The Register® — Biting the hand that feeds IT

Feeds

Microsoft Security Essentials loses AV-TEST certification

German lab downgrades Redmond after zero-day detection rates slide

By Simon Sharwood, APAC Editor, 30th November 2012
  • print
  • alert

Agentless Backup is Not a Myth

Microsoft Security Essentials, Redmond’s free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7.

That low detection rate has cost it the AV-TEST Institute’s seal of approval, a certification it hands out to products that meet 11 of 18 criteria it assess. Those criteria consider how effective software is at detecting and blocking threats, repair of infected systems and overall usability including “average slowing down of the computer when the software is used on a daily basis, false positives during a system scan and the display of false warnings or the blocking of certain actions during the installation and during the use of known good software.”

The Institute conducts tests bi-monthly and lists longitudinal data on software products’ performance.

During October the Institute rated Security Essentials 4.0 and 4.1 at just 1.5 out of 6 in terms of its ability to protect a PC, thanks largely to the 64 per cent zero-day detection rate being well below the industry average 89 per cent.

Security Essentials has lost AV-TEST’s seal before, with its September 2010 test failing to meet the lab’s criteria. It is the only one of 24 AV products for Windows 7 without the certification. Four products missed out for Windows Vista and two for Windows XP. Windows 8 AV tools are yet to go under the microscope and Microsoft is absent from AV-TEST's list of vendors thanks to the new OS' integrated protection software.

While tests like these have no official standing, a look at AV-TEST’s longitudinal analysis of Security Essentials show it has consistently struggled to perform well in its malware detection and blocking tests.

Another security software testing organisation, Virus Bulletin, says Security Essentials’ performance is sufficient to justify its VB100 rating, which can only be attained by software that “prove[s] it can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization” without generating any false positives. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (48)
Highly Rated
cornz 1

Given that:

Its free, its not resource hungry, its like any other AV product, it's a defense not an airtight seal of security.

There are always alternatives waiting to take your money off you....Feel free to use them...

7
1
Dr. Vesselin Bontchev
Reply Icon

Re: Do you mean

Of course not. AV packages are just applications. MACs have to be enforced by the OS (preferably - with hardware support), or they are useless. In addition, MACs enforce confidentiality, while malware tends to be an integrity problem. While a typical MAC system is very robust for protecting higher-classified information from being leaked to lower-ranked users, the integrity problems that the lower-ranked users have tend to move (i.e., infect) the higher-ranked ones even faster than on a typical DAC (discretionary access control) system, where the disaster happens only after the virus manages to infect a high-ranked user.

No, I was talking about much simpler things. Behavior blocking ("why does Excel.exe suddenly want to open cmd.exe for writing?!"), integrity checking ("why the heck did the master boot record change?!"), heuristic analysis (dynamic like in "let's run this program in a sandbox and see if it does anything naughty" or static like "does the structure of this executable file suggest that it is obfuscated and tries to do something naughty when executed?").

I am not sure what you meant with your remark about open source. The only open source AV I know of is pure crap and is clearly made by people who don't have the slightest clue how to design a proper AV product. Or if you meant that I don't really know how AV products work, since I haven't seen their source, then I suggest that you google my name. Trust me, I *have* seen them from the inside and *know* how they work.

5
0
Chad H.
Reply Icon

Re: What do you expect for free?

Given the number of no-name free scanners with a better detection rate, I expect a better detection rate from a name like "Microsoft".

5
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17