My MSE Security Flaw (not?)

Apr - 29 2010 | By

I’ve been using Microsoft Security Essentials for a couple of weeks. It has not buggered up my resources (mind you, SilentBob has 4GB RAM and a decent processor) nor destroyed anything essential (unlike McAfee). I can heartily reccommend it for normal lusers users.

With one reservation.

I am using a third-party software firewall. Comodo Internet Security is the only option I had for x64 that was free. It’s quite effective — just DON’T install the antivirus! DON’T! The firewall is great; the antivirus is a millstone. Normally I use ClamWin, a modest scan-on-demand open source AV. My scans are always boring. They’ve been less boring with MSE, which has picked on a number of things that weren’t causing any trouble…souvenirs that I kept quarantined in my own way…but as I said, it hasn’t really hurt anything. The pickiness is very good for the normally unaware user.

But when it updates…. Now I realize that the weird and sneaky way it updates is a good security measure. The problem is, every time it creates its new updater file in a directory with a new name, the firewall sends up a warning. Do I want to let this new EXE run? Both proggies are just doing their job, and I just click the button.

This is where the problem bites. Today, I caught myself clicking the button without reading the message. BAD! Any warning related to an action that I did not initiate must be examined. However, MSE’s daily update makes the “Okay, let it do its thing” reaction habitual for a warning that occurs soon after startup. What if it was something MSE missed? It could. Nothing’s perfect. I don’t trust anything.

There is no way I can tell Comodo to lay off MPMiniSigStub.exe because it is never the same. Names don’t count in the security game, and even if they did, it’s a different folder name each time. I am stuck with this daily warning about something that is there to do good; and if I’m busy, groggy, on the phone — no kidding, the first time, it interrupted a long-distance phone call — I either stop everything and squint hard at the tiny message font or take a chance. I may be fearless, but I’m not much of a gambler.

To flaw is human. *rolls eyes*

May 16 — the daily warning has stopped. Perhaps my firewall has “learned” that the daily odd file is OK. Or maybe it reads my blog.

BTW, MSE is a right beyotch when it comes to irregularities in Windwoes registration. It may pass your Winderz as legal when it installs only to nail you on the first scan. It also likes to turn on automatic updates, apparently. I had some fun recently when I installed it in a more experienced computer. Rolled back to the previous AV and retweaked Windwoes. But as long as your OS is legal and up to date, it is still one of the better free alternatives. Probably the best ever to replace the foistware you get stuck with in a new machine.