MSE到目前为止获得不错评价,为微软获得正分
这两天新闻很多, Google和微软打升级赛龙舟. Google那边是SideWiki/Wave/Place, Microsoft这边是免费反病毒套装Security Essentials (MSE). MSE的定位是用来替代Windows Live OneCare和一部分的Windows Defender. 鉴于以前微软免费套装的失望表现, 大家都怀着观望的心态等着 MSE.
从发布后这两天的媒体报道来看, 好评不少. ZDNet的Adrian的体验是很开心, Register的报道认为 MSE 不错的表现将可能重组客户端反病毒/反恶意软件市场, 尤其是免费反病毒软件市场. 这里应该包含了Symantec, Trend Micro, McAfee, Kaspersky等前几大, 应该还有360.cn, 网警等等都会受到影响. 当然, 昨天Symantec已经表示出不快了.
今天我下载安装试用了一把, 效果感觉真的不错. 先不谈是不是真的查杀率(呵呵,现在还不知道), 用户界面和体验很棒. 微软似乎掌握或学到了Google和Apple的”快”和”简洁”! 期待哪家第三方机构快速发表一个性能查杀等综合比较报告.
微软还有另外一个收费的客户端安全套装 – ForeFront Client Security(FCS). 相对于MSE来说, FCS具有更多的功能, 其中比较重要的包括NAP集成, 组策略管理等. 查看下表做的比较:
所以, 如果几大想比较功能的话,只能和MSE的大哥FCS比了.
http://www.theregister.co.uk/2009/10/01/ms_security_essentials_review/
One thumb up for MS Security Essentials in early tests
Detection fair but clean-up lacking, reports AV-Test.org
By John Leyden
Posted in Anti-Virus, 1st October 2009 11:00 GMT
Free whitepaper – Removing the complexity from information protection
Independent testing lab AV-Test.org has published one of the first reviews of Microsoft Security Essentials, Redmond’s freebie anti-virus package.
The software earned favourable comparison with other free packages, such as AVG and Avast. Detection rates were respectable and the product scored plaudits in avoiding false positives, a perennial problem for anti-virus scanner where legitimate files are detected as potentially malign and put into quarantine, sometimes hobbling systems in the process.
Most of the worst problems occur when anti-virus scanners decide that Windows systems files might be dodgy. Microsoft has an obvious advantage in been able to avoid such problems. Even so, minimising the risk of false positives is a big plus mark for Microsoft Security Essentials.
Scan speed for the product was fair and rootkit removal was good. The main deficiency identified in the product was a lack of effective behaviour-based malware detection, a feature Redmond claims was bundled with Microsoft Security Essentials. There’s also scope for improvement in the clean-up process. Malware infections left Windows firewall turned off even after disinfection using Security Essentials, for example.
AV-Test.org first tested Microsoft Security Essentials against 3,732 malware samples from the WildList (a standard test set of malware known to be in circulation). All the samples were successfully detected and blocked during on-demand and on-access tests. Security Essentials has been in development for months, so problems in detecting standard malware threats with a launch product would have been a major fail.
Microsoft Security Essentials also coped reasonably well against a larger set of malware, as AV-Test.org reports.
We continued testing the detection rates of Microsoft Security Essentials on Windows XP. For this, we used our set of 545,034 current malware samples, including viruses, worms, backdoors, bots and trojan horses. MSSE was able to detect 536,535 samples what’s a very good detection score of 98.44 per cent.
In case of the ad-/spyware testset, MSSE detected 12,935 out of 14,222 samples what’s a detection score of 90.95 per cent. We found no false positives during our scan of 600,000 known clean files from Windows, Office and other common applications (as the majority of these files are from Microsoft, everything else would be a big surprise.
So far so good – but in tests on dynamic malware detection, Security Essentials came up short.
We have then tested the dynamic (behavior-based) detection with a few recently released malware samples which are not yet detected by heuristics, signatures or the “in the cloud” features. We found no effective “dynamic detection” features in place. None of the samples were detected based on their (suspicious) behavior. However, other AV-only offerings doesn’t include dynamic detection features either, in most cases they are only available in the Internet Security Suites editions of the products.
Detection and cleaning of already infected Windows PCs worked but AV-Test.org noted that in many cases, “traces of the infection were left behind (eg some inactive executable files, empty ‘Run’ entries in the Registry, the Windows firewall remains disabled, the ‘hosts’ file remains modified”.
The software is available for Windows machines running Windows XP SP2 or later, Vista and Windows 7. Users have to validate their copy of Windows using the sometimes irksome Windows Genuine Advantage utility. Counterfeit copies of Windows are excluded from running the software, so infected machines there will continue to harbour the botnet agents and Trojans Microsoft is keen to eradicate from the Windows eco-system.
Consumers with legitimate copies of Windows can download the software from Microsoft’s microsite here. ®