I got a virus Sunday?

Wow! I'm very surprised to here that you guys got infected still with sandboxie on your computers. Is this the Free Version or the Paid Version? And when you configured it, did you just use the defaults.
I use the same exact setup as @LAN101 mentions in his comment. Its bullet proof for me and I have never been infected and stays clean. But I do use the Paid version and I have it configured beyond the defaults; which could be the reason. I don't run a Anti-Virus or Anti-Spyware programs realtime. But I do scan from time to time with a Anti-Virus and Anti-Spyware Software and they always come up clean.
 
As for the "Dynamics Test" being "The Most Important", I would have to disagree. The Dynamics test does not test "Detection Rates" per say, it tests the effectiveness of the AV product essentially during web browsing (URL blocking and such). Testing is also performed as such... by visiting malicious domains. This is but ONE attack vector, and is in no way a comprehensive test. The test also does not provide "Detection Rates" but rather, "Protection Rates". The reason MSE isn't included in these tests is because MSE doesn't provide ANY additional protection beyond the heuristics and known-nasty lists. Therefor, it can't be tested!.

I'll remain of the angle that the Dynamics test method is more relevant. Lets look at the percentage of infected computers coming across our service benches at the shop, shall we? Mostly rogues/fake alerts...that come in via browsing and web players. This is the primary goal of the dynamics test...it is the reason AV-C came up with this test a couple of years ago. And MSE was tested back then when it came out, and will be added again.

The test also does not provide "Detection Rates" but rather, "Protection Rates". The reason MSE isn't included in these tests is because MSE doesn't provide ANY additional protection beyond the heuristics and known-nasty lists. Therefor, it can't be tested!.

You just disqualified yourself from any further discussion from me as it would be a waste of my time when you post such gibberish and unfounded nonsense. Here's an old list of features that were introduced in version 2...I'll post it...doubt you'll grasp it but I'll take 3 seconds of my time to post it..but it does clearly state such additional features such as inspection of network traffic, integration with internet explorer with features including script blocking,
http://www.thewindowsclub.com/what’s-new-in-microsoft-security-essentials-2-0
 
OK, I'll bite.. even though you have "disqualified" me from yourself. I'm only trying to help here. If there is an error in my logic I will gladly apologize and adjust my views on the subject. I am for finding facts, and that's all.

I hardly think that my previous post with in-depth research and links debunking your previous claims warrants such a rude response(and offers no rebuttal I might add). Look, I'm willing to accept MSE if/when it ever evolves into a viable security option. I am not loyal to ANY AV programs... as you seem to be loyal to MSE. Fine. So be it.

You said in your one of your previous posts:

Me shakes me head when I see AV-Comparatives mid-read...or mis-understood.

I think you should apply the head shaking to yourself, and not be so hasty. Proof in point below...

I'll remain of the angle that the Dynamics test method is more relevant. Lets look at the percentage of infected computers coming across our service benches at the shop, shall we? Mostly rogues/fake alerts...that come in via browsing and web players. This is the primary goal of the dynamics test...it is the reason AV-C came up with this test a couple of years ago. And MSE was tested back then when it came out, and will be added again.

OK, you go ahead and remain at that angle even though AV-Comparatives makes no such claim, and quite to the contrary of your view. Fine. Who is mis-reading/misunderstanding again?

MSE was tested back "then" which happens to be 2009!!!! The reason MSE was included was because it was able to throw up a "Are you sure you want to..." dialogue box in IE... but who cares about that now? Most attack vectors don't throw that flag up anyway, and if it does it is left to the USER to decide to run or cancel. There is no guiding info on these dialogues to make an educated decision as to what to do either. No thanks.

The reason MSE hasn't been included again for the past 3 tests(present) is because most of the other AV's provide URL blocking, web filtering, behavior blocking, instant messaging filters, etc. and MSE still does not, therefor it DOES NOT MEET the minimum requirements for the test.

In AV-Test.org’s 2010 Real-World Test of MSE could not achieve the minimum score to obtain certification, while vendors with alternative free antivirus products did. MSE was ranked as one of the worst three products.



You just disqualified yourself from any further discussion from me as it would be a waste of my time when you post such gibberish and unfounded nonsense. Here's an old list of features that were introduced in version 2...I'll post it...doubt you'll grasp it but I'll take 3 seconds of my time to post it..but it does clearly state such additional features such as inspection of network traffic, integration with internet explorer with features including script blocking,
http://www.thewindowsclub.com/what’s-new-in-microsoft-security-essentials-2-0

Uh, really? What a cheap shot that is. Did you even read the page you linked to? Do you understand that none of the "features" deal directly with "Web Browsing" security per say?

So let's look at that OLD post on thewindowsclub.com:
1. Firewall Integration - Can detect that Windows Firewall is disabled, and you can enable again from MSE.
Well whoopty doo! Windows already notified you of this problem before MSE, so who cares? Also, I get systems in routinely with MSE that are infected and the firewall will simply NOT engage as it has been disabled from the registry/files/etc by the malware/virus.


2. Enhanced protection for web-based threats. Microsoft Security Essentials now integrates itself with Internet Explorer to provide protection against web-based threats.
Like I already went over before, IE throws up a "Are you sure" dialogue. It should be noted that MSE DOES NOT integrate itself with any other browsers such as Firefox, Chrome, Opera, or Safari. Not to mention, if your customers don't use IE in the first place they would have a lot less risk.


3. Network Inspection System. This feature of MSE enhances real-time protection by inspecting network traffic to help proactively block exploitation of known network-based vulnerabilities.
This is for your LOCAL NETWORK to protect against worms like Conficker. This applies to one LOCAL machine attacking another LOCAL machine.


4. New and improved protection engine. The updated MSE engine includes a Heuristic Scanning Engine and offers enhanced detection and cleanup capabilities along with better performance.
Not really a feature... it's kind of what you expect from an AV program, correct? Oh, and.. regarding the MSE Heuristic Scanning Engine per AV-Comparatives - an abysmal 92.3% like I stated in my previous post.


So, that link you provided doesn't say diddly squat about "Web Browsing" security such as URL blocking, web filtering, behavior blocking, instant messaging filters, etc. such as is required by the AV-Comparative.org's Full Dynamic Tests.

But wait, instead of linking to an old post on thewindowsclub.com let's take a look at Microsoft's site and their newest version here:
http://windows.microsoft.com/en-US/...ty-essentials/product-information?T1=features

Yep, it's still the same feature set; hasn't evolved. Oops, I do see it has Rootkit protection now! Yippee! Little late to the party, wouldn't you say?


I'll take my apology now. While your at it, YOU can stop spewing "gibberish and unfounded nonsense" from old sites, look up the source of MSE, and quote the newest stuff that STILL DOESN'T have or do what you claim.


Or, if you still don't like the fact your darling MSE feature set isn't there you can google:

"MSE url blocking" - Nope, can't seem to find it.
"MSE web filtering" - Nope, doesn't have it and many of the results are people complaining about MSE NOT having it.
"MSE behavior blocking" - Again, not there.

Gee, do you know something the rest of the world doesn't? You see? This is the reason MSE isn't included in the AV tests. Here's an idea, don't defend the AV product that isn't even tested.


Microsoft should leverage more manpower towards fixing security vulnerabilities in their OS instead of making a half-assed AV product to protect the security vulnerabilities!


Let me tell you a bit about myself. I am somewhat of a Whitehat (hacker) myself and am well versed in how to use Metasploit, deliver payloads and exploit security vulnerabilities. I can crack WEP in minutes, and under the right circumstances, WPA too (Takes much longer). Your fighting an uphill battle with a person who has fun infecting machines in the lab and has formal education to do so. MSE IS NOT secure, is not effective, and is easily bypassed. I have done it myself, have you? On the contrary, other AV products are much harder, if not impossible unless using a Zero Day attack which I don't have access to.

On my desk, I get LOADS of MSE infected computers right along with Norton and McAfee. They are the big three that I always see infected here. Why is that do you think?

I'll tell you what, at my shop MSE will be removed when found and a real AV product will be installed in it's place based on current testing and analysis. You do whatever "you think" is best at your shop, even though all of the proof points the opposite direction.


I leave you with this Panda blog review blasting MSE from Nov 2010:
http://research.pandasecurity.com/microsoft-just-doesn’t-get-it…-security-is-about-diversity/
 
Last edited:
You got any links about AV-test.org accepting bribes? If that's true I'd like to read about it. If it's not, you might want to be careful stating that so emphatically on a public forum.
 
Cambridge:

I like and sell Avast! even though they have slipped a few notches in the latest tests. One thing I do look for is wild swings in tests where an AV program does good this test, and horrible the next. Avast! seems to stay in relatively one area. I like that.

Avira, Panda, Kaspersky, eSet, F-Secure are all viable options as well when it comes to security. I simply prefer Avast because it seems "faster" and works good on older systems (which I run into a lot because I deal with Home users a bunch)

I feel AVG has been slipping for the past 5 or 6 years. Their software seems bloated and has become less effective (either because AVG is having problems keeping up or AVG is targeted more heavily by Virus makers, I dunno)

MobileTechie:

You are correct, I should be more careful. I retract that and offer NSS labs to the chopping block instead.

NSS labs was in a small scandal about Firewalls after they released a report saying that X,Y,Z firewalls are no good. Also they have been implicated in wrongdoing by not supplying their testing methodology or any information about how they tested AV programs. Trend Micro was their recommended AV product with all others far behind, and IE beat all other browsers for security. All of that, in stark contrast to the rest of the testing by other independent outfits makes me call BS on NSS labs.

My apologies, and thanks for checking me.
 
I also wanted to say that google chrome has "sandbox" features built in under the hood of its system. I never even realized that until a few weeks ago when I read that on another tech site.

To me, it definitely seems like chrome is the safest browser to use right now whether you use "sandboxie" or not.
 
I don't think any of the paid antivirus are worth a darn, half the paid ones arent either. I saw infected Avast, avira and mse machines all last week alone, same with Norton 360, Mcafee, and Trend Micro. Keep seeing SAS, Avast and Eset marking false positives, paid MBAM missing infections, only thing we havent seen infected yet is a Kapserky Internet Security computer. Not one, been selling it since 2006, never had one in the shop infected, and we do tons of virus work. I'm sure someone else has seen KIS infections, but it works for us, so that's what we use. Gotta go with what works best for you, can find a report telling you any AV is either great or terrible if you look hard enough.
 
I don't think any of the paid antivirus are worth a darn, half the paid ones arent either. I saw infected Avast, avira and mse machines all last week alone, same with Norton 360, Mcafee, and Trend Micro. Keep seeing SAS, Avast and Eset marking false positives, paid MBAM missing infections, only thing we havent seen infected yet is a Kapserky Internet Security computer. Not one, been selling it since 2006, never had one in the shop infected, and we do tons of virus work. I'm sure someone else has seen KIS infections, but it works for us, so that's what we use. Gotta go with what works best for you, can find a report telling you any AV is either great or terrible if you look hard enough.

Got to say I've yet to see a Kaspersky infected machine.
 
I have seen a Kaspersky machine infected before, but not very many.. and in Kaspersky's defense most of the time the definitions were out of date.

I tell this to all of my customers:

No AV product is 100%, even the best AV product can be bypassed. All that we can do is provide you with a reasonable amount of security. Most infections can be avoided by changing your online habits.

One thing that I don't like about Avast! Free is that it requires the user to re-register after 1 year in order to keep receiving updates.. and many end users simply do not re-register and then get infected. I don't know why they don't re-register, it's dead simple and takes 30 seconds. I have the same problem with customers not updating the software when a major revision comes out.

Many times when I see a "Top Rated" AV product that has failed it is because of the end user not taking the time to look at the AV software and update it.
 
Out-of-licence AVs are bound to get infected. I'd say almost all the Norton I've seen infected were out of date. Whereas McAfee I've seen loads of infected machines which were up to date. Same with the awful Webroot.

Never seen a current Kaspersky infected but I'm sure it must happen. I've not seen that many Kaspersky machines anyway.
 
One thing that I don't like about Avast! Free is that it requires the user to re-register after 1 year in order to keep receiving updates.
I had a customer get tricked into paying for Free Avast so I said NO MORE to Avast.

Is it possible that not many people using Kaspersky are getting infected because not many people use that AV software?
 
I had a customer get tricked into paying for Free Avast so I said NO MORE to Avast.

Is it possible that not many people using Kaspersky are getting infected because not many people use that AV software?

I somewhat agree with you on the Avast! part because the dialogue that comes up is laid out in such a way that makes it easier to hit the "upgrade" part instead of the free part... however, I wouldn't say it can trick someone unless they simply did not read, which happens a lot. Click click click happy they are. I don't think we should shun such a product because the customer doesn't take a few seconds to read. Also, there are a few more steps past that dialogue for input of the CC number, etc... so I would be hard pressed to say anyone get's forced or tricked into buying Avast!. Also, Avast! offers a 30 day money back policy, no questions asked.

I think your idea about Kaspersky could certainly be plausible, however, they do have an effective AV program so that shouldn't be dismissed either.
 
Back
Top