Paul Thurrott has a comprehensive review of the software on his blog. Quote:
Microsoft describes MSE as a "thin layer on a deep technology stack." It's comprised of a user mode service and a kernel mode driver, so it can handle malware no matter where it lives in the system. It's all backed up by a series of web services, including telemetry data through the SpyNet service, Microsoft Update, and a separate signature update service.
Thanks to the 450 million people who automatically download security updates every month from Microsoft Update, the software giant has a unique and gigantic feedback loop from which they can quickly identify new attacks and react aggressively. On the client itself, the MSE real time protection mechanism operates at the kernel level to examine the behavior of unknown binaries and then sandbox potential malware before it can do any harm. And thanks to a new Dynamic Signature Service, MSE can immediately query online to see if there is anything that matches what its seeing on the PC. Because of its kernel mode hooks, MSE can also detect kernel mode rootkits and, in many cases, even clean them out after they've rooted their way into the system.
I installed MSE today. I'll be watching for other reviews (especially criticism) of the suite, and I'll report any significant information here.
No comments:
Post a Comment