Microsoft Security Essentials BETA Review

Microsoft Security Essentials(MSE) is an free antivirus software developed by microsoft that provides protection against differents types of cyber threats(trojans, rootkits, spyware, adware) for windows based workstation(WinXP,WinVista,Win7 both 32bit and 64bit) it was so developed to replace Windows Live OneCare.

MSE received positive reviews when it was first released almost a year ago and currently they have new version(v2) which is currently in BETA and I am presenting my review on this BETA version. I know that my review might not have any much impact on the final version of MSE but this is the first time I have tried MSE and thats why gave a thought of reviewing it.

Some of the new features included in this version were :

Windows Firewall integration – During setup, Microsoft Security Essentials will now ask if you would like to turn the Windows Firewall on or off.

Enhanced protection for web-based threats – Microsoft Security Essentials now integrates with Internet Explorer to provide protection against web-based threats.

New protection engine – The updated anti-malware engine offers enhanced detection and cleanup capabilities with better performance.

Network inspection system – Protection against network-based exploits is now built in to MSE (This feature is not available for WinXP platform because this feature requires Windows Filtering Platform which is only available in WinVista and Win7)

I downloaded the installer from here (you have to have a Windows Live ID/Hotmail ID so that you can download the BETA version). I installed MSE on my Win7 Ultimate 32Bit system. The installer size is about 8 MB the installation also requires you to run a genuine copy of Windows and installation takes a minute or a two to complete and requires a reboot to load the drivers. After insallation the GUI of MSE is as below

I ran an update and it downloaded about 60MB of database updates after the updates were applied I rebooted my PC(Note: Not at all required to reboot) just to make sure everything worked fine. GUI is very much user friendly I didn't find any difficulty in maneuvering through the GUI.

Main Product Features:

• Realtime Protection : It protects your computer in real time so can also be used even as a standalone application for providing basic but sufficient protection.

• Malware Removal : It also provides removal of the detected malwares.

• Schedule Scanning : Provides scheduled scanning of your computer(can also be disabled if the user doesn't want to)

Perfomances:

MSE is very much light on system resources I didn't feel any slow downs while testing it on my system. I tested MSE v2 BETA on my Core2Duo processor running Win7 32bit Ultimate with 1 GB of RAM. When I saw in task manager it ran three processes

1. msseces.exe (Microsoft Security Client User Interface)
2. MsMpEng.exe (Antimalware Service Executable)
3. Nissrv.exe (Microsoft Network Inspection System)

The Nissrv.exe is not be available in WinXP

Test against malware:

I collected some malware samples (68 to be precise) over the past 5 days and thought of giving it a shot against MSE. I performed the test by first copying those 68 malware samples to a Test named folder in the desktop and then turned off the realtime protection of MSE and then I scanned the folder by MSE through its custom scan. MSE was able to detect 54 out 68(79.41%) of malware samples. I gave remove as the action to be performed for the detected threats. I rescanned the same folder to make sure that it didn't missed any files to be scanned. Considering that these samples are very much zero-day it performed medicore in this test but it might detect a few more when the leftover samples would be executed in realtime. My test was just an ondemand type, no sample was executed at all.

Pros:

• FREE
• Low memory usage
• Faster scans
• Realtime protection
• Automatic Updates
• Good detection rates

Cons:

• No manually quarantine option

BottomLine:

MSE is slowly gaining ground on being one of the top freeware product which was earlier ruled by likes of Avast, AVG and Avira. It is constantly performing good in recent tests like AVComparatives and many others independent test. I have been playing with this BETA for quite sometime now and I am quite impressed with it. Considering that I have fairly old computer(running Core2Duo processor) I still felt the computer was very much fast and didn't have any sortof interference in my normal routine work I even installed on one of my relatives computer running a P4 processor with 512MB of DDR1 RAM. It is very much stable and hardly found any notable bugs.

Emsisoft AntiMalware Review

Hi all,

Today I am going to review a new released version of Emsisoft (Earlier known as A-Squared) AntiMalware v5 . It was released some 15 days back. Emsisoft even provides free version of AntiMalware that can be downloaded from here but the free version is still v4.5 . v5 is a paid product that can be downloaded from here. The previous versions being already good in terms of malware detection so I thought to give it a test drive. The Emsisoft AntiMalware uses two engines for scanning one is the Ikarus engine and other its own one. The paid version also provides a behavior blocker that monitors changes done by a particular application and from this changes it notifies(Whether the file is malicious or not) the user about the same. This technology is used for day malware detection. The installer size is about 93MB and installation is quite simple. The user after installation will be prompted to register to Emsisoft and after that you will be provided a 30-day trial. You can also choose a 3-day free trail where there is no compulsion to register inorder to evaluate the product.

After installation the GUI of Emsisoft is as below :


The GUI is exactly identical as that of the previous versions only the name A-Squared is changed to Emsisoft and few GUI changes. But overall it looks almost identical.

Emsisoft Anti-Malware provides following features :

1. Two scanning engines : The Emsisoft Anti-Malware and the Ikarus Anti-Virus engine.
2. Behavior monitor : Unlike conventional protection systems Emsisoft does not only check files, but it also constantly monitors the behavior of all active programs and raises an alarm as soon as something suspicious happens.
3. Surf Protection : Typical ways of infection are disabled in advance. Websites that try to plant trojans or spyware or that offer deceptive contents are blocked by the surf protection.
4. Signature Updates : Signature updates at least 5 times per day, in combination with the zero-day protection of the behavior analysis this guarantees the best possible protection from new infections.
5. Extra: HiJackFree is a detailed system analysis tool which helps advanced users to detect and remove all types of HiJackers, Spyware, Adware, Trojans and Worms.

A-Squared have been one of the top performers in most of the independent tests that have been performed. But only the False Positive was their weakness. Otherwise it is a solid product.

Sandboxie : A new layer of Computer Security

The amount malware continued to grow at a record pace throughout 2009, primarily targeting naive computer users . On an average about 35,000 samples of malware are identified everyday the number itself is quite astonishing and it may not be possible that traditional Antivirus database would be able to detect the malware. This are termed as Zero-day threats it is very much difficult for AV to detect these Zero-day threats as their signatures are not updated to identify the malware. Malware has increased in an exponential manner, and the absolutely most persistent threat have been trojans, malicious software designed for stealing sensitive data, installing backdoors, deleting or encrypting files and downloading other malware from the internet. Hence the user's sensitive information is compromised.

Here comes the technology of sandboxing. Technically when you run a program it gets executed in real computer environment but when that same program is sandboxed it runs in an isolated environment and with some restricted privileges. It is similar to that you log on to your computer as Guest and not as admin or your username. Hence program running in isolated environment will be prevented from making changes that could be damaging to a system or which could simply be difficult to revert back.

Sandboxie

It is a freeware and the latest stable version can be downloaded from here.


The main idea behind this program is like it defines a space in your HD and executes the programs within that defined space only(preferably called as sandbox) which prevents them from making permanent changes to other programs and data in user's computer.


The red arrows indicate changes flowing from a running program into user's computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie.

The installer size is small(~1.44MB) the installation is quite easy





By default there will be a new shortcut on desktop named sandboxed web browser on double clicking it your default web browser(Mozilla or Internet Explorer) will be opened.

In order to run a program isolated right click on the program------>Run Sandboxed. When an application is run in sandbox it appears like this [#]Program Name[#]



+ points of sandboxie

• Safe Web Browsing : Running web browsers in sandbox protects from any malicious changes as the program is in sandbox and hence all the software that is downloaded via this browser is trapped in sandbox.
• Better Privacy : All the cookies, temporary data, browsing history are in sandbox and don't leak into Windows.
• Safe Windows : Prevents windows getting corrupted by a certain program as that program is executed in an isolated environment.
• Easy to use
• FREE!!
  

I definitely suggest users to try this program it is easy to use and configure will also keep you protected it is very good when used in an offline computers where Antivirus signatures are not constantly updated. Sandbox is quite new technology but gaining good ground even some of the security vendors try to incorporate this technique so that even if traditional scanning misses some malware still the user is very much protected. For the average user, Sandboxie is preconfigured for optimal protection - no further configuration is needed. Users can access the internet check email and run programs from the start of this program. With the advanced options, it allows you to tweak Sandboxie as needed.

There is a paid version of sandboxie which unlocks all the limitations that are present in free version. In free mode, the program displays a pop-up prompt to register the program once 30 days have expired. In free mode, Sandboxie does not allow the Forced Programs and Forced Folders feature and does not allow for more than one sandbox to be run simultaneously.A lifetime registration for the current version and future versions is only €22 Euros (roughly $30) which is an extremely small price to pay for the security which Sandoxie provides.


To Visitors:
This is my first post in my blog so it might be possible that I may have not covered all the points regarding the topic I have started. I tried my best to make it easy to understand and be precise on the topic. Feel free to suggest any modifications that are required in the post.
Thank You for you time and have a nice day.......

-ISHAN

Comodo Internet Security v4

Comodo released its security suite(Comodo internet security) their v4 a month before and is drastically improved from its predecessor v3. The v3 was said to produce too many false positives and also its HIPS functionality was also quite annoying. It irritated users with its endless pop-ups but that was past. Here is the new version of comodo they got rid of the useless HIPS no one ever wanted. And replaced it with a much better solution sandbox. And it is not others do it. They opted for a more unique approach which actually works for a change. The working is like if the application is trusted, it works in unrestricted mode. If the application is unknown, it automatically runs it in sandbox until tested to be safe. And sandbox is not a very slow emulated environment. Everything runs on host level with host performance. It's just that Comodo restricts certain stuff to the application run through sandbox.

I am currently trying comodo v4 it can be downloaded from here comodo gives hell of free products(You can browse their site and check) but as my discussions is of only CIS so i'll focus on CIS only. The installer size is about 60MB plus the additional download of signature updates after installation which is about 85MB. Yeah the signature size is quite large but the comodo team is working on it. Actually they already have compacted their virus databases i still remember when i installed v3 i downloaded more than 100MB of virus database updates. So only time will take to trim down the size of virus database without losing its detection ability.

When installation is started the user is prompted to install standalone Firewall or Antivirus or the entire suite. Comodo is one of the few suites that provide tons of features for free. By default all the features are installed viz..

1. Antivirus : For detection of known as well as unknown malwares. Comodo's AV part is still new and needs some work on the detection part. It detects high percentage of false positives.
2. Firewall : It is considered as one of the best FREE firewalls out there on net.
   
3. Defense+ : The best part of comodo v3 included in v4 also but notable difference it that it included sandbox which is really good and doesn't have much of impact on system performance.

I tested 20 zero day threats against comodo and it was able to detect 14 (i.e. by the AV part) while the undetected were automatically placed in sandbox(Defense+ part) on execution so I can say that I had a clean system after testing comodo against these threats which is really a good sign as no AV can detect 100% so layered approach is preferred like even those 6 threats were undetected by comodo it made sure that those undetected were placed in sandbox while execution.

But the main demerit of comodo is still is high percentage of False +ves like it detected Malware Defender beta02 and 03 installer as Heur.Suspious.

Bottomline: Comodo offers a great free product which has all the necessary requirements to be one of the top competitors. I would advice it to give it a try you won't be disappointed with it.