Author Topic: Microsoft Security Essentials, a steaming pile of sh*t  (Read 931 times)

jj2007

  • Member
  • *****
  • Posts: 7542
  • Assembler is fun ;-)
    • MasmBasic
Microsoft Security Essentials, a steaming pile of sh*t
« on: November 11, 2016, 07:34:13 PM »
OK, it's only a small part of the OS, and it has to compete with jewels like Adobe Flash and Avast, but still: MSE should receive an honourable mention :t

This is on Win7-64, and it started a few weeks ago:
- in the lower right corner, a greenish popup says that MSE is cleaning your PC
- then it says "no threats detected"
- but you may notice that something does not work any more
- so you find the icon and double-click it
- clicking your way through, you may see something like history (it's "cronologia" on my Italian OS)
- and the dangerous files section is, hooray, empty
- unless you click on the administrator only button
- and only then you will find the precious tool that doesn't work any more because it's a "serious" threat:
Code: [Select]
Category: Trojan
Description: This program is dangerous and executes commands received by the attacker.
Recommended Action: Remove this software immediately
Elements:
file: C: \ MASM32 \ JTools \ AlarmClock.exe

Great, so click on the "allow execution" button, another dark screen signalling DANGER, but since you are a) courageous and b) have assembled AlarmClock.exe yourself, you click your way through and allow execution. Job done :t
Job done ::) ??? No, a quick control reveals that the dangerous trojan has not returned to its location. Only solution: Rebuild it...

Here is Jotti's opinion about the file - 1 out of 19, only Avast believes it's dangerous:
Code: [Select]
Win32:Evo-gen [Susp] is a generic detection used by Avast Antivirus, Avast Internet Security and other antivirus products from
Avast for a file that appears to have trojan-like features or behavior.

Oops, that looks really dangerous, Avast! However, I've found a fantastic workaround: I added a manifest, and now it's clean, 0 of 19, hooray!

Fortunately, virus writers are so dumb that they have not yet detected the manifest trick :greensml:

Redmond, you are pushing Hutch into the arms of Linux... I still resist but... :eusa_boohoo:



anunitu

  • Member
  • ****
  • Posts: 896
Re: Microsoft Essentials, a steaming pile of sh*t
« Reply #1 on: November 11, 2016, 07:55:29 PM »
I capped that "Feature" first thing in Win7 64,and slipped in Comodo internet free,and working fine.

Most likely MS detected your file because no one programs in assembler except the "Bad" hackers.

Grabs MS by the shoulders and shakes and shakes until I hear a VERY loud POP...

sinsi

  • Member
  • ****
  • Posts: 996
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #2 on: November 11, 2016, 08:34:09 PM »
Ticket raised: Y1300
Reason: Incorrect title
Recommendation: Replace "Microsoft Security Essentials" with "Any anti-virus"
Approved: yes, [signed]sinsi[/signed]


When I'm not cleaning up Windows 10 I am telling customers why Norton/AVG/McAfee/MSE/Kaspersky/... let the nasty in.
Now imagine trying to explain how your CCTV or even your light bulbs can turn into a DDOS bot  :shock:

http://www.theregister.co.uk/2016/11/10/iot_worm_can_hack_philips_hue_lightbulbs_spread_across_cities/
http://www.theregister.co.uk/2016/10/21/dyn_dns_ddos_explained/
I can walk on water but stagger on beer.

jj2007

  • Member
  • *****
  • Posts: 7542
  • Assembler is fun ;-)
    • MasmBasic
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #3 on: November 11, 2016, 09:11:31 PM »
Recommendation: Replace "Microsoft Security Essentials" with "Any anti-virus"

Sinsi,

So far I've defended MSE, but that it deletes my legitimate and harmless tools and tells me lies about its actions, that is something I won't accept. Really, have a look at the steps listed above - it's plain ridiculous.

Go and look for comparison tests - MSE is always among the worst. I've uninstalled it now, and trying Bitdefender free. We'll see.

P.S.: Attention, Bitdefender deletes files without warning. So far 335 threats detected in \Masm32 ::)

sinsi

  • Member
  • ****
  • Posts: 996
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #4 on: November 11, 2016, 09:42:01 PM »
Er, I am not defending it, just saying that they are all crap. My browsing/downloading nowadays is from a VM.
I can walk on water but stagger on beer.

anunitu

  • Member
  • ****
  • Posts: 896
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #5 on: November 11, 2016, 10:05:06 PM »
The detector programs are very afraid of our "MAGIC" assembler spells. Because you all know that assembler is a product of the devil...

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4807
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #6 on: November 11, 2016, 10:50:43 PM »
I found Avast dropped an error on anything that uses Pelle's linker and the place to put bad reports in this forum is the AV Sh*t List so these morons can find it. I am all in favour of giving AV vendors a hard time because their phukups trash decent well written work by experienced programmers. Anything built for Vista and later should have both a manifest and a version control block so morons like this can detect them. To put it bluntly,

AVAST is a dodgy heap of chyte.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

GuruSR

  • Member
  • **
  • Posts: 116
  • Assembler (6500, 68k, Intel), C(all), VB6, no .Net
Re: Microsoft Security Essentials, a steaming pile of sh*t
« Reply #7 on: November 14, 2016, 08:25:59 AM »
With Sinsi on this, and MSE is among the growing list of deleting Anti-Malware/Virus apps out there.

Today I had an issue with Avast, though I am thinking it's a linking bug, did a compile again and it didn't get eaten.  Though most of the time it seems to be linked to the resources for the Application's icon.

And the biggest reason for a lot of malware getting onto your machine.  They're digitally signing them now, and have actually registered their software "legitimately" by digitally signing it and have thus told the Anti-remover companies to remove those unwanted signatures from their databases or they'll face legal battles.  So, some companies (not naming them) have a "public version" of a removal app and a "nasty version" of a removal app that does go after those "legitimately" crafted pieces of (still no crap icon).

But one thing I have noticed, that 99% of the time with Avast, it's been the resource of the AppIcon causing it to eat it, so I may delve into that to find the issue.  Could be yours too.

GuruSR.
Learned 68k Motorola Asm instruction set in 30 minutes on the way to an Amiga Developer's Forum meeting.
Following week wrote a kernel level memory pool manager in 68k assembler for fun.