MS will "soon" unveil free anti-virus software "Morro"

Discussion in 'Virus Information' started by siljaline, Jun 11, 2009.

  1. siljaline

    Milo Guest

    it not prevention... its detection only and action ( quarantine / clean )
    due to a strong generic and heuristic detection which can cause a lot of FA
     
    Milo, Jun 13, 2009
    #21
    1. Advertisements

  2. siljaline

    Jesper Ravn Guest

    No, today its called prevention, but don't expect your client's and servers
    to survive that cocktail :).
    Easy management and simplicity is to me, the most importent keywords.

    McAfee:
    With McAfee VirusScan® Enterprise, we've taken anti-virus protection to the
    next level by combining intrusion prevention and firewall technology in a
    single solution for PCs and file servers.
    Manage it with McAfee ePolicy Orchestrator® for security policy compliance
    and enterprise-level reporting.

    Symantec:
    Symantec Endpoint Protection combines Symantec AntiVirus with advanced
    threat prevention to deliver unmatched defense against malware for laptops,
    desktops and servers.
    It seamlessly integrates essential security technologies in a single agent
    and management console, increasing protection and helping lower total cost
    of ownership

    F-Secure:
    F-Secure Client Security is a complete security package for business that
    includes antivirus, antispyware, rootkit scanning, firewall and behavior
    monitoring.
    DeepGuard 2.0 technology gives proactive protection against new threats. Its
    real-time protection network provides global security updates in 60 seconds
    when new threats are confirmed
    F-Secure DeepGuard A host-based intrusion prevention system (HIPS) with
    network queries (in-the-cloud) provides protection from unknown threats

    /Jesper
     
    Jesper Ravn, Jun 13, 2009
    #22
    1. Advertisements

  3. The MS-Malicious-Software-Removal-Tool
    http://www.microsoft.com/downloads/details.aspx?familyid=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    is imho very good. Thank you, Bill.

    Regards,
    H.
     
    Heinz Schmitz, Jun 13, 2009
    #23
  4. From: "Jesper Ravn" <>



    | Hi David

    | How do you measure anti-virus efficacy?.
    | McAfee, Symantec and F-Secure, are all vendors, considered to have strong
    | malware prevention/propagation (efficacy).
    | But is it all good, if their product are too complex and will
    | slow-down/freeze/crash your infrastructure.

    | /Jesper

    The ability to block malicious scripts and binaries.
    The ability to clean viruses not just delete them.
    Good heuristics.
    Ability to to scan a myriad of archive file types.

    Enterprise management is just about logging, reporting, pushing policies and updates,
    deployment, controlling settings, etc.
     
    David H. Lipman, Jun 13, 2009
    #24
  5. siljaline

    Milo Guest

    I don't know where youre going with it but a packet or binary is all but the
    same you still need a well designed pattern and working scan engine ( either
    accurate or heuristic to detect it if its malicious or not ) be it on
    endpoint machine or live jumping in between your routers, lines and endpoint
    nic cards.

    whew.. what you just describe the features but not the mechanics... sorry am
    no marketing guy I need to replicate it to believe
     
    Milo, Jun 13, 2009
    #25
  6. It is good, for a limited scope malware removal tool. This is not the
    same as what is generally meant by "antivirus" now however. MSAV and
    MWAV were an earlier attempt at antivirus - but would fall short of what
    is generally meant as an antivirus program today.
     
    FromTheRafters, Jun 16, 2009
    #26
  7. From: "FromTheRafters" <erratic @nomail.afraid.org>


    | It is good, for a limited scope malware removal tool. This is not the
    | same as what is generally meant by "antivirus" now however. MSAV and
    | MWAV were an earlier attempt at antivirus - but would fall short of what
    | is generally meant as an antivirus program today.



    MSAV was actually an OEM of CPAV - Central Point Anti Virus.
    CPAV was bought by Norton and became part of Norton Anti Virus.
    ( Actually Central Point Software was bought by Norton and the their utilities also became
    part of the Norton Utilities )
     
    David H. Lipman, Jun 16, 2009
    #27
  8. Wikipedia has a nice historical write-up

    http://en.wikipedia.org/wiki/Microsoft_Anti-Virus

    Funny, MSRT could probably detect more malware than MSAV and still be
    considered less capable. The landscape has changed that much - there was
    less to look *for* back then.
     
    FromTheRafters, Jun 16, 2009
    #28
  9. From: "FromTheRafters" <erratic @nomail.afraid.org>



    | Wikipedia has a nice historical write-up

    | http://en.wikipedia.org/wiki/Microsoft_Anti-Virus

    | Funny, MSRT could probably detect more malware than MSAV and still be
    | considered less capable. The landscape has changed that much - there was
    | less to look *for* back then.



    Back then I was using the Netware version of CPAV.

    But I think the target list of CPAV was at least 10 fold to what the MS MRT targets Today.
     
    David H. Lipman, Jun 16, 2009
    #29
  10. The general understanding seems to be, that anti-virus software just
    has to keep malware out. Sometimes, however, malware seems to get
    detected, but did cause some damage already.

    The machine I was asked to help with suffered from missing internet
    connectivity after avira had removed two trojans. I found numerous
    postings in the web of people having the same problem, and apparently
    nobody was able to solve it, except with a new install (of XP prof).
    MS Malicious Software Removal Tool, however, did restore internet
    connectivity (and said to have deleted two more trojans avira had
    not barked at) and granted us an apparently fully repaired machine.
    Great.

    Regards,
    H.
     
    Heinz Schmitz, Jun 16, 2009
    #30
  11. That is a general misunderstanding. It is the user's job to keep the
    malware out, it is the antivirus' job to help them in that task by
    detecting (and possibly identifying and 'repairing') the type of malware
    that cannot be otherwise detected by the user. Specifically when
    malicious code hides within (attaches to) other executable code. As long
    as they are looking for the hard stuff, they might as well tell you
    about (some) of the easy stuff it finds as well. That latter part gets
    them into the general malware detection/removal arena - which they only
    partially address (hence the perceived need for other antiwhatever
    programs).

    Because of this misunderstanding, AV has devolved into what it is
    today - a malware removal tool as you touch on below.
    This can happen when falsely accused system files are removed or
    quarantined. Quarantining is better because you can restore them from
    there. Can also happen when malware makes changes that aren't addressed
    when "cleaning" is attempted.
    Glad you were able to recover - it isn't always the case. Thanks for the
    update.
     
    FromTheRafters, Jun 16, 2009
    #31
  12. Leaked: Microsoft Security Essentials (codename Morro)
    [includes screenshots]
    http://arstechnica.com/microsoft/news/2009/06/leaked-microsoft-security-essentials-codename-morro.ars
     
    PA Bear [MS-MVP], Jun 18, 2009
    #32
  13. I see that they recommend not having another antispyware application
    installed.
     
    FromTheRafters, Jun 18, 2009
    #33
  14. siljaline

    1PW Guest

    Hello FTR:

    I'm guessing that you could probably install the freeware version of
    MBAM as a "second opinion". We shall see...

    Warm regards,

    Pete
     
    1PW, Jun 18, 2009
    #34
  15. While it looks like a typical 'muscling in' by Microsoft - it also
    appears to be because of what AV has become. It is less about prevention
    and more about cleaning up the messes. For adequate removal
    *identification* becomes more important.

    This may interest you:

    http://www.sophos.com/security/technical-papers/detecting-and-removing.html
     
    FromTheRafters, Jun 18, 2009
    #35
  16. Microsoft Security Essentials: What wannabe testers need to know
    http://blogs.zdnet.com/microsoft/?p=3120
     
    PA Bear [MS MVP], Jun 19, 2009
    #36
  17. siljaline

    ~BD~ Guest

    Interesting information IMO.

    Thank you.

    --
    Dave

     
    ~BD~, Jun 19, 2009
    #37
  18. siljaline

    someone Guest

    I'm certainly not going to test a beta project, but when MSE is rolled out
    next year, should I remove my current AV, which is AVG-pro?

     
    someone, Jun 19, 2009
    #38
  19. From: "someone" <>

    | I'm certainly not going to test a beta project, but when MSE is rolled out
    | next year, should I remove my current AV, which is AVG-pro?

    No.

    Wait and see what other report based upon THEIR tests.
     
    David H. Lipman, Jun 19, 2009
    #39
  20. siljaline

    siljaline Guest

    Apparently Morro will can be downloaded directly from <http://www.microsoft.com/security_essentials>
    starting on June 23rd in a ** limited public beta ** for XP, Vista and Windows 7 users.
    The Microsoft Security Essentials Web page isn't working at the moment, but it should be by Tuesday.
    Will require Windows Live ID and installed via Windows WGA (Windows Genuine Advantage) (or)
    Windows Greatest Annoyances, whichever you like.

    More @ >
    <http://gizmodo.com/5295656/microsoft-security-essentials-antivirus-software-codename-morro-available-on-june-23rd>

    Note that those will good security products running now, should have a good hard look at running this Beta on your
    home { it's-my-baby-box } !!!

    Disseminate at your discretion.
     
    siljaline, Jun 19, 2009
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.