so is defender useless now? what happend to onecare?

OneCare is gone, and Defender is still around (still available for download) but not sure why.

Defender is useless in my tests. Misses a *lot* of malware.

I think this article should have been the featured one, not the confusing and less informative Q&A story that Wilcox wrote... No offense to Wilcox.

I have been visiting betanews for several years now, and this day is a little bit special. I find folk actually singing the praises of a Windows product, long time enemies have become friends, people are actually thanking each other, and the Opera gang have for once not been giving my comments a thumbs down. This bit of software has brought about something few of us could have dreamed of, a feeling of calm has enveloped the forum, thank you Bill, thank you Microsoft.

You've had too much to drink. Put. The Bottle. Down. ;)

I have been running this since the beta. I started out with it running beside Avast. Then after I was satisfied Avast got the boot. This program is rock solid and caught some stuff that Avast missed.

Uninstalled my AVG Free and started using MSE when the beta came out, have not looked back once. Its quiet, does a great job detecting marlware/spyware/viruses and uses a fraction of memory footprint of the other bloat AV's.

Truer words have never been spoken.

In a matter of a couple weeks, Avast.com will release Avast 5, it's faster, smaller and more powerful than ever. It's even going to include for the first time a firewall built in. I've been testing beta 2 and very impressed. Now in all fairness I did test MSE, it was good but a bit too aggressive for some of my apps and programs. However Kudos for Microsoft to release a not soo buggy product and freely for public use away from the traditional payment plans.

Have they removed the idiotic 'media player' paradigm? That is really a turn off for me, and, I would think, for many that take security seriously.

guru, if Advil 2.0 looks and tastes like a gummy bear, you're going to write it off despite the fact that it works, and works well?...better than the previous Advil types that have been on the market?

That's...well...idiotic.

" It's even going to include for the first time a firewall built in"

Well that is something we need, another 3rd party firewall screwing with the system at levels that are not needed.

The built in Firewall of Vista and Win7 are fairly advanced, and do in and out control all the way to the application layer, which is covering the upper levels of the OSI model which is something most 3rd party firewalls don't do.

Additionally, when you have an optimized network stack with and integrated Firewall in the OS, and replace or insert 3rd party code into the network stack to handle traffic, you are going to lose performance at the very least and most of the time, create compatibility issues.

For all the IT people here that have had to deal with McAfee or Norton's firewall or network layers preventing users from sending email or visiting certain web sites because they are using something beyond the stardard http ports it becomes a freaking nightmare.

If you are in the IT world, rule #1, have the user diable the 3rd party networking security/firewall.

Most of the time the users that have these products don't even realize it is injected itself into the network stack and then complain when application XYZ can't do something on the internet. And we certainly don't need another brand doing the same crap that has earned McAfee and Symantec a bloated crapware status that their 'messing' with the OS has become.

On a new Vista install compared to a Vista install with any McAfee or Symantec the performance is visibly noticeable. This is the main thing that when users complain of 'bloatware' installed on OEM computers, it is essential the Anti-Virus software that has injected itself into the network stack, and even the I/O processes.

And on Vista, it was freaking horrible, just the other day another new computer of a customer running Vista x64, and the difference from how the machine arrived to rippingo off Norton their response was, "OH MY GOD, Vista really is fast with that crap gone."

I know the OEM kickbacks are good money for putting this crap on computers, but when it is easily consuming 25% of the performance of the computer and making their hardware look slow and also helping purport the myth that Vista is slow is doing a major disservice to their own customers.

So I'm really sad to see Avast adding in a Firewall and further reducing performance of a system when there is no added features they can 'truly' offer a user.

If the built-in OSI level Firewall in Vista or Win7 isn't 'secure' enough then you need to be using an external hardware firewall device protecting your entire network, becuase as for OS and Software level Firewall technology, you can't do much better than the included Firewall in Vista or Win7 on the new network stack.

There are good firewalls which consume less resources than the Vista/7 integrated ones. And the problem with built in windows firewalls is that they do not filter outgoing connections, and that is a MUST for any advanced user...
In fact, that is my only need in a application firewall behind a router. I WANT to see which application is trying to phone home.
Pctools firewall (forget about the name) is a great product, light and does what I need, for free.
The problem about some 3rd party firewalls how are developed. Norton is... how to tell... s*** is the lighter adjective that comes to mind. Mcafee the same... Symantec integrated once good sygate engine, but already contaminated with Endpoint protection crap, shame... Sygate used to be great (still is if you use WinXP). Bought and destroyed...
I think companies using Microsoft tools to develop destroy good tools. Among them you have most notably Symantec and Autodesk.

I took out zonealarm firewall/antivirus that I purchased for this. I really like this, seems to work well. I now evern decided to use windows vista firewall instead of installing another. All seems ok. I think (my opinion only) that this is one of the best ideas Microsoft has had in a long time. You do not even notice this working in the background and I have seen no slowdown or anything, remarkable, well done Microsoft.

Now we all hope it is as secure as we are told it is???

As I told MS in beta, I think the program is *too* "not in your face"... I like how avast! and other AV programs give at least minimal notification that they're updating and working. Still, it is a nice safe-fall for basic users.

Lawsuit about MS monopolizing in 3... 2... 1...

I like the fact that is not in your face. You set and forget it. Ronco would be proud!

hmmmmmmmmm ..... what?

@mjm
Security Essentials creates a restore point, so if anything was removed, restore your computer to the restore point it created, no need to dig through backups. (Also you can open 'Previous Versions' if you know the folder/file that was deleted.)

@Sturgess
Defender is not needed and turned off. Security Essentials does the work of Defender in addtion to other malware checking abilities, it even still uses the Defender definitions from Windows Update.

My install replaced Defender.

Right you are. So the process is to change the default action in SE to quarantine, turn off real-time, system restore, reboot, get the file to examine, change the default action back, turn on real-time.

One would think a rename of the file/type and store in directory up to x amount of data would be good enough.

Mine did not. Defender is still there. System - laptop 1.5 GHz Celeron M Windows XP SP3 - fully updated.

AnthonySPT "Defender is not needed and turned off."
Thanks.

guru_v " Defender is still there."
Mine too. But I understand from a couple who have posted here that it is disabled, or will be at the next scan.

What you're saying isn't logical. If immediately after installing the software you change default action to quarantine, why would you still need to perform the other steps you mentioned for EVERY false-positive?

My logic, without ever trying the software, which due to my extreme genius normally defies all actual experience by actual experts in their own field, says that you DO NOT. ;)

Of course if you meant that you have to go through those steps only once, then I hereby proclaim that Microsoft is permitted to protect its dumb-arse users from themselves by requiring said steps in order to prevent some curious p*ssycat from stumbling upon some file using some desktop search utility and renaming "hot sex not a virus!!.exe.virus" to "hot sex not a virus!!.exe" due to his vastly inferior & limited mental capacity. ;)

"So the process is to change the default action in SE to quarantine, turn off real-time, system restore, reboot, get the file to examine, change the default action back, turn on real-time."

Cut out everything *after* "change the default action to quarantine" and you nailed it.

It should be the default. Hadn't even noticed that tidbit.

The rest of your post pertains only to what you need to do on your system because it *wasn't* the default action. If you do that first, the rest is unnecessary.

Of course changing the default action to quarantine is the users' fault. How dare I even question leaving the product as-is and follow Microsoft's recommendations.

And I know this because you all came into this thread saying "Please change the default action to quarantine before you run the initial scan."
Oh, wait, none of you said this. The product doesn't even explain what default action it will take on its initial scan.

Hilarious. betanews readers know everything, and they knew it BEFORE you did, of course.

Let's not blame MS for the bad default action, let's blame the user for not changing the default.

Open the program: Click the Settings tab. Oh, look...default actions is #2 on the list.

It's tough, I know...

Need an explanation of what the default actions are? It depends on the severity of what it believes it has found. There's actually a link to just that right on the settings page for default actions. Fancy that...

Severe to High: Remove.
Medium: User input.
Low: User input.

Makes sense except for rare instances when a false positive is labeled as "severe" or "high", such as your case.

I assume they weighed the "risk" vs "system restore" procedure required for a false positive and determined that the risk of a false positive (based on previous testing of the forefront engine) was minimal when compared to the risk of letting the user click "cancel" or "allow" out of habit.

Is it perfect for everyone? No. Nothing ever is.

And, oh look...

The default actions for Severe, High, Medium, and Low alert levels are "Recommended Action". There is also the choice of "Remove" or "Quarantine"... but the default is "Recommended Action", which the program itself makes no attempt elaborating on. In other words: What the hell *is* the recommended action?

Sure, there's a link in the applications that redirects to Microsoft's site for more information:

=Recommended Actions=

So what are recommended actions? When you select Microsoft Security Essentials' recommended action, this means that you want Microsoft Security Essentials to decide how to handle this alert level. Here's how the program handles alerts, depending on their level:

* Severe or high level alerts : If Microsoft Security Essentials alerts you about potential threats that are severe or high, the recommended action is to remove these programs.

* Medium level alerts : For medium alerts, you should review the alert details (click the Show details link) to see why Microsoft Security Essentials detected the item. If you don't like what the software does or if you don't recognize and trust the publisher, consider blocking or removing the software.

* Low level alerts : This type of alert typically indicates a benign program, unless the program was installed without your knowledge or consent. If you're not sure whether to allow the software, review the alert details, or check to see if you recognize and trust the software publisher.

...but I think that information could easily be summarized in the application without needing to rely on an external source to figure out what in the world it's doing to *my* files. =)

Thanks for this informative and good article Scott!

I dumped AVG for this, and I'm liking it.Wondering if I should still be running Windows defender ? Anyone know ?

It turns Windows Defender off after the initial definitions update and quick scan.

teohhanhui "It turns Windows Defender off after the initial definitions update and quick scan."
Thanks.

Yeah. Not sure where Scott sees them running in parallel.

*shrug*

I just decided to ditch AVG Free to give this a shot temporarily. So far it seems very efficient and lightweight. It's not complicated and doesn't feel intrusive either. I'm sure with a bit of marketing, this will be a hit.

Had a false positive on an ini file. It took the default action (delete,) with no way to restore the file other than backup restore.

Ouch. Thanks for the warning. Hopefully there is an option that will allow the auto delete to be "ask before deleting" to solve that problem. Otherwise, seems like a step in a good direction in terms of footprint, performance, and security. I will give it a try on a test machine and report any issues found myself.

its smart with any antivirus to disable automatic actions, common sense... because of false positives
im giving MSE a go, i like it so far
out the door you go avast!

I hate it when this happens, but this very same thing happened to me the other day with zonealarm antivirus. It happens, so it makes sense to check settings and make sure they are what you want. Do not blame the softrware, but do report the false positive to Microsoft so they can have a chance to correct it. But as I said, this will happen with any security software like this.