses AV Certification (11/30/2012)

The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.
According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks -- including viruses, worms, and Trojan horses -- dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that's been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that's still below the 97% average for the industry.

av-comparatives.org has essentially stopped testing MSSE for a few reasons including that it was a non-contender in AV "suites". It received a 1-star rating in the File Detection Tests in October 2012 and was the worst performer in March 2012 in the file detection tests.


My thoughts are: If you haven't been infected while using MSSE, your not going to the right places to test it out. Good luck! We love the extra work here!

 

[DocGreen]

Thanks for that link PhaZed! I've had a few bull-headed people tell me that they wouldn't recommend anything other than MSSE, and that I'm a joke for recommending otherwise. I knew they were idiots, but now I have proof! LOL

 

[BryanLee]

This is a constantly changing thing. Yesterday's poor performers can easily be today's golden boy of anti virus. You just have to stay on top of it as best as you can. I normally recommend that they run something like Malwarebytes Pro (just my preference) and possibly an antivirus software (probably MSSE) if their computer can handle it.

There is no substitute for a little "how to browse" training. People's internet habits are going to be the biggest influence on whether they get infected/reinfected. Sometimes they listen...sometimes they don't. If they listen then I have helped them. If they don't then I get another paying customer.

 

[Disposable_Me]

I get around 7-10 FBI viruses in week to my shop, and MSE catches all of them. So regardless of what any one else says, it does catch those well.

I hope you do your scanning with your infected drive slaved into a clean one though, if you're doing a scan on the same infected computer you can't trust anything it's telling you.

 

[Ken's PC Repair]

I hope you do your scanning with your infected drive slaved into a clean one though, if you're doing a scan on the same infected computer you can't trust anything it's telling you.

I do. I slave them to my bench machine and run offline scanners as step 1. After that I throw them back in the original machine and throw the D7 arsenal at it.

I do not recommend MSSE to my clients. I do install it on machines that have no antivirus when I can't get them on Kaspersky. However, I don't see a lot of infected machines coming in infected that are running MSSE. Most of the infected ones that actually have antivirus software are running AVG and Avast.

Kaspersky, Malwarebytes, and SUPERAntiSpyware are usually pretty easy up sells. Especially when I explain that they are a part of our virus removal process.

 

[Wheelie]

I would just throw in my observation that quite a few of the FBI virus infections I have seen had MSSE installed and it was easily "broken" and disabled.

While there are many techs on this very forum that swear by MSSE, I have not seen such favorable results. The following articles and info seem to fit well with my real-world experience with MSSE (It sucks):

Microsoft Security Essentials Loses AV Certification (11/30/2012)


av-comparatives.org has essentially stopped testing MSSE for a few reasons including that it was a non-contender in AV "suites". It received a 1-star rating in the File Detection Tests in October 2012 and was the worst performer in March 2012 in the file detection tests.


My thoughts are: If you haven't been infected while using MSSE, your not going to the right places to test it out. Good luck! We love the extra work here!

Thanks for providing that link.

I install Avast Free and Malwarebytes Pro for residential customers and MSSE and MWB Pro for businesses. Need to rethink the MSSE strategy for business customers. Thoughts? Suggestions?

And if Microsoft has not confused everyone enough they go and do this: "With Windows 8, Microsoft rebranded Security Essentials as Windows Defender -- which was previously the name of an anti-spyware security feature -- and added new capabilities. The security software is enabled by default for every Windows 8 installation but can be replaced with third-party antivirus software."

That's also good to know.

.

 

[ElementalWindX]

"Interestingly, Security Essentials remains endorsed by Virus Bulletin, which in August 2012 gave the software its VB100 certification, which it says means that the product "can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization," as well as "generate no false positives when scanning an extensive test set of clean samples." AV-Test also found that Security Essentials rated above the industry average when it came to not returning false positives when it did detect malware. "


I wonder how many of these "statistics" are paid to favor.....


I think you people forget that virus makers tailor their virus to target specific anti virus tools to hide from/destroy

 

[Larry Sabo]

Achieving zero false positives is easy--don't detect anything, malicious or otherwise. There you go, 100%!

 

[Xander]

I install Avast Free and Malwarebytes Pro for residential customers and MSSE and MWB Pro for businesses. Need to rethink the MSSE strategy for business customers. Thoughts? Suggestions?

You definitely need to rethink that. Putting a free AV on a business system shows how little the owner thinks of their business. Pushing a free AV tells the client that you don't think you're worth making an income.
A commercial upsell on a business system should be an easy sale.

 

[Ken's PC Repair]

You definitely need to rethink that. Putting a free AV on a business system shows how little the owner thinks of their business. Pushing a free AV tells the client that you don't think you're worth making an income.
A commercial upsell on a business system should be an easy sale.

Very well put. I think I'm going to make a change starting now. I have typically put MSSE on customers computer's when they decline my paid antivirus programs. I considered that I was at least providing them something.

For those that don't buy I think I'll just send it back with nothing, and remind them to install their choice as soon as they get the computer home. (1) I don't want any phone calls because what I installed as a courtesy didn't work. (2) I have my a/v reseller links on my website and bet a majority of them would go there and buy it after the fact. It's a much smaller commission obviously. But it's one I wasn't going to get anyway!

 

[YeOldeStonecat]

So last night I was using google pictures for help with a project i'm working on. Clicked on about the 5th image and wham! Good ole FBI Virus. Full screen......inoperable . So I powered off my laptop with the power button.

I turned it back on, obviously expecting the worst. Much to my surprise Microsoft Security Essentials warned me I was infected at start-up and deleted the questionable file . Laptop continued to function properly. (I only use MSSE on this particular laptop because I don't really use it much.)

I knew there was no way it was knocked out that easily so I did my normal removal routine. The odd thing is I found absolutely no traces of it or any other viruses for that matter.

This makes me wonder if there is a weaker version of this going around or if MSSE actually caught it (which seems doubtful). I did notice that it failed to launch my webcam.

Anyone else ever experience this?

I've seen similar catching and cleaning success recently with MSE.
In several cases the other day we had some infected rigs that we were scanning the HDDs in our bench rig, after MWB and Eset...I ran MSE and it bagged things that MWB and Eset both missed.

Sometimes it's up, sometimes it's not. Seems to be on an upswing again lately though.

I'm a fan of AV-Comparatives..it's the only AV test site I like. I know MSE had been doing less than great recently...but lets look at something here...all the AVs are within 10% of each other...actually more like 6%. The differences between the top scoring ones...and last place...really are small.

We have Kaspersky and Eset and N-Ables EPS (based on Panda) at lots of our clients...and we see malware slip past them.

I've got tons of friends 'n family that I try to avoid doing free computer work for...and after replacing their freebies like AVG and other typical OEM AV products on their rigs with MSE...my calls for rescue dropped greatly. And I continue to use it on all my families home rigs even though I can install Eset or Kaz or EPS or others for free with my NFR licensing.

I don't care what brand AV you run....if your web players are out of date, or you run a Windows based browser other than Chrome...chances are high if you stumble across a poisoned site or <whatever>....the malware that exploits the outdated web players can slip past whatever AV you have. That's why layering your security approach is so important. *Keep those web players updated *Use a safe DNS forwarder *Use an updated browser *Keep browser toolbars 'n add ons to a minimum. *Microsoft updates

I've been mentioning N-Ables EPS (based on Panda) a few times here...people tend to "poo poo" that product...yet lets look at AV-Comparatives recent October test....yup, Panda shared the top award with Kaspersky and BitDefender...and who shared last place? AVG and yes Avast.

 

[othersteve]

I don't care what brand AV you run....if your web players are out of date, or you run a Windows based browser other than Chrome...chances are high if you stumble across a poisoned site or <whatever>....the malware that exploits the outdated web players can slip past whatever AV you have. That's why layering your security approach is so important. *Keep those web players updated *Use a safe DNS forwarder *Use an updated browser *Keep browser toolbars 'n add ons to a minimum. *Microsoft updates

This is by and large precisely how I view consumer security these days, and even that of most small businesses. I find that with this approach and regular check-ups, I very rarely encounter disinfection calls amongst my clients. It's amazing really, and actually quite bad for business, as I have to then convince them to have the machine seen even though it doesn't seem to have anything apparently wrong with it.

 

[ElementalWindX]

Very well put. I think I'm going to make a change starting now. I have typically put MSSE on customers computer's when they decline my paid antivirus programs. I considered that I was at least providing them something.

For those that don't buy I think I'll just send it back with nothing, and remind them to install their choice as soon as they get the computer home. (1) I don't want any phone calls because what I installed as a courtesy didn't work. (2) I have my a/v reseller links on my website and bet a majority of them would go there and buy it after the fact. It's a much smaller commission obviously. But it's one I wasn't going to get anyway!

lol I push paid av on businesses with more than the MSSE limit allows. The only reason I see to use paid AV is the centralized management tools they provide.

Otherwise MSSE all the way. It works for me and my clients.

 

[ElementalWindX]

I've seen similar catching and cleaning success recently with MSE.
In several cases the other day we had some infected rigs that we were scanning the HDDs in our bench rig, after MWB and Eset...I ran MSE and it bagged things that MWB and Eset both missed.

Sometimes it's up, sometimes it's not. Seems to be on an upswing again lately though.

x2. Paid or not. It's like people assume cause you pay for something, it's better.