MS Security Essentials. Why is it free?

[Product FRED]

Yes that's true. As I've said before, i don't advocate piracy but it is interesting to see how these things work.

 

[dmex]

But Windows must be validated and flagged as genuine to install & use it

You would think so but it doesnt, I always install MSE right after installing Windows before entering my cd-key and activating (I dont enter or activate during setup) and its always said my Windows is genuine

It continues to work even if your activation fails later, however if your activation already failed and then you tried installing MSE, it will refuse to install.

 

[jimbo45]

But Windows must be validated and flagged as genuine to install & use it

You would think so but it doesnt, I always install MSE right after installing Windows before entering my cd-key and activating (I dont enter or activate during setup) and its always said my Windows is genuine

It continues to work even if your activation fails later, however if your activation already failed and then you tried installing MSE, it will refuse to install.

Hi there.

That method won't work for much longer.

I think in any case it's always better to test a few things BEFORE activating your copy of Windows -- you might within a short time decide either to move or TRY the W7 installation to / on another machine or change the hardware within a few days of installing Windows. - Or (unlikely but possible) you could decide you don't like W7 - so you give it away or sell it. - This is fine so long as it hasn't been activated.

The main point is that people shouldn't worry about having to VALIDATE their copy of windows. It makes sense as well -- if you've got a "dubious" version of Windows how do you know it hasn't been tampered with -- even on this Forum I doubt whether there are many individuals who could "dis-assemble" the Windows kernel to see if it is OK. And further - how could you rely on ANY AV software working properly on a "doctored" version of Windows -- surely the first thing a sensible hacker would do would be to bypass all the entry points and hooks in the kernel so that the AV software would report everything is running - A-OK.

Cheers
jimbo

 

[dmex]

how could you rely on ANY AV software working properly on a "doctored" version of Windows -- surely the first thing a sensible hacker would do would be to bypass all the entry points and hooks in the kernel so that the AV software would report everything is running - A-OK.

You cant completely hide anything on Windows, nearly every rootkit developer forgets something and AntiVirus will still detect parts of the infection

You modify the file; you modify its signature, You hook a system function; you change the function address (traceable thread stack), the more a rootkit changes the default layout of Windows the easier it is to identify and capture its activity.

My tool Process Hacker is very good at detecting hidden rootkits and other nefarious software if you know what your doing and you know what would be considered abnormal on Windows, It works allot better on 32bit because of our KPH kernel driver thats able to bypass many things including AntiVirus protections, you have to self-sign the x64 driver before it's allowed to load but it still does a damn good job.

Even then, Im yet to see one virus or rootkit thats able to evade our running process/module api query sets or every one of our terminators

 

[jimbo45]

Hi there

Therein Lies the rub :sarc:.

You can only DETECT what your "dectection" software can find. - If it doesn't find anything can you really say that there is NOTHING to detect.

Detection software can be pretty good - but you are really using a similar argument to people who think S.E.T.I is a waste of time -- the fact you haven't found / measured anything doesn't mean that it isn't there or doesn't exist.

You could of course turn the whole thing into an endless philosophical argument by stating that if something is undetectable or not measureable - then it doesn't exist.

I think I'll end on that point.

Cheers
jimbo

 

[dmex]

Hi there

Therein Lies the rub :sarc:.

You can only DETECT what your "dectection" software can find. - If it doesn't find anything can you really say that there is NOTHING to detect.

Detection software can be pretty good - but you are really using a similar argument to people who think S.E.T.I is a waste of time -- the fact you haven't found / measured anything doesn't mean that it isn't there or doesn't exist.

That logic is a bit flawed and its clear you dont fully understand how ProcessHacker/ProcessExplorer is designed and used and why these tools are so great.

Your anti-virus signatures are created by humans after they detect and analyze something that they currently dont detect or know about, now if something could be that undetectable then how would they ever know about it to be able to ever analyze it and create a signature for it? Ill wait for you to explain that one

The difference between anti-virus detection and ProcessHacker is that the detection 'software' is you the user, we display everything about a process/module/thread/.../... etc.. you could ever possibly know, the exact same things your antivirus vendor uses when their staff analyze software, the difference being that its you the user that needs to know if its indeed legit.

We believe A human is much better at detection than an automated system like anti-virus could ever possibly hope to achieve and this is where Process Hacker and Process Explorer's true ability resides.

So yes 'therein Lies the rub', Process Hacker/Explorer is useless for anyone who doesn't know how things should be, doesn't know how things work, doesn't know any better, doesn't understand or doesn't care. If your in this group then you have no chance at detecting anything but your own stupidity

 

[Wishmaster]

EDIT: The question I had was actually answered, just overlooked it :-/

 

[546 Inspiron]

I liked and used MSE and would have continued to use it. But last week they changed it to only use windows update. ANDit changed my settings to auto download and install. All without telling me it was going to do that.

I removed it from my system and won't reinstall it.

I would be glad they are making everything easy, convenient and free.