A recent anti-malware test report raises reader concerns about the reliability of Microsoft Security Essentials.
Plus: A printer prints only in the Wingdings font, one-time-use credit cards for online security, and what happens to your passwords if you let a password-manager subscription lapse.
Concern — and controversy — over MSE AV scores
Microsoft Security Essentials’ relatively low scores in recent anti-malware tests prompted several Windows Secrets readers to question whether it’s advisable to use Microsoft’s free AV tool (and, by extension, Win8′s nearly identical Windows Defender). For example, this from Jim Clawson:
“I know Fred Langa is a fan of MS Security Essentials. Given the How-To Geek article, “Goodbye Microsoft Security Essentials,” has he any comments or concerns about MSE?”
The How-To Geek article is based on anti-malware tests published by the respected security company AV-TEST. Its most recent report gives MSE the lowest overall ranking among 26 home AV products, both free and paid.
I’m not all that surprised by the results — they fall in line with what I’ve written earlier about MSE. For example, see the following LangaList Plus stories:
MSE delivers mixed results in antivirus tests (May 19, 2011, article)
New tests pan Microsoft Security Essentials (Nov. 8, 2012, item)
MS Security Essentials: Poor showing in new test (Dec. 20, 2012, article)
As it turns out, How-To Geek and I come to nearly the same conclusion. How-To Geek states:
“If you’re a geek like we are, MSE and Windows Defender are very usable. If you have good security practices and know what you’re doing, you can manage just fine with this lightweight option. But average Windows users don’t always follow proper security practices and should use a strong antivirus [product] that does well in tests — as Microsoft [itself] now recommends.”
(Whether Microsoft really recommends third-party AV products over MSE is somewhat controversial. According to the How-To Geek article, there seems to be disagreement within Microsoft about the use of MSE vs. third-party apps .)
Here’s what I first stated in a Nov. 8, 2012, LangaList Plus item — and expanded upon in the Dec. 10, 2012, column:
“MSE is probably not the best for novice users and those who rarely think about PC security — users who click any link that interests them and who ignore security warnings. Those users need lots of protection — mostly from themselves!
“For the most part, Windows Secrets readers tend to be experienced and involved PC users. They take security seriously. For that type of user, I still consider MSE an excellent choice.”
I still believe that conclusion holds true. With one exception, no malware has ever gained a foothold on any of my MSE-protected systems (currently, four physical PCs and eight virtual machines). As an experiment, I deliberately allowed one system to become infected, as detailed in the April 7, 2011, Top Story.
That doesn’t mean MSE is a panacea or the perfect solution for all users. As I’ve said repeatedly for several years now, MSE is not a good option for users who tend to click every dialog box that comes their way — including those bogus “You’re infected with 478 viruses! Click here to clean!” warnings.
But MSE should still work fine if you follow good general security practices and can recognize those faux security warnings.
You should also keep in mind that AV tests are far from definitive. They’re a snapshot in time, and product rankings are not a precise measurement of anti-malware capabilities. For a more accurate picture, you have to dig into what the various test results mean and how they are weighted.
The bottom line: Use what you’re comfortable with. To quote a bit more from that Dec. 20, 2012, story:
“I’m still comfortable using MSE. It’s proven reliable on my systems, and it’s easy to use. [But] if you’re not comfortable with MSE, then pick another tool! There are many other good products available, both free and paid.”
I see no reason to revise that advice.
Printer prints everything in Wingdings
Needing help with a perplexing printer problem, reader HB sent in a sample of his botched printouts. Portions of Calibri-based, on-screen text printed in what appeared to be Wingdings — or some similar graphics/icons font. In other words, the printout was gibberish. HB wrote:
“The email displayed correctly in Windows Live Mail, but the body did not print correctly. I tried three different printers. If the Calibri font is not one of the printer-resident fonts, shouldn’t the printer use substitution, emulation, or a soft font?”
I don’t know what printers you’re using, HB, but inexpensive small-office/home-office printers typically don’t have resident fonts. In fact, these devices are relatively dumb — storing virtually nothing internally, they’re mostly controlled by printer drivers running on the PC.
For that reason, when a printer has non-mechanical problems — such as the mangled fonts you encountered — the fault usually lies with computer-based applications and/or drivers. You can often correct such problems by simply replacing or refreshing the printer software/drivers. Here’s how:
Uninstall all printer software. Using Windows’ application uninstaller (via the Control Panel), remove the printer’s original software plus any installed aftermarket printer utilities, extensions, or add-ons.
Uninstall the printer drivers. Open Windows’ Device Manager and find the problematic printer by name. (Need help? See the section on refreshing drivers in the Oct. 23 LangaList Plus item, “Different approaches to solving driver problems.”)
Clear the printer. Unplug it from both the PC and the wall socket.
Reboot the PC. This will ensure there are no related processes still running in Windows.
Download and install new printer software/drivers. Go to the printer-vendor’s site and grab the latest software and drivers for your specific printer model. (Note: Follow the manufacturer’s instructions to the letter. For example, don’t reconnect or power-on the printer until the instructions specifically say to do so.)
Don’t immediately reinstall third-party printer utilities, add-ons or extensions. Wait until after you’ve installed and tested the printer’s base software. That will help determine whether the problem was caused by the printer’s software or by a specific third-party app.
In the unlikely event you still have printing issues, you might try using the above steps to reinstall the software and drivers for your USB or wireless subsystems, depending on which connection the printer uses to communicate with the PC.
But in most cases, simply removing and reinstalling the printer software and drivers is all it takes to restore full, normal operation.
Are one-time-use credit cards worthwhile?
After reading the Oct. 17 Top Story, “Protect yourself from the next big data breach,” Thomas Gabrielsson suggested using one-time account numbers to improve online security.
“Reading about the information theft at Adobe reminded me of an excellent service my bank offers: a disposable electronic credit card.
“Whenever I need to pay online, I can generate a unique credit-card number, specify the credit limit to just above the amount needed, and set the expiration date for a month out.
“Should a not-so-nice someone acquire the account information after my online purchase, the card no longer has money, validity, or any connection to my actual account.”
Thanks, Thomas. Unfortunately, not all credit-/debit-card issuers provide that type of service. Finding those who do might require calling individual financial institutions or visiting their websites.
While hunting for this type of service, keep in mind that it goes by many different names: one-time numbers, disposable numbers, one-time-use cards, virtual cards, virtual accounts, etc. Some institutions even use trademarked names, such as Bank of America’s “Shopsafe” offering.
Also, there are some good reasons to not use one-time cards — which might explain why not all card-issuers offer them.
For example, many retail establishments require that returned items be validated with the same card used to make the purchase — and any refund must be credited back to that specific card. Obviously, a one-time card could easily complicate the return process, requiring human intervention at a customer support desk or site. (Save your receipts!)
Getting a boarding pass at an airport kiosk might require the same card used originally to buy the tickets. If you purchased the tickets with a one-time card, you might end up getting stuck in a long queue for a human agent — and watch your flight’s departure time tick ever closer.
Used judiciously, one-time cards can help protect you from identity theft. But it’s important you take their limitations into consideration. It’s always best to read the vendor’s policies before using a virtual credit card.
Potential drawbacks with paid password managers?
Jim Kent likes the concept of a password manager, but he’s concerned about using subscription-based versions.
“I just read your article about secure passwords ['Protect yourself from the next big data breach,' Oct. 17 Top Story], and I’m interested in going [the password-manager] route — probably using RoboForm.
“But what happens to all those long, bullet-proof passwords if I cancel my subscription? How do I get back into the app to change all my passwords back to normal?”
No password manager I know of locks you out of your passwords if you don’t renew or upgrade your subscription. That could be construed as a form of extortion.
For example, if you drop your RoboForm subscription, you won’t get new versions of the software, you lose automatic password synching between devices, and passwords are no longer saved online on RoboForm servers.
But local copies of the RoboForm software still work — you still have full access to the RoboForm-encrypted passwords stored on your hard drive.
As I stressed in the original article, I’ve used RoboForm for a decade and I like how it works. I’ve found no compelling reason to try another password manager. But there are many fine alternative managers available. If you’re not comfortable with the commercial aspects of RoboForm (or similar subscription-based tools), try any of the free products mentioned in the Oct. 17 Top Story. Any one of them might serve you just as well!
Finding the best password manager for your needs is relatively easy. Download a few candidates and add a few passwords. Most of the paid versions offer some sort of limited free trial. Just keep in mind that once you add all your passwords to a password manager, you’re likely to stick with it for the foreseeable future.