Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Businesses Microsoft Security Software Windows News Technology

Microsoft Fails Antivirus Certification Test (Again), Challenges the Results 228

Posted by timothy
from the but-we-wrote-the-virus-too dept.
redletterdave writes "For the second time in a row, Microsoft's Security Essentials failed to earn certification from AV-Test, the independent German testing lab best known for evaluating the effectiveness of antivirus software. Out of 25 different security programs tested by AV-Test, including software from McAfee, Norman, Kaspersky, and others, Microsoft's Security Essentials was just one out of three that failed to gain certification. These results are noteworthy because Microsoft Security Essentials is currently (as of December) the most popular security suite in North America and the world."
This discussion has been archived. No new comments can be posted.

Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Comments Filter:
  • Return fire! (Score:5, Informative)

    by slashmydots (2189826) on Thursday January 17, 2013 @06:19PM (#42621357)
    Aaaaaand AV-TEST responded already:
    http://www.theregister.co.uk/2013/01/17/avtest_microsoft_test_dispute/ [theregister.co.uk]
  • by ohnocitizen (1951674) on Thursday January 17, 2013 @06:23PM (#42621397)
    A piece of software might be #1 in one market (the US), #1 overall (the world), but not #1 in other markets (like Europe, Japan, or South Africa).
  • by DragonWriter (970822) on Thursday January 17, 2013 @06:29PM (#42621439)

    Did it REALLY need to be specified that it's the most popular in North America AND the world?

    Yes.

    They DO realize that North America is part of the planet, right?

    And yet, its quite possible for something to be the most popular in North America but not the most popular in the world, or vice versa. So, inasmuch as both "North America" and "the world" are interesting scopes of analysis, it is meaningful to identify that MSSE is the most popular in each of those scopes.

  • Re:Return fire! (Score:5, Informative)

    by Frosty Piss (770223) * on Thursday January 17, 2013 @06:30PM (#42621451)

    An interesting part of the El Reg story:

    The AV-Test results show that Microsoft's twin security programs protected against 100 per cent of known threats, as did every other security suite. The two packages produce low rates of false positives in comparison to the competition and are significantly lighter on processor load during operations.

    But where Redmond is falling down is in protecting against zero-day attacks. Security Essentials and Forefront both scored last in this regard among all the suites tested, getting 78 per cent of zero-days apiece. Blackbird said that AV-Test attached too much importance to the zero-day threat in its metrics, since that section of the testing accounts for 50 per cent of the final score, but Marx argued that zero-day performance was crucial to real-world threats.

  • Re:That site is BS (Score:4, Informative)

    by LordLimecat (1103839) on Thursday January 17, 2013 @06:38PM (#42621513)

    They actually do test for performance under the usability category, and their results (bitdefender as top pick) matches the results from the well respected AV Comparatives, and the rest of their results arent much different-- those top 3 you mention are all AV Comparatives top picks ( http://www.av-comparatives.org/images/docs/avc_sum_201212_en.pdf [av-comparatives.org] )

    Might have been nice if you actually did some research before spouting off.

  • Re:This is why (Score:5, Informative)

    by icebike (68054) on Thursday January 17, 2013 @06:46PM (#42621565)

    The point is that MSSE was basically the best AV because it has no financial interest in bugging the user to upgrade to a pro version or to use scare tactics. Now that MSSE is out of the race, we're back to "OK" avs with complicated interfaces and upgrade prompts all over the place.

    Users tended to love MSSE because it shut up and did its job, unlike most of the alternatives.

    If you read Microsoft's response, they are concentrating on anything that exists in the wild, not absolutely everything in the world.
    I rune MSSE and also do a weekly scan with another paid virus scanner, and neither has detected anything that the other missed, other than
    Avira has found several false positives.

  • Re:This is why (Score:5, Informative)

    by Luckyo (1726890) on Thursday January 17, 2013 @07:28PM (#42621859)

    MSSE does its job, and does it well. The main point where it "fails" is detecting zero day stuff or stuff that is rarely or never detected outside the labs.

    Zero day stuff is detected with heuristics. Heuristics are the main cause for massive amount of false positives. MSSE has it set to low on purpose - to minimize constant "I've detected something that sorta, kinda, might possibly, maybe, be something that remotely resembles a virus" that many other AV suites tend to get.

    So unless you're being actively targeted by zero day virii (and these tend to be costly, so private person is highly unlikely to be a target), MSSE is probably the best option on the market. It's free, it doesn't have overly right heuristics engine telling you that compressed executables are potential viruses, it's fast because it doesn't do those intensive heuristics scans.

    And it detects most non-zero day stuff just fine.

    And that's the reality of it. If you're a company, or a person in need of some extra chance of detecting zero day threats at expense of significant loss of system resources as well as dealing with false positives, you should look elsewhere. If you're just a home user with sane security policy, MSSE is likely the best choice for you.

    I strongly recommend you read microsoft's answer. It's very through in why the entire "certification" is basically yet another attempt to scare people into buying anti-malware suite.

    Below are the main bullet points of MS's answer in addition to factor mentioned above:

          1. AV-Test reports on samples hit/missed by category. We report (and prioritize our work) based on customer impact.
          2. AV-Test's test results indicate that our products detected 72 percent of all "0-day malware" using a sample size of 100 pieces of malware. We know from telemetry from hundreds of millions of systems around the world that 99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test.
          3. AV-Test's test results indicate that our products missed 9 percent of "recent malware" using a sample size of 216,000 pieces of malware. We know from telemetry that 94 percent of these missed malware samples were never encountered by any of our customers.

  • Re:Return fire! (Score:4, Informative)

    by Skuld-Chan (302449) on Thursday January 17, 2013 @07:52PM (#42621999)

    Real World (TM) experience here - we use McAfee in our enterprise (happens to be a university) and if I had a dollar for every zero-day Virus that goes completely unchecked by McAfee I could quit my day job. McAfee went weeks on the Mac before it could even detect Flackback - as a good example.

    Virus scanners only catch low hanging fruit - I wouldn't count on them for detecting zero-day attacks and vulnerabilities - because they don't work.

  • by mark-t (151149) <markt@@@lynx...bc...ca> on Thursday January 17, 2013 @08:51PM (#42622421) Journal
    No... it is not. Using an ending of 'i' for the plural form from words where the singular form ends in 'us' comes from Latin, and is as such only applicable to Latin plurals. Virus is originally a Latin word, but in Latin could not itself possess a plural, because it did not denote a single thing. It is best likened to an English noun which does not have a quantity associated with it, such as "happiness" or "everything", and so does not make any sense to try to pluralize. If you are a native English speaker, trying to pluralize such words is going to probably sound sort of odd. That's because it's wrong. In modern English, we have have altered the conceptual meaning of the word virus so that it can refer to a unique thing, but because that is an English invention and not Latin, the plural follows English convention for pluralization and not Latin. Hence, viruses.
  • Re:This is why (Score:5, Informative)

    by Luckyo (1726890) on Thursday January 17, 2013 @10:46PM (#42622879)

    Because people do things like open files in emails from friends, have people they know stick USB thumb drives in their machines and so on. These are infection vectors that you can't really handle with a firewall.

Old programmers never die, they just branch to a new address.

Working...