[Michael]

There have been a lot of talks about Microsoft Security Essentials. A lot of criticism too.

Well, as far as I'm concerned, I find that it beats a lot of the paid AV products.

Take this pretty common Trojan from fastdor.ru/video/preview_tube.mpeg.exe



Well, only a handful of AV vendors are detecting it. A lot of the big guys don't detect anything at all!

Microsoft picks it up without a problem:



Note that I downloaded this file several times from that site, and the binary constantly changed its MD5. Despite that, MSE continued to detect the file.

MSE's main install only takes 11 MB out of your hard drive



While it's DB remains small as well:



There are 2 main files for the full DB. mpasbase.vdm (anti-spyware) and mpavbase.vdm (anti-virus) which are respectively 9 and 29 MB.

What is Microsoft's secret recipe for being so good? What kind of detection are they using that they can maintain such small Databases? I wanna know ;-)

Jerome Segura

Malware ID: 81d216b763f6de31fd7fa1508c50c03c.zip