Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Businesses Microsoft Security Software Windows News Technology

Microsoft Fails Antivirus Certification Test (Again), Challenges the Results 228

redletterdave writes "For the second time in a row, Microsoft's Security Essentials failed to earn certification from AV-Test, the independent German testing lab best known for evaluating the effectiveness of antivirus software. Out of 25 different security programs tested by AV-Test, including software from McAfee, Norman, Kaspersky, and others, Microsoft's Security Essentials was just one out of three that failed to gain certification. These results are noteworthy because Microsoft Security Essentials is currently (as of December) the most popular security suite in North America and the world."
This discussion has been archived. No new comments can be posted.

Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

Comments Filter:
  • This is why (Score:5, Insightful)

    by LordLimecat ( 1103839 ) on Thursday January 17, 2013 @06:06PM (#42621237)

    For anyone who didnt get why bundling MSSE with Win8 was a terrible idea, this is it. I guarentee it is now the very first thing malware authors test against prior to release, and the number one target for circumvension. Previously McAfee and Norton were heavily targetted for circumvention, and had correspondingly bad scores; now its MSSEs turn.

    Really, its eerie how perfectly the timing corresponds with Win8's release.

    Hooray monoculture! Hooray killing off a previously viable AV option!

    • Re:This is why (Score:5, Insightful)

      by bmo ( 77928 ) on Thursday January 17, 2013 @06:18PM (#42621347)

      So whatever next comes out on top for market share will be the target. So what?

      You don't even need to have the top 10 virus scanners installed even locally, there are websites that will happilly test your particular malware against the top 10 for you, automagically.

      I don't see the point of your message, honestly.

      --
      BMO

      • Re:This is why (Score:5, Insightful)

        by LordLimecat ( 1103839 ) on Thursday January 17, 2013 @06:25PM (#42621407)

        The point is that MSSE was basically the best AV because it has no financial interest in bugging the user to upgrade to a pro version or to use scare tactics. Now that MSSE is out of the race, we're back to "OK" avs with complicated interfaces and upgrade prompts all over the place.

        Users tended to love MSSE because it shut up and did its job, unlike most of the alternatives.

        • Re: (Score:2, Insightful)

          by mark-t ( 151149 )

          Except, I think, that the point of the article is that MSSE *WASN'T* doing its job.

          Or at least not doing it well.

          • Re:This is why (Score:5, Informative)

            by Luckyo ( 1726890 ) on Thursday January 17, 2013 @07:28PM (#42621859)

            MSSE does its job, and does it well. The main point where it "fails" is detecting zero day stuff or stuff that is rarely or never detected outside the labs.

            Zero day stuff is detected with heuristics. Heuristics are the main cause for massive amount of false positives. MSSE has it set to low on purpose - to minimize constant "I've detected something that sorta, kinda, might possibly, maybe, be something that remotely resembles a virus" that many other AV suites tend to get.

            So unless you're being actively targeted by zero day virii (and these tend to be costly, so private person is highly unlikely to be a target), MSSE is probably the best option on the market. It's free, it doesn't have overly right heuristics engine telling you that compressed executables are potential viruses, it's fast because it doesn't do those intensive heuristics scans.

            And it detects most non-zero day stuff just fine.

            And that's the reality of it. If you're a company, or a person in need of some extra chance of detecting zero day threats at expense of significant loss of system resources as well as dealing with false positives, you should look elsewhere. If you're just a home user with sane security policy, MSSE is likely the best choice for you.

            I strongly recommend you read microsoft's answer. It's very through in why the entire "certification" is basically yet another attempt to scare people into buying anti-malware suite.

            Below are the main bullet points of MS's answer in addition to factor mentioned above:

                  1. AV-Test reports on samples hit/missed by category. We report (and prioritize our work) based on customer impact.
                  2. AV-Test's test results indicate that our products detected 72 percent of all "0-day malware" using a sample size of 100 pieces of malware. We know from telemetry from hundreds of millions of systems around the world that 99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test.
                  3. AV-Test's test results indicate that our products missed 9 percent of "recent malware" using a sample size of 216,000 pieces of malware. We know from telemetry that 94 percent of these missed malware samples were never encountered by any of our customers.

            • by Smauler ( 915644 )

              So unless you're being actively targeted by zero day virii (and these tend to be costly, so private person is highly unlikely to be a target), MSSE is probably the best option on the market.

              I've run a home computer for about 20 years... I got hit by one virus running win2k back in 2005.

              My policy is just to run a local (mostly hardware based) firewall, and not run anything stupid. It works.

              I'm not sure why anyone uses antivirus software, especially consumers... it just annoys, and nothing else.

              • Re:This is why (Score:5, Informative)

                by Luckyo ( 1726890 ) on Thursday January 17, 2013 @10:46PM (#42622879)

                Because people do things like open files in emails from friends, have people they know stick USB thumb drives in their machines and so on. These are infection vectors that you can't really handle with a firewall.

            • to me this just proves that the anti-virus vendors are busy making malware to be detected. Microsoft is busy making other things, and isnt spending time making shit to prove that their AV is good enough.

          • by Darby ( 84953 )

            But it shut up!

            Reminds me of how I saved the day at work one time. Backups were taking forever and killing I/O intensive processes. I redirected those puppies to /dev/null and user complaints stopped.
            I got a new job not long after. Heard the old place went out of business soon after I left...something about failed DR incident. Rubes.

        • Re:This is why (Score:5, Informative)

          by icebike ( 68054 ) on Thursday January 17, 2013 @06:46PM (#42621565)

          The point is that MSSE was basically the best AV because it has no financial interest in bugging the user to upgrade to a pro version or to use scare tactics. Now that MSSE is out of the race, we're back to "OK" avs with complicated interfaces and upgrade prompts all over the place.

          Users tended to love MSSE because it shut up and did its job, unlike most of the alternatives.

          If you read Microsoft's response, they are concentrating on anything that exists in the wild, not absolutely everything in the world.
          I rune MSSE and also do a weekly scan with another paid virus scanner, and neither has detected anything that the other missed, other than
          Avira has found several false positives.

          • Sorry, but last time I checked, which happened to be last weekend, MSSE found exactly one "threat" on my Win PC, which was EICAR(!).

            Kaspersky detected 280+ threats, mainly Metasploit components but Kaspersky also found threats within the Quarantine of Symantec.

    • Re:This is why (Score:5, Interesting)

      by smpoole7 ( 1467717 ) on Thursday January 17, 2013 @06:21PM (#42621367) Homepage

      I'm anything but a Microsoft lover, but I have to defend them.

      About a million years ago, back during the DOS era, a friend and I wrote an anti-virus suite (the ARF Antivirus, maybe you can still find it online, though I don't recommend that you use it!). It was quite effective; we used the file integrity approach, and stored the integrity information in the files themselves. (We were up front about it; some people don't like that, so we said, hey, you don't like it, just don't use our stuff. No hard feelings.)

      Ergo, I think I can at least offer an opinion that's slightly above drooling moron status.

      One of my biggest complaints about AV tests is that they're unrealistic. This has been years ago, now, so maybe it has changed, but back then, the folks who did the testing were arrogant and very hard to deal with. Your software had to produce a .TXT log file; it had to do this, it had to do that, or they would just fail it outright.

      Once you made them happy, then they tested it against every virus they could find, including some that WERE NOT (and never would be) in the wild.

      Bottom line, and to make a long story short: the people who were writing AV software back then were writing it for these tests, and not for the real world. I don't know if that's the case nowadays; I just don't know. (For that matter, maybe Microsoft's stuff really does suck. Given how badly their stuff worked back in the DOS era, it wouldn't surprise me. But I just don't know.)

      But fair is fair. I ran from that circus after about a year of endless arguments with the pompous egotists in Compuserve's Anti Virus forum. I don't know if it's still that way, but I haven't used anyone else's anti virus stuff in years (I protect my stuff a different way, primarily by using secured Linux with good backups, and with periodic integrity checks).

      • by smpoole7 ( 1467717 ) on Thursday January 17, 2013 @06:30PM (#42621449) Homepage

        Proof that I'm an old timer: my used of the term "anti virus." It's not called that nowadays. It's Malware Detection, Security Software and Shields and Bad Guy Blockers(tm). I must update my terminology and get with the times. :)

      • by Luckyo ( 1726890 )

        Actually, you just summarized microsoft's answer there. They even provide accurate numbers to back up your point along with making your point.

      • Re:This is why (Score:5, Interesting)

        by smpoole7 ( 1467717 ) on Friday January 18, 2013 @12:58AM (#42623297) Homepage

        But I'll also add this condemnation of Microsoft. I haven't traced through their OS in many, many years, so to be fair to them, things like this may no longer be the case. But back in the day, they were *notorious* for repackaging the same code over and over and over. DOS was well-understood by that point and its vulnerabilities were well-known and easily exploited.

        All because Microsoft couldn't even be bothered to reassemble or recompile key parts of the kernel.

        For example, I did one of the first analysis (analysees?) of the so-called "antiexe" virus. DOS 5 through DOS 6.22 were so similar, the freakin' offsets in the kernel didn't even change(!). The entry point to the DOS kernel was in the same exact location in all. Antiexe simply looked up the DOS data segment address, then started poking in junk at the *fixed* (and known) offset of the entry point of the kernel. That way, it could bypass most current security software. (But not ours. Grin.)

        Our system also addressed a killer bug (first discovered by Geoff Chappel) that Microsoft had known about, but had apparently not bothered to patch: if the partition table was recursive -- i.e., an extended table pointed back to itself -- the computer would hang during the boot. Even booting onto a floppy wouldn't work! As soon as the kernel on that floppy started trying to examine and mount the hard drive's partitions, it would loop forever. Hang tight.

        I can't even imagine how many people carried their computers into a shop, only to have the tech tell them that their hard drive was defective. (I know of a couple of cases myself.)

        So ... believe me when I say I'm anything but a Microsoft lover. Like I said, maybe they've improved now, but back in the day, they were making money hand over fist and couldn't even be bothered to address obvious stuff like this.

    • by morcego ( 260031 )

      I guarantee it is now the very first thing malware authors test against prior to release, and the number one target for circumvention.

      That is a good thing, as far as I'm concerned. Forces the company to improve its products.

      We don't need more security through obscurity.

      • It wont matter is MS improves, before the new daily compile of TDSS or whatever malware is released, it will be scanned with latest MSSE defs and heuristics. The malware will then be tweaked to get around it.

        This isnt new, whats new is that whereas before the malware author had to try to bypass 5-10 different heuristics and defs lists, now it goes for one and hits 80% of the market.

        • Re:This is why (Score:5, Insightful)

          by Sir_Sri ( 199544 ) on Thursday January 17, 2013 @06:53PM (#42621621)

          At least with MSSE it will silently update, millions of users running security software that isn't up to date isn't doing them any favours either.

          • It doesn't silently update for me. I checked to see what Windows Updates were available on my Win 8 machine the other day (Win 8 no longer has the nagging system tray, there's just a small bit of text on the login screen and I don't log out often) and there were definition updates that were over 2 weeks old.
    • Re:This is why (Score:5, Insightful)

      by Anonymous Coward on Thursday January 17, 2013 @06:23PM (#42621391)

      For anyone who didnt get why bundling MSSE with Win8 was a terrible idea, this is it. I guarentee it is now the very first thing malware authors test against prior to release, and the number one target for circumvension. Previously McAfee and Norton were heavily targetted for circumvention, and had correspondingly bad scores; now its MSSEs turn.

      Really, its eerie how perfectly the timing corresponds with Win8's release.

      Hooray monoculture! Hooray killing off a previously viable AV option!

      I'm sorry...but the main reason MSSE was successful in gaining marketshare wasn't simply a matter of it having microsoft's branding... it was the least obtrusive, most user-transparent, comparatively fast, full-featured and free. For years, AV/security companies have been churning out new products with more, heavy, useless "features" that just create more bloat....some of them even add entirely programs that the user gets to install and have *always* running in the background.

      People want security, but they don't want security at the expense of obscene performance losses. This is where the popular AV/security companies should have taken notice and met customer demands...rather than trying to bundle all this "value" shit and obtuse flashy menu and window designs. Lots of quality products typically end up as bloatware when they increase in popularity (i.e., AVG, AVAST).

      With MSSE, Microsoft gave people an acceptable level of protection with none of the baggage that its competitors were plagued with.

      • by amiga3D ( 567632 )

        I installed MSSE on every windows machine I cleaned up. Once I used it once I never could bring myself to use anything else. It works well enough and it actually doesn't take over the computer. All the other ones I used seemed as if the only purpose of the computer was to run the anti-virus software. I hate MS and mostly use linux or mac but my VM's have MSSE on them and so do the boxes I clean up for friends.

      • This is where the popular AV/security companies should have taken notice and met customer demands...rather than trying to bundle all this "value" shit and obtuse flashy menu and window designs.

        The reason for this is simple: out of sight, out of mind. Why would you pay for something so transparent you didn't even know it was there?

        If your AV software isn't constantly reminding you of the threat of viruses and malware, are you going to take it seriously when it comes to resubscription time?

        The companies pushing paid AV software want the user to cough up again when the user gets the "Resubscribe or face the terrible consequences!" message. They want the user to think "Hm, well this thing bugged me c

    • So what. AV crapware, regardless of vendor, is the wrong solution to the problem anyway.

  • When people have invested time and money into learning and deploying a technology, there is no argument, no matter how rational, that will persuade them to use something different.

    It's a very sad state of affairs.

  • Popularity (Score:2, Insightful)

    Popularity shouldn't be based on the number of installs, but the number of people who use it, and how often they use it. Microsoft has more or less forced people to install Microsoft Security Essentials, so I don't think it's a fair comparison at all. I don't use it, but it's there and Windows Update gets psychotic with errors and alerts if it's uninstalled. More so than if it's not "genuine" even!

  • That site is BS (Score:5, Insightful)

    by slashmydots ( 2189826 ) on Thursday January 17, 2013 @06:13PM (#42621295)
    MSSE sucks, okay. That aside, AV-TEST is a fucking joke. Their top three products on their site are the worst overall products I've ever seen. Yes, they detect viruses. They also slow your system to a crawl, have awful user interfaces, are terribly priced, have bad scanning options, slow scanning engines, have false positives like crazy, and and generally terrible. They apparently didn't take much if any of THAT into consideration unfortunately. Obviously the tests were tailored towards certain products so the whole site is a giant joke/advertisement.
    • Re:That site is BS (Score:4, Interesting)

      by AHuxley ( 892839 ) on Thursday January 17, 2013 @06:37PM (#42621501) Journal
      Well based on clicking the 31 producers on http://www.av-test.org/en/tests/home-user/ [av-test.org]
      Reading the 2012/2013 results for Protection only:
      BitDefender
      F-Secure
      Trend Micro
      Get 6 out of 6.
    • Re:That site is BS (Score:4, Informative)

      by LordLimecat ( 1103839 ) on Thursday January 17, 2013 @06:38PM (#42621513)

      They actually do test for performance under the usability category, and their results (bitdefender as top pick) matches the results from the well respected AV Comparatives, and the rest of their results arent much different-- those top 3 you mention are all AV Comparatives top picks ( http://www.av-comparatives.org/images/docs/avc_sum_201212_en.pdf [av-comparatives.org] )

      Might have been nice if you actually did some research before spouting off.

    • by rjr162 ( 69736 )

      I find it odd lavasoft shows a higher score than kerpasky for the home windows 7 group... yet their 3 (or 4 if you include useability) shows kerpasky being much better than lavasoft

  • by account_deleted ( 4530225 ) on Thursday January 17, 2013 @06:18PM (#42621349)
    Comment removed based on user account deletion
    • I use MSE in large part because it's really lightweight. Norton is a pig and AVG never failed to fuck itself up on my system. And so far I've had no malware issues, so I'm inclined to believe them here even those my experience is anecdotal.

      I used McAfee for the last 10 years, which tends to be a hog as well, but did a good job at protecting my system.

      When I recently built my new Windows 8 system I considered using MSE, but the problem is that I still don't fully trust it. I did some research and decided to go with Avast! So far, I find it to be very lightweight and was happy to find that they also have a mobile Android version.

  • "Independent" (Score:2, Insightful)

    by Anonymous Coward

    I doubt this company tests all those AV suites out of the kindess of their own heart. A "test" commissioned by the for-profit AV industry is going to show their products in a favorable light. (Or you'll never see it published)

    AV at this point is damn near snake oil. Well, at least anything beyond the coverage that MSE provides.It keeps old threats from spreading, which is good. It's damn foolish to be hit by a 2 year old virus. In the enterprise/buisness having an AV suite is just PR move. A CYA to show tha

  • Return fire! (Score:5, Informative)

    by slashmydots ( 2189826 ) on Thursday January 17, 2013 @06:19PM (#42621357)
    Aaaaaand AV-TEST responded already:
    http://www.theregister.co.uk/2013/01/17/avtest_microsoft_test_dispute/ [theregister.co.uk]
    • Re:Return fire! (Score:5, Informative)

      by Frosty Piss ( 770223 ) * on Thursday January 17, 2013 @06:30PM (#42621451)

      An interesting part of the El Reg story:

      The AV-Test results show that Microsoft's twin security programs protected against 100 per cent of known threats, as did every other security suite. The two packages produce low rates of false positives in comparison to the competition and are significantly lighter on processor load during operations.

      But where Redmond is falling down is in protecting against zero-day attacks. Security Essentials and Forefront both scored last in this regard among all the suites tested, getting 78 per cent of zero-days apiece. Blackbird said that AV-Test attached too much importance to the zero-day threat in its metrics, since that section of the testing accounts for 50 per cent of the final score, but Marx argued that zero-day performance was crucial to real-world threats.

      • Re:Return fire! (Score:4, Insightful)

        by TheLink ( 130905 ) on Thursday January 17, 2013 @06:56PM (#42621641) Journal

        But how do they test for effectiveness against zero-day attacks? Where do they get the zero-days from? If I'm a virus author I'd test my zero day with one of those websites ( http://www.makeuseof.com/tag/7-reliable-sites-quick-free-anti-virus-scan/ [makeuseof.com] ) that scan for viruses with practically all the AV software in the market.

        So the zero day when finally released will NOT be detected by ANY of them!

        Maybe what an AV vendor could do is secretly work with these AV websites to detect suspicious activity..

        • Re:Return fire! (Score:5, Insightful)

          by Luckyo ( 1726890 ) on Thursday January 17, 2013 @07:38PM (#42621919)

          Heuristics. Basically AV vendors set their software to look for something, anything that could be judged as "virus like" and flag it.

          As a result, tester's top AV software picks are also top picks in hogging system resources, and tend to produce ridiculous amounts of false positives. Because that's what massively overly tight settings on heuristics engine will do. But AV vendors sell FEAR first and foremost. The more "scary stuff" their AV finds, the more likely user will think "oh this AV just saved me from losing my bank account!" and buy more.

          MSSE has worst success in zero day detection because their heuristics engine is one of the more sane ones on the market. It's light on resources and rarely (in comparison to the top picks of that tests) produces false positives. As a result, it also has a higher chance of missing zero day stuff that might have been detected by extremely aggressive heuristics scanner.

          • by TheLink ( 130905 )
            But where do they get the zero days from? Do they write them themselves?

            In the real world why wouldn't a malware author make sure his/her malware passes all AV tests? Then that author's final released zero day wouldn't be detected by any of the AV software out there.
          • by makomk ( 752139 )

            They do more than look for things that are "virus like". At least in the case of Avast!, they now block any application that's new or obscure just in case it might be zero-day malware, and I believe other antivirus companies do the same thing. This means they're 100% effective against new malware at the cost of having a 100% false positive rate on new or exotic software. Doesn't even have to be that obscure either - I've had Avast block a moderately well-known game off Steam because not enough people run it

      • Re:Return fire! (Score:4, Informative)

        by Skuld-Chan ( 302449 ) on Thursday January 17, 2013 @07:52PM (#42621999)

        Real World (TM) experience here - we use McAfee in our enterprise (happens to be a university) and if I had a dollar for every zero-day Virus that goes completely unchecked by McAfee I could quit my day job. McAfee went weeks on the Mac before it could even detect Flackback - as a good example.

        Virus scanners only catch low hanging fruit - I wouldn't count on them for detecting zero-day attacks and vulnerabilities - because they don't work.

      • by Ecuador ( 740021 )

        And, that is the most relevant quote.
        MSSE is as competent in known threads, while giving less false positives and being significantly lighter.
        You don't have to be an anti-virus developer to realize that of the three desirable characteristics: "good at zero day", "few false positives", "light/fast" you can only get up to 2. And Microsoft does get 2 here and, according to that same test, they get those 2 pretty well.
        And of those 3 characteristics, I have to say Microsoft bet on the right 2, since apart from t

    • by AHuxley ( 892839 )
      Ty, interesting comments.
      You can get amazing results with a database of older, known threats.
      Or you can work very hard and offer products that try to protect against zero-day malware.
  • by VortexCortex ( 1117377 ) <VortexCortex AT ... trograde DOT com> on Thursday January 17, 2013 @06:32PM (#42621471)

    So long as you keep your software updated then there's not really much of a point other than the chance you'll spread an infected file onward without being infected yourself.

    Think. No, that's not good enough, think some more: Viruses (we are explicitly talking viruses here, says "Antivirus" right in the test and headline) exploit unpatched vulnerabilities (mistakes) in software. Patched software is immune to the prior vulnerabilities, so AV won't "protect" you from things you're immune to. It also won't protect you from viruses with signatures that it doesn't know about. So, What's the point of wasting all those CPU cycles scanning? Oh, maybe you got infected and it could remove it later? WRONG. Viruses actually mutate, say a malware author snags a virus, they reverse engineer how the payload is delivered and they change the payload to theirs and send it on its way -- The malware can even install other malware once it gets running. So, the (automated) removal options/instructions are probably not complete if the code has ever had a chance to run before. Ah, so now you may be thinking that it's exactly the reason why you'd waste CPU time on an AV scan, to detect infection so at least you'll know -- Except that's just silly. Think. If you were a spy and I asked you if you were a spy then would you say yes? An AV running in an infected machine can not reliably determine the state of the infected machine. AV: "Any Viruses here" Virus: "Nope!"

    Often times I'll get people telling me, no matter which AV product they're using, that their machine is working strange, slower, showing adverts and wrong websites, and their AV will be chugging along saying everything is fine. You get more reliable warning from the malware itself! "You may have been Infected with 2042 viruses!" the scareware will prompt every boot, while Norton, or McAfee, or AVG, or ANY AV product I run across the infected machine says the coast is clear. You can't "remove" malware -- Nuke it from orbit, and re-install, it's the only way to be sure.

    Look, people, hardware supports virtualization now. If you're NOT running your Windows boxen in a VM, then you're not concerned enough about security to benefit from an anti-virus anyway. Boot from a known clean state, maybe even a LiveCD/USB then do your virus scanning from there if you want to be able to detect anything with any degree of certainty, and even then it's questionable. If your data partition is separate from your (virtual) OS partitions then you can just always run (or restore) from a known good snapshot, and install updates to the known good snapshots, then make another snapshot before you do anything else.

    I'm no Microsoft apologist, I don't have to worry about such things as much anymore because I use an OS that gets the patches out much faster than MS does, but I can certainly see where the people who understand the issues in Microsoft might realize that Antivirus isn't really the right option anyway, it's just a waste of time and there are other better solutions... Windows Steady State (or whatever it's called now), for example.

    "Insanity: doing the same thing over and over again and expecting different results."
    "The significant problems we face can not be solved at the same level of thinking we were at when we created them."
    - Albert Einstein

    • Yeap, if you care about security, virus protection is a joke.
    • If I am to understand that you are saying antivirus is pointless, then I disagree. I do agree with some of your points on other ways to mitigate risks. However, VM is not viable for majority of users because VMs haven't mastered the pass through needed for some important hardware. It is also a conceptual layer of abstraction that many lay users will find too confusing. Eventually everything they have is installed in the VM. You can't expect them to constantly make good decisions about how to separate p

  • by plebeian ( 910665 ) on Thursday January 17, 2013 @06:37PM (#42621507)
    Does anyone else think it is kind of funny that the Microsoft response is (to paraphrase); We did not detect any of the software they say we could not detect. That being said they may have a real point that their software is designed to detect real world threats and not proof of concepts that never leave the lab. Without more in depth analyses than I am willing to do, I can do little more than jump to conclusions based upon my own personal bias.
    • Though, how often have we seen the statement "That's only a proof-of-concept, there's no need to worry about it because we haven't seen it in the wild." followed within weeks by announcements of that same malware appearing in the wild (and usually on a large scale)? I've long since filed "It's only a proof of concept." right alongside "What could possibly go wrong?" as a virtual guarantee that Murphy'll be visiting shortly.

      • by v1 ( 525388 )

        A substantial part of their score was for things that very specifically were not actively being exploited. They were testing the heuristics to see if it could identify "virus and malware-like behavior". You can't rely on software updates and AV definition updates to protect you from zero-day's, that's 100% on the head of your AV software to keep you safe from.

        And MS fails miserably at protecting users from zero-days. They flunked, and they deserved to flunk. There's just too many new viruses and malware

        • by Omestes ( 471991 )

          They flunked, and they deserved to flunk.

          And I'm still going to keep using it. It does detect 100% of viruses in the wild (or 99.99% according to MS and the AV testers), and it doesn't bog down my system with paranoia mode heuristics, or throw up a false positive every time I install something (or worse automatically kill, I've had Norton refuse to let me install a boxed copy of Office).

  • From the article:

    “The other 94 percent of the samples don't represent what our customers encounter. When we explicitly looked for these files, we could not find them on our customers' machines.

    Or in other words: "Thank you for installing the software necessary to allow us to browse through the contents of your computer when we feel like it and report any interesting findings back to us..."

    All in good faith, of course.

  • I went to the AV-Test Web site at http://www.av-test.org/en/home/ [av-test.org]. First of all, there is indeed a Norman Security Suite at http://safeground.norman.com/us/home_and_small_office [norman.com]. AV-Test listed Norton under Symantec. Yes, AV-Test evaluated both Norton and Norman.

    For home users of Windows XP, Microsoft's Security Essentials has a AV-Test certified seal with a test date in August 2012. For corporate users of Windows XP, Microsoft's Forefront Endpoint Protection has a AV-Test certified seal with a test dat

  • Shady AV companies (Score:4, Interesting)

    by futhermocker ( 2667575 ) on Thursday January 17, 2013 @07:10PM (#42621743)
    I am convinced there must be at least ONE shady AV company that creates viruses to make money. Hard to prove, but very well possible.
    • > I am convinced there must be at least ONE shady AV company that creates viruses

      Heh. We speculated about that all the time back when I was writing AV software. I know there were a few cases where "proof of concept" stuff magically sneaked out of the lab, but to be fair to the companies involved, they immediately sent full details to all of their competitors.

      But you do have to wonder. :)

      And if you consider those "are you sure you want to close this window?" online popup scams, they DO install malware. I

  • I used to read the AV comparisons once in a while. MS Security Essentials used to score fairly high on these tests! Back when it was one of the top rated products I installed it on the two machines that in my house that still run windows -- my wife's laptop and my son't netbook. I assumed (obviously wrongly) that the quality had been maintained.
    • by Tridus ( 79566 )

      Now that it's gotten more popular, the malware makers devote more time to making sure their stuff gets around it. The quality of the product hasn't changed so much as the quality of the work being done against it has improved. It's been true of pretty much every such program that gets popular.

      MSE still has the upside of not turning computers into boat anchors, unlike Symantec's crap bloatware.

  • Are they not included in the test or am I just missing them?

  • It is better than a Norton or McAfee that came with the system, had the subscription lapse, and hasn't had updated defs for at least a year or more. And it also doesn't bork your system worse than if you had malware on it.

  • Are you serious, you either pass or fail this Kind of test. Microsoft is known for creating the most hideously insecure software on the market, im not surprised they fail attempting to create antivirus software. If Microsoft was good at it, third party companys wouldnt make billions supporting windows.
  • Is the fact that these competing antimalware companies do not openly publish and/or share detection methods or datasets. This ultimately does little more than give the users a false sense of security no matter which product is being used. What should be done (and what I've been attempting to do for quite some time) is to have a centralized/universal database of definitions, and from there, the real competition would be who, or what company can write the most effective *scanner*, thus benefiting the user,

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...