Slashdot Mirror
Microsoft's Vista AV Fails Certification
An anonymous reader writes "Microsoft's much-hyped anti-virus solution, Live OneCare and three other Vista AV products failed to achieve the Virus Bulletin's VB100 certification. The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. All failed to pass a series of tests that are required to display the VB100 badge. 'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."
What about "We didn't have access to Vista's internals until two months ago?"
That would be a good excuse for most security vendors...
proving once again how boring glib security comments are *yawn*
Maybe the ClamAV people ought to submit their program for testing.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
A VB100 badge means little or nothing to these companies, much less their consumers.
This has nothing to do with Vista, and everything to do with crappy anti-virus products. Neither OneCare or McAfee for XP have ever tested well, so why would anybody think that they would test well on Vista?
If you read the entire article, you'll notice a little blurb at the end that several vendors passed the test, one of which was Kaspersky. Another excellent vendor for Vista is AVG.
Kaspersky consistantly beats all the other major anti-virus vendors, but I guess the story wouldn't be quite as Slashdot-worthy if it ready "Kaspersky Anti-Virus on Vista Works Great!".
I hate to say it, but Microsoft were right for once in their earlier VISTA policy of locking down the practice of hooking into the kernel. It's that feature in XP that allows malware to flourish. Just because MS made mistakes years ago that spawned an entire industry (the anti-virus industry), doesn't mean that industry necessarily has the right to continue to exist in its current form.
I heard they also didn't earn the WTF200 or the LOL500. Based on failing to get the three of these certifcations and seeing how all three of them are as equally popular..this software will surely be going no where.
For obvious reasons I will leave it to the reader to decide if they want to go and have a look, no links will be provided.
Vista doesn't come with a antivirus program.
Live OneCare, Mcafee are not specific Vista -- You can install them on XP too.
And 99.99% detection rate is nothing to be sneered at.
Most home users wouldn't even knew the VB100 badge exists.
In that market, anti-virus sales are all about glossy packaging on shelves and fancy flash advertisments.
If their AV fails and windows gets a virus, its Windows problem, not the AV problem.
Microsoft are in a loose/loose market, but they stand to make money off joe-sixpack so they don't care.
Now, if you're excuse me, I need to get back to setting up my Linkskey router...
Microsoft's anti-virus was 'much-hyped'? I don't recall any Microsoft anti-virus software being much-hyped. Where was I during this hyping? Cynically scoffed at maybe, but I don't remember much hype going on.
Steve: We need to have Vista committed to security.
Bill: You mean make all our security programmers wear straight-jackets and prescribed large doses of anti-psychotic drugs.
Steve: I guess so.
Bill: OK, get right on it.
"To those who are overly cautious, everything is impossible. "
They rang the fucking bell days ago. Salivate, dammit.
Sent from the iPad I found in your car.
Well, how many people run AV on their linux/BSD boxes?
Now, since Vista is securebydesign, it too no longer needs any anti-viruses!
Obama likes poor people so much, he wants to make more of them.
"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now..."
Security vendors. They're all alike. They say they come to help...to save us from all things dark, but in their black hearts, they all want the same thing. They all want to RULE the earth!
This fucking bell... it indicates that there is to be fucking? 'Cause I'd surely salivate for that. Or food. Food is always good too.
I think the better solution is to get noobs to be better educated on how to avoid spyware and viruses, etc in the first place.
This website has a great video I think all noobs should be required to watch BEFORE owning a computer.
http://www.my-pc-help.com/video/v10017.htm
An ounce of prevention is always better than the cure.
Mike @ The Geek Pub. Let's Make Stuff!
Hello,
I shared my thoughts on this over here on Neowin.Net's forums, so I really don't just want to do a cut-and-paste job and post what I wrote in verbatim here.
This is one of the first of a series of comparisons to include Microsoft Windows Live OneCare that Virus Bulletin Magazine has been doing for many years. While I suspect it is more frustrating than embarrassing at this point for the team responsible for Microsoft's Windows Live OneCare, this is really Microsoft's first attempt at providing their own comprehensive anti-malware solution—MSAV, the product which shipped with DOS does not count, it was licensed from Central Point Software (who was later acquired by Symantec) who, in turn, had licensed the software from Carmel Software—and it is going to take some time and lots of signature release cycles in order to get their detection rate fine-tuned.
I don't expect this first Virus Bulletin product comparison to be the last, and the question really isn't how Microsoft did this time: It is how their product does over the next year or two that matters. If it gets worse or stays the same, they are just another competitor in the space (albeit the one with the deepest products). If, however, their detection rate improves, it is going to make it just that much more difficult for their competitors to compete against them.
As a disclaimer of sorts, I should mention that happen I work for one of the computer security companies that Microsoft competes against with this products, so this dicussion is far from academic for me. Frankly, though, I'm not expecting Microsoft's entry into this space to have any effect on my employer—we are good at what we do and have a very loyal customer base. Also, we tend to compete against other, similarly-sized companies in the field. What I do worry about, though, is how some of my friends and colleagues at the largest companies are going to handle Microsoft's entrance as they are going to be competing head-to-head against Microsoft for marketshare.
Regards,
Aryeh Goretsky
Dexter is a good dog.
So what? For someone only wanting basic protection, its probably good enough. For someone wanting better antivirus protection, they'll get another antivirus program. Is this supposed to be big news?
Has anyone bothered to do some fact/typo checking before posting this stuff?
Microsoft's offering was one of four suites which failed to detect all malware. The others were G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise 8.1i and Norman Virus Control 5.90.
See, I run McAfee VirusScan Enterprise on Desktops and Servers here without problems. The latest version in the 8.0 line is 8.0i patch 15. The Vista-compatible version is 8.5i which also works on Windows XP. There is no version 8.1i that I know of. Obviously this doesn't change the message that McAfee didn't earn the seal but I've never had problems with the VirusScan Enterprise line. To be frank, I've never encountered a single infection or uncontrolled virus problem on our network.
Plus, who honestly uses just *one* virus scanner on the perimeter of their Microsoft Server-system based network? I certainly don't. For example, Exchange 2003 server on the perimeter runs software from GFI which has three separate virus scanning engines. This coupled with application executable hash-based protection offered in BlackICE takes care of the rest of the problems at the desktop/server level. It's the price we pay for using MS software.
According to the BBC article on this matter, Live One care failed the test because it only detected 99.91% of the malware rather than 100%. And McAfee and the others did better but didn't achieve 100%. So, yes they failed, but at least talk about this in the proper context by using the actual numbers, instead of linking to a blog entry with the sensationalistic headline "Microsoft's Vista anti-virus solution slammed". Does slashdot not even *want* to have any credibility?
-- "I never gave these stories much credence." - HAL 9000
Prevention may be better than cure, but did you know that, contrary to the popular adage, an ounce of prevention is actually worth much less than a pound of cure? Its simply the law of supply and demand. Most people lack the foresight to use prevention, so they run for cure when the shit hits the fan. This leaves large quantities of prevention just sitting in warehouses, collecting dust. They even buried a few tons of it next to those E.T. games for the 2600. Due to this oversupply, and the huge demand for cure, the cure-prevention exchange rate is one ounce of cure is now worth 5.78 pounds of prevention.
This is really a test of the scan engine and database. You would most likely get the exact same results from using the same product on all platforms they sell it on. Since they didn't test the same products on XP (why VirusBulletin always skips around with OS is beyond me), I am not sure how anyone could make any correlation to Vista versions of antiviruses.
... is in Ireland!
Virus Bulletin is a major newsletter in the anti-virus/malware/spyware/etc industry. They publish disections of new "threats", various studies, and reviews of the latest products. It's not really a resource for the general population because subscriptions are expensive and many of the articles are quite technical (source code, executable disassembly, "kernel hacking", etc). It's more of a trade publication where people in the industry can keep track of the latest trends and what new technologies are coming around. You should care about what they think because they are one of the de facto authorities on these kinds of things. It is distributed in PDF form so it is probably floating around somewhere out there. If you can get a copy and read some of the technical articles you'll get a better idea of what they are all about.
90+ :)
This may be tough on my karma, but I have to get it out: goddammit what's with the worthless tagging? I know the feature's beta, but if I see "haha" or "yes" followed by "no" one more time ... (ok I have no recourse). But seriously guys this feature is supposed to, as far as I can tell, eventually provide a useful augmentation or even replacement for search. Please try not to screw it up.
The Netscape engineers thought they had a loyal following and they where very good at what they
did also....poof gone
Foxpro had a loyal following and great engineers....poof gone
DR Dos had a loyal following and great engineers....poof gone
Word Perfect had a loyal following and great engineers...poof gone
You probably have a loyal following and great engineers....yea you guessed it, poof gone
Got Code?
NOD32. Low resource usage and high effectiveness. What more can you ask for?
The price is always right if someone else is paying.
That's exactly what I'm afraid of.
Symantec is a pile of shit, frankly. I was actually hoping that Microsoft's AV would at least force Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.
AV that's as much as a system hog as the notorious Norton is a pain in the ass, especially on Windows Vista. :|
One of these days, I'm going to cut you into little pieces.
Its called tying and it is very illegal (anti-trust kind of illegal) for everybody except for MS. why not for MS? I wish I knew.
Whoever submitted this article is a troll. We all know that Vista do not need anti-virus.
Symantec is on the list. These days, Symantec = Norton = Symantec, IIRC.
I love my sig.
No, not necessarily illegal.
However, they really should have a grace period of at least 6 months where they are still selling their computers with the option of Windows XP. After all, you can't guarantee everyone's business application will run on Vista, so untill thats sorted, businesses will still want to run XP, or 2000 for that matter.
Unfortunately, they don't really care about that point of view, what they do care is about selling as many machines with Vista on it. For the home user buying a new PC, it probably won't make much difference in the end.
Who cares which lib they used? glib, libc, etc, etc.
emt 377 emt 4
defectivebyaccident
You're calling him a little girl because he has bad logic? Then... ipso facto, you're proclaiming to us a love for unicorns and Barbie dolls?
In an unrelated topic: I don't think the statement is baseless. IIRC, Gates responds to "OSX had it first" with "yeah, but we got delayed in order to secure the product first" (paraphrased, of course). Shouldn't we then expect a higher level of security then?
And oddly buggy at that... I remember getting a call from my mother saying her freecell wouldn't work... odd... turned out it was related to Norton Antivirus - if I stopped the antivirus, Freecell worked. How does THAT work? Ian
"being a little girl" != "a little girl"
I always explain to my gfs that "being a bitch" doesn't mean "you are a bitch"... just that you are acting like one right now. Of course I have to explain this sometime before we argue.
Not quite.
It's 99.99% of a very limited test set. Against all know malware, most of those products get something like 70-95%...
Well, how many people run AV on their linux/BSD boxes?
Huh?
For starters, lots of people.
How else to protect Windows systems?
... Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.
I'm not sure such a thing is even possible anymore. The usefulness of AV software has always been pretty questionable, and they never seem to have gotten over the threat model of months or years-old viruses being passed from floppy to floppy. Most threats are one-off now, like social engineering spam, one-day long trojan horse attacks, adware, and exploiting OS vulnerabilities to run spam zombies. As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
I have it installed. I was intending to make it scan the Windows machines on the network.
Unfortunately my laziness got in the way. The Windows machines as a result are currently filled with crap.
Its either a typo or you need glasses.
It says Norman not Norton.
I have always made it a point to wait for the first Service Pack to be released before deploying a new Windows version onto corporate networks. Right now Vista is way too buggy for me to allow my clients to put them to use. Personally, I think having an OS free HDD on a new computer should always be an option. I shouldn't be forced to buy a specific model just because I do not want to use the only OS they are offering me.
It would be really nice to see the government grow some brains, step in, and force these big companies to change their bad habits. Yes, I know Microsoft has major kick-backs to their channel partners, but I don't think this is fair for the consumer. Especially since NTLoader is so stubborn at interacting with other operating systems...
Why can't they just play nice?
Relocating to San Francisco / Palo Alto... Hire me?
Try reading it again.
Hell, I'll just give it to you: if you RTFA right at the end it says "Anti-virus software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec successfully achieved VB100 certification."
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
Does anybody have the score NOD32 got in this test for Vista?
I felt that this article was more geared towards highlighting which products were effective, as opposed to providing anything of substance about Microsoft's flagship antivirus product; thus the title is a bit misleading. For those who don't feel like navigating to the site, and registering so they may view the list, here it is: Alwil avast! Professional Edition 4.7- pass CA Anti-Virus 8.2.013 - pass CA eTrust Integrated Threat Management Suite r.8.1 - pass CAT Quick Heal AntiVirus Plus 2007 version 9.00 - pass ESET NOD32 antivirus system 2.7 - pass Fortinet FortiClient 3.0.379 - pass F-Secure Anti-Virus for Vista 2007 - pass Grisoft AVG 7.5.433 - pass Kaspersky Anti-Virus 6.0.2.546 - pass Sophos Anti-Virus 6.5.1 - pass Symantec AntiVirus 10.2.0.276 - pass Microsoft Windows Live OneCare 1.5 - FAIL McAfee VirusScan Enterprise version 8.1i - FAIL G DATA AntiVirusKit 2007 v. 17.0.6353 - FAIL Norman Virus Control v.5.90 - FAIL As you can see, there is much more to this article than meets the eye. Also interesting to note, is that Grisoft has one product that passes, and another that fails. Something that ties in closely with the fact that these tests are done monthly and are not intended to bash companies (which is respectable), but rather point out which are effective in detecting viruses. On a personal note: I found AVG to be a very effective antivirus program on Vista systems I have had to deploy -- and for personal use it is free :)
I am open source, and Linux baby!
A fairly decent amount of people run ClamAV. Granted, it scans windows viruses exclusively right now, but it's an AV program nonetheless.
"Hello 911? I just tried to toast some bread, and the toaster grew an arm and stabbed me in the face!"
There's more than two companies making antivirus these days. Check out Eset, BitDefender, Kaspersky...
Something bad is coming when people are suddenly anxious to tell the truth.
According to the test, "Microsoft Live OneCare caught 99.91% of the known active viruses it was tested against. This left it vulnerable to 37 separate malicious programs." And that was the *worst* result. A 99.91% success rate isn't exactly horrible.
I'm still trying to find out how F-secure passed this test.
I don't know how many times I had to do virus cleanup on an F-secure PC because it couldn't delete the file, or it would happily let the virus run in the background, or not detect it at all. and that if it's running, since it wouldn't run in safe mode and half the time get corrupted by the virus.
In Soviet Russia, Trojan exploits YOU!
I don't salivate when bells ring. I only salivate when I hear the word "Pavlov". (This is the result of an experiment we did in Intro to Psych (in the fall of 1993, IIRC) and it still works without fail every time.)
Cut that out, or I will ship you to Norilsk in a box.
AVG has earned this certification, as noted on their website, for their professional version at least. Their website doesn't specify whether the free version is VB100 also, but I would assume it does since they both should run on the same AV engine.
Did I mention they have a free version? For 9x/XP/Vista AND Linux?
Yeah.
Those who have telepathy have no need to RTFA.
Because if "educating the users" had a chance of work, it would have had an effect some 30 years after computers started to become interconnected which initially opened this risk. There is no excuse for irresponsible usage but to lay the blame on the users for being dumb is erroneously placing the fault because there is an equal amount of blame on the vendor for allowing the situation to arise easily. Simply put, systems should be engineered to avoid destroying themselves from normal usage. Many infection vectors come from "normal usage" where we should be yelling at the vendor to fix it instead of scolding the user.
Of course I have to explain this sometime before we argue
Ace! I'm stealing this.
As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
ABSOLUTELY. I gave up on AV programs some time ago. A good firewall, firewall-like execution protection such as Process Guard, not using the most popular email programs or web browsers, and severely restricting web-based application execution (i.e., boycott ActiveX and hamstring Java and Javascript) are far more effective techniques for tripping up a virus as such attacks will almost always try to 1) exploit networking applications most common to the OS, 2) try to run some kind of executable that you haven't run before, and/or 3) attempt some kind of network operation in order to propagate itself. Trying to recognize virus signatures is a lousy use of CPU resources, and has not been seen to be very effective.
AV software companies are addicted to the subscription model that signature-based AV provides, and consequently are in a serious conflict-of-interest with regards to best security practices. Symantec in particular seems to be short of ideas for an alternative business model, and have opted instead to whine like a six-year-old who's mommy won't let them buy candy at the checkstand.
I usually have AV on my Linux box so that if I'm going to send a file I got from random-place-online to a Windows user I can be sure it won't hurt them.
look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
I like the bash M$ when it's due but in this case they're no worse than products from these other guys: McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. Yet the headline makes it seem like M$ was the only brand to not pass the litmus test...riight
There's just something wrong about a crewman who never smiles!
Can I cancel my order?
Engineering is the art of compromise.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Oh, ABSOLUTELY^BIGNUM.
Don't forget also to think carefully about your partitioning scheme and use anything that is not "chuck everything into one partition, system code, application code, data, swap and temporary files". Where you put the stuff and what you call it is entirely up to you, but you must not under any circumstances (OK, honeypots excepted) use the OS installer's default.
VIRUS to OS "execute C:\Program Files\Outlook\Outlook.exe
OS to VIRUS "Cannot find file or folder C:\Program Files"
(OK, maybe I've got the command line for LookOut wrong. Do I look like the sort of prick who would actually use the thing?)
When I have to set up a machine that can run Windows (which I have to, for Work), it's out with the Linux install CD (you DID get a bootable CD with your OS, didn't you?), partition up a couple of drives for OS and applications (say 2GB each, more than enough for a work machine), another for swap (2xRAM, more than enough), another for data (the rest, maybe doubled to make for easy backing up. Mark them all as FAT32 (no need for anything more than 137GB for work), format and reboot. Then install your OS, choosing whatever arrangement of partitions seems appropriate for your situation. You'll have to do some manual hammering of the OS to make it accept filling the swap partition, but eventually it'll do it.
On the subject of Work, I suppose I'd better go and do some.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
That's what I said: "Symantec is on the list" - guess I could have specified WHICH list, but I figured the context would show I meant the list of products that passed.
I love my sig.