Microsoft OneCare Last in Antivirus Tests

Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap.

It'll get better over time

[Rosco+P.+Coltrane]

The OneCare team has access to the Windows source code, that's got to give them an edge.

Re:It'll get better over time

[Gothmolly]

How many times have we heard this from Microsoft? Why do people still reward this sort of behavior with continued purchases? If its going to kind of suck out of the box, and get better over time, and you can get support, why not use RedHat Linux or Solaris ?

Re:It'll get better over time

[rblancarte]

Are you serious? I mean, I am no Microsoft or Windows lover, but Linux is no alternative to Windows for Joe and Jane Average Computer user. Using my parents as a gauge (because I consider them pretty average computer users), having them using Linux as an OS would make zero sense. They are much more familiar with Windows products. They don't have to jump through hoops to send out documents that would be compatible with everyone else they communicate with (or to read the documents they get). They understand how to navigate the OS. Basically, the interface is a known to them.

Windows continues to dominate the market from past domination. Plus the fact that most any computer you can buy comes with the latest version of Windows. And because most users are familiar with their older products, they stick with what they know.

RonB

Re:It'll get better over time

[Ucklak]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Don't give me this BS that Dell offers Linux because if it isn't here, it doesn't exist.

I'm about as anti-MS as one can get but I also reailze their importance in the marketplace.
MS is obviously crippling 3rd party malware protection yet their own package fails to make the mark even though they have the advantage.

I've consistently said that MS has crappy programmers and this proves it. That comment is not an attack on the employees but a dig at the finished product which is a reflection on the programmers.
The individuals who program may have talent but when it comes to the committee that puts it all together, it's a mish mash of crap.

I setup an OEM Vista installation last week which was my first exposure to Vista.
Is it better than XP SP2? Didn't seem so to me.
Visually appealing theme wise? I think so. Much better than the default XP theme.
I didn't get all those annoying permission popups when trying to create and delete files that was reported earlier. The popups I did get I didn't feel like it was an intrusion as I didn't get too many unless I was trying to install something.
With 2Gigs of ram, it did seem to perform slower than XP SP2 with 512MB of ram. Wow. That's the perception that matters to the end user too.

What's wrong with Vista is that it's too wordy.
The security center is too confusing for the end user and too wordy.
The popups are too wordy and not intuitively selectable. You get 2 or so choices on popups that don't appear to be decision making selections yet it is asking a question and awaiting an answer.

The other thing that really never bothered me before but Vista does it wrong (on my first impression) is the left-mouse/right-mouse selections.
I don't remember exactly but I was trying to look at network properties or something like that and double left click was different than right click > properties. Much different than XP and before.
What I remember was that what I wanted didn't happen when I selected it making me to have to remember how to get the proper properties of a particular object.
At that moment I finally realized why the Mac had only 1 button on their mouse.

Re:It'll get better over time

[Gothmolly]

...Linux is no alternative to Windows for Joe and Jane Average Computer user. Using my parents as a gauge (because I consider them pretty average computer users), having them using Linux as an OS would make zero sense. They are much more familiar with Windows products.

Your argument does not prove your proposition.

Re:It'll get better over time

[Johann+Lau]

So what you're actually saying is that nothing is an alternative to Windows for Joe and Jane Average Computer user, not just Linux. Which makes me wonder: how did people start using Windows? Weren't they too used to not using Windows to "relearn"? How did people learn to use cellphones, or to use number pads instead of dials before that? People don't stick with what they know, they stick with what everyone else uses and/or tells them to use. There is a difference.

Re:It'll get better over time

[suman28]

You are doing nothing but put your parents "in a box". I repair computers around my neighbourhood and when people tell me they lost their Windows CD or it didn't come with CDs or whatever, I tell them they can spend an extra 150 for their "Genuine" copy of Windows or use Linux. I cannot tell you how many people choose Linux. I tell them to give it a try, since most of them are not using it for anything more than Web browsing and photo viewing. If they don't like it (and some don't), they come back to me and spend an extra 150 or whatever. I have a few Average Computer users that use Linux and are quite satisfied. Thank you.

Re:It'll get better over time

[skoaldipper]

> And because most users are familiar with their older products, they stick with what they know.

That's a fair observation. But the real chin scratcher is why they continue purchasing AV software. I've been running butt naked wild on the net since at least win95 - never installing an AV rubber. Never got a trojan or virus either. Why? I don't open email attachments. I don't install software from untrusted sources. Etc. But those last two statements are common sense, right? People know that. And I know they know that. Why? They tell me everytime I go to their house trying to salvage their infected machine.

So, my observation over the years is simply this: common sense is common perception's little biatch. Everything the AV marketing gurus and layman news reporting floods us with over the years sticks - sticks like sweet maple syrup slathered all over the waffles of our reasoning and purchasing decisions. [Homer zombie moment here] Mmmmm, maple flavored brain waaaffles... hu hu hu hu

I mean, check out our garages. They're stuffed to the rafters with pure unadulterated crap. It's a regular Useless "R" Us store in there. I mean, who convinced us button down collars were a necessity? The wind really that strong to poke my eye out with a flap? We are basically what we buy, or in linux's case, don't. You can't convince people unless you desaturate them from that environment first. When I returned from the Spartan lifestyle as a soldier in the Army, the world around me was fresh and somewhat out of place. I couldn't even watch TV regularly for about three months - it felt like thumping inside my head. We really do have a matrix veil shrouding our senses. I call it marketing. And I ask you - where's the linux marketing? IBM? RedHat? Dell?

Re:It'll get better over time

[DesertBlade]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.

Linux has come a long ways, but it is still foriegn to a lot of people. When people use Windows at work, it is easier to use it at home.

Re:It'll get better over time

[Turn-X+Alphonse]

I run Linux on my main box but I still have a windows box for my games. If Linux ran games (I don't count Cedega, I refuse to support them due their policy on OSS stuff) then I would give up the Windows box, but until I can get my guild wars fix Windows is needed.

Re:It'll get better over time

No, but the percentage of Windows boxes vs. the percentage of GNU/Linux boxes sure as hell does.

Re:It'll get better over time

[jorghis]

Everyone keeps saying this and I dont understand the logic behind it.

Even if it were true that they had access to windows source, how would this help them? Everyone has claimed that it does, but noone has explained how.

Re:It'll get better over time

[nakkenakuttaja]

My father is 76 years old and has only used computer for the last 5 years or so. His first PC had Windows 98, but last year I updated his computer with new motherboard, harddisc etc. + I installed Kubuntu on it. He has been very satisfied with it using Linux. I don't think Linux is more difficult to use than Windows. OK, my father probably would not be able to install Kubuntu, but he probably he could not install Windows either.

Re:It'll get better over time

[hdparm]

You're wrong - they will have heaps less trouble handling MS docs from Fedora 6 default install than from Vista w/MS Office 2007.

If they are going to "upgrade" to latest MS products, why do you think they won't be able to handle upgrade to modern Linux distribution? There is NOTHING too different in Gnome/KDE UI (apart from the fact that they'd get the additional benefit of customising desktop to their liking) that would take long adjustment period when switching from windowsXP.

Re:It'll get better over time

[multipartmixed]

They will continue to design new viruses at a faster rate than Norton, McAfee and Grisoft combined!

Of course, the assumption here is that Microsoft's virus will be able to block the viruses they write. Sorta basic for a Virus Company, but we all know how good MS is at closing the loop..

Re:It'll get better over time

[billgates]

Your parents are pretty average and it looks like their offspring are pretty average too.

Re:It'll get better over time

[falsified]

Realistically, for home use, AND for most users (myself included) there WASN'T anything before Windows anyway. Yeah, MacOS, but if I remember correctly the first Macs weren't exactly priced for the casual user. DOS was dominant and Windows ran on top of it. It was a GUI a person could ease into while still duking it out on the more familiar command line.

As OS tasks shift to the Web (and I think that will happen), we'll see a shift to the more stable Linux OS because the casual user won't have to figure out why their computer "has roots" (or whatever...)

Re:It'll get better over time

[stewbacca]

Ok, I'll give it an oddball analogy. When I got out of the Army, they suspiciously kept my dental records (so I couldn't sue, probably). When I went to my new dentist for the first time as a civilian, they had to conduct "dental forensics" to recreate my dental history. Without the records, they had to poke and prod to figure what was going on, and what work I had done in the past. This took the better part of a day, with a follow up appointment or two.

With every new WinOS release, Norton and company has to spend huge resources in reverse-engineering the new system (dental forensics), or at least those portions that Microsoft is sitting on and won't make open-source. In short, Microsoft determines what and how much to give to competitors. If one starts becoming insanely successful, Microsoft stops feeding them the source. It is a pretty smart scheme for the money making side...pretty awful for the user experience side.

Re:It'll get better over time

[Cromac]

Sure it will get better over time, just look at this quote from the article:

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

They're going to tweak the tool to do better in the test, maybe that means it will actually work better, maybe not, but you can bet it will do better in future tests.

Re:It'll get better over time

[mastershake_phd]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.
 
Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do?

Re:It'll get better over time

[ncc74656]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Fry's usually has one or two of its house-brand machines with Linux preloaded (typically with Linspire). These are out on display next to all of the Winboxen.

Re:It'll get better over time

[GoulDuck]

Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do? Call Microsoft. I have done that 3 times with your example above and I got Windows "authenticated" and WGA was happy again. It took 3-5 minutes per call because of codes I need to give the machine and wait for it to repeat it back to me, talk to a Microsoft guy, explaining that I had to reinstall with a different Windows CD and then receive the code to reauthenticate Windows.

Re:It'll get better over time

[Serious+Callers+Only]

Realistically, for home use, AND for most users (myself included) there WASN'T anything before Windows anyway

Funny how we rewrite history in our heads. There were many choices in the early OS market - Gem, Amiga, Acorn, Geos, Mac OS, Commodore, then later BeOS, OS 2. At the time Macs first came out no personal computer was priced for the casual user, so that's neither here nor there. By 1992 when Windows 3.0 came out there were many choices, however you're telling yourself there was only one 'realistic' choice, perhaps because that's the one you chose. DOS and Windows were never dominant because they were the best (there's a reason it was called QDOS, and hardly anyone used Windows before version 3), but because they were bundled.

Shame that market was strangled at birth by predatory business practices wasn't it? We're only just now recovering from the years of stagnation in the OS market that followed.

Re:It'll get better over time

[rtb61]

Most likely it is typical M$=B$ speak, there next version will work better, it will still be the worst performer but it will work slightly better than the last version, just weight for version five/2012/ultimate liveinfinite care, it will work, we promise.

15. WE MAKE NO WARRANTY.

We provide the service "as-is," "with all faults" and "as available." We do not guarantee the accuracy or timeliness of information available from the service. The Microsoft parties give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws that this contract cannot change. We exclude any implied warranties including those of merchantability, fitness for a particular purpose, workmanlike effort and non-infringement.

16. LIABILITY LIMITATION.

You can recover from the Microsoft parties only direct damages up to an amount equal to your service fee for one month. You cannot recover any other damages, including consequential, lost profits, special, indirect, incidental or punitive damages.

This limitation applies to anything related to:

* the service,

* content (including code) on third party Internet sites, third party programs or third party conduct,

* viruses or other disabling features that affect your access to or use of the service,

* incompatibility between the service and other services, software and hardware,

* delays or failures you may have in initiating, conducting or completing any transmissions or transactions in connection with the service in an accurate or timely manner, and

* claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort.

M$ warranty for their anti-virus program note the part where they specifically exclude the ability of the program to actually remove viruses.

Re:It'll get better over time

[jorghis]

OK, so what aspect of Vista do you think needs to be reverse engineered? I'll grant you that reverse engineering may have been necessary a decade ago, but to my knowledge, it is not now.

Re:It'll get better over time

[Marcos+Eliziario]

OK. Try developing something good when your boss' boss is throwing chairs in rage all around the campus.

Re:It'll get better over time

[falsified]

I agree with everything that you said but your timeline ends in 1993. By the time the computer became an item that you were just kind of supposed to have, Windows/DOS was dominant in the business arena and that had spilled over into what home use there was because of its familiarity. Once the home computer market exploded, Microsoft was there, rightly or wrongly.

Re:It'll get better over time

[Phisbut]

They understand how to navigate the OS. Basically, the interface is a known to them. Windows continues to dominate the market from past domination. Plus the fact that most any computer you can buy comes with the latest version of Windows. And because most users are familiar with their older products, they stick with what they know.

Next time they buy a new computer and are faced with Vista with the bells and whistles enabled, and have to use Office 2007, and Internet Explorer 7, they'll prove that they can adapt to a new interface, and can use software that they are not familiar with, as well as navigate a new OS.

You parents are not less able to use a modern Linux distro than they are able to use Vista. Yet, they will eventually adapt to Vista.

Re:It'll get better over time

[Endo13]

I'm guessing the issue you're running into is that you're using an OEM key with a Retail CD or vice versa. I work in a PC repair shop, and I've been using the same SP2 CDs since they were first available. Out of hundreds of windows reinstalls, I have yet to see any deviation from what I'm describing. A normal, official OEM WinXP install CD with SP2 will work with any OEM key. And a normal, official Retail WinXP install CD with SP2 will work with any Retail key. Now, if you've got an older CD that does *not* include SP2, it most likely will not work with a key that came with an SP2 install CD.

Not really

The consistent malware in these tests is Microsoft Windows, everything else is irrelevant.

Re:Not really

Shut up, idiot. That joke wasn't even amusing in the 90s.

Re:Not really

It's not a joke.

Microsoft Windows, now there's a joke.

Re:Not really

Knock Knock.
Who's there?
Microsoft.
Microsoft who?
Microsoft Windows.

Re:Not really

[skoaldipper]

Knock Knock.
Who's there?
Ballmer.
Ballmer who?
Ball more over giving me 200 for Vista and I'll chair your head.

Is Microsoft worth buying / using now?

It seems Microsoft is going from bad to worse, is it still worth the price to wreck a good computer and put business at risk?

Re:Is Microsoft worth buying / using now?

As a business, the first thing you should ask is "why are we dealing with such a disreputable company"?

Old Viruses

[Subbynet]

I have always had a problem with these "stats".

If Microsoft know 50% (for example) of viruses are so old and won't run on 2000/XP, and they then decide not to search for them during AV tests... Does that mean the AV missed it - or quite rightly the code is so old that MS no longer considered a threat?

Re:Old Viruses

Just because a virus won't run doesn't mean it should be dismissed. Any machine can still be a vector of transmission for viruses that will infect others. Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines, not because they want to protect themselves.

Re:Old Viruses

[Subbynet]

True...

But this is Microsoft, with a product made for Windows XP / Vista. Tell me why they should care about Macs and Linux?

There is that old saying - always look after yourself, and its one I adhere to with regards to Anti-Virus... Just because it was checked at the mail server does not mean I won't check it again.

So using that premise, why should OneCare look or care about Viruses which won't run on the platform?

Re:Old Viruses

[Llywelyn]

Its not that they should care about Macs or Linux, but one would think they would care about older versions of Windows.

The reasons are the same that Mac antivirus programs strip out windows viruses, and viruses from as far back as OS 6. Just because it cannot infect this system, does not mean it is not a threat in general.

Besides, what evidence do you have that what they missed were older viruses? While I admit this is a valid hypothesis, I see no evidence for it one way or another.

Re:Old Viruses

[Subbynet]

lol.. Who said I have evidence? This is Slashdot! :-)

Re:Old Viruses

[linhux]

They do remove some old viruses from these tests. The report mentions that they no longer count DOS viruses.

Re:Old Viruses

[alx5000]

Sorry to hit you again with the GP's point, but why should they care about older versions of Windows? Doesn't that undermine the get-your-new-shiny-omg-pretty-colors-OS-same-as-be fore-but-with-round-corners philosophy?

We hear every day about MS dropping support from old OS's (something I would stand for, as long as those systems weren't as fucking widely used as W2K is); infecting them and not Vista/XP/Whatever makes the latter look more secure (and as Windows users go, they only way to move).

Feel free to bash me anyway you want, I was only playing Devil's advocate here.

Re:Old Viruses

[jonbryce]

E mail viruses are a pain even if you are running linux, as you have to identify and delete them when looking for legit mail. That is why I have virus scanning as part of my spam filtering setup. I run the virus scan before the whitelist check, and run the spam analysis stuff afterwards.

Re:Old Viruses

[jonbryce]

No, because email viruses are a nuisance in an Outlook 2007/Vista inbox even if they don't do anything other than take up space.

Re:Old Viruses

[KingMotley]

Of course, the places where One Care got dinged was for malware detection.  That's what windows defender is for.

In other news... Large SUV's scored highest in best car.  Lamborghini scored lowest.  See details below:
            Horse Power / Number of Seats / Game Console in back seat / Over all Score
SUV           95 (25%) / 8 (100%)         / 1 (100%)                  / 75%
Lamborghini 500 (100%) / 2 (25%)          / 0 (0%)                    / 41%

Re:Old Viruses

[Stewie241]

But didn't it say somewhere that Defender only detected about half of malware? That's worse than this onecare stuff!

Re:Old Viruses

Actually, as a Mac user I don't run A/V at all. You know why? Because fuck Windows, that's why.

Encouraging companies to overemphasize tests

[jorghis]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test. I'm not trying to single MS out here, video card manufacturers do this sort of thing all the time, hell it may be that the top performers on this test did it too.

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

Re:Encouraging companies to overemphasize tests

[TrappedByMyself]

Incidentally, why all the MS hate?

1) Pretty much all these viruses/malware target Microsoft's own software

2) Microsoft has more resources than all the other companies combined.

3) People are going with Microsoft's solution assuming that it is the best one

So basically, Microsoft's half-assed software made antivirus software a requirement in the first place. Instead of using their vast resources to fix the underlying problems, they build more half-assed software as part of their big money grab.

Re:Encouraging companies to overemphasize tests

Is this like "teaching to the test"? Because I have to say, while a product that performs well in a test might be flawed in real life, a product that fails a reasonable test is almost guaranteed to be flawed in real life.

Re:Encouraging companies to overemphasize tests

[Mateo_LeFou]

"The companies at the top are much bigger in this area and their software more widely deployed..."

For now.

Re:Encouraging companies to overemphasize tests

[jorghis]

1) Pretty much all these viruses/malware target Microsoft's own software

Relevent to OneCare how? Its completely different software, its not like OneCare is targeted. Shouldnt we evaluate these individual products on their merits?

2) Microsoft has more resources than all the other companies combined.

I really get tired of seeing this argument. They have a bajillion software products, they cant afford to pour all their resources into every single one of them. Many times their products actually have less resources than their competitors. Google's spending exceeds MSN's by an order of magnitude. I very seriously doubt they are funding OneCare to the tune of billions of dollars (which is what their competitors here are worth)

3) People are going with Microsoft's solution assuming that it is the best one

This isnt true, Norton, McAfee, etc. have brand loyalty. MS has none in this field. Sure there might be a few unsophisticated home users who buy it because of the brand but that will be absolutely dwarfed by the IT departments that use the established competitors.

Re:Encouraging companies to overemphasize tests

[Linkreincarnate]

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where. That's not true though. If it was one of the free antivirus programs no one would have batted an eye. The problem here is that it is an antivirus software that millions of people will end up buying. 17 Percent of a million is a lot of lost revenue and time spent repairing computers that would not have been infected had MS not been slack.

Re:Encouraging companies to overemphasize tests

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

I have nothing to do with focusing on Micosoft coming in last, but I do have a Nelson's Ha-Ha moment because it's Microsoft that pushes their crap on the world and uses their monopoly illegally to maintain their position while ignoring the consequence of their actions on the users' security. It's Microsoft that attempts to squeeze other anti-virus companies out of the market created largely out of their incompetence and in doing so, may put users more in danger because of the false sense of security when they ignorantly trust Microsoft to be able to write good code.

Forget the anti-virus market. Focus on fixing the bugs.

Re:Encouraging companies to overemphasize tests

[stewbacca]

Why focus on the company on the bottom,

Because Microsoft is easily 10x bigger than all the other companies combined, and Microsoft creates the OS, so their results could stand to be a little better.

Re:Encouraging companies to overemphasize tests

[mysticgoat]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

That's a problem with an aspect of the Microsoft corporate culture, not with the test.

The problem is a vicious meme that destroys the ability to properly think through engineering problems by replacing one of the solid postulates of design theory with a faulty postulate. It can be summarized as "Design For The Showroom (Not For The Work)". Unfortunately, this is an infectious and virulent meme; it is absorbed through the eyes of susceptible readers and passed on through their keyboard fingerings.

Many persons infected with DFTSNFTW (aka "MSism") eventually acquire immunity and go on to become valuable and valued contributors to the digital economy. However a significant fraction of these people develop an irrational hatred for whoever they see as the original cause of their infection, which explains a great deal of the hatred for Microsoft. Usually these long term sequalae do not interfere too much with the victim's life. But in severe cases the continued hatred does limit their employment opportunities: won't work for MS shops, won't do social networking with MS developers, etc, etc.

Incidentally, why all the MS hate?

See above.

Slashdot serves as a support group for a sizeable number of people in recovery from MSism.

Re:Encouraging companies to overemphasize tests

[jorghis]

"Because Microsoft is easily 10x bigger than all the other companies combined, and Microsoft creates the OS, so their results could stand to be a little better."

People keep making these two arguments and I just dont thiknk they make sense.

1)"Microsoft is easily 10x bigger than all the other companies combined"

  MS may be bigger than all they other companies across all their business groups but it isnt like all that money goes into one product. Do you really believe that they are funding OneCare with billions? Thats what their competitors are worth here. If MS funded every product they make with billions of dollars they would go bankrupt pretty fast. Generally speaking, in areas where they are not the market leader their product is not as well funded as that of their competitors.

2) "Microsoft creates the OS"

OK, I have to ask: What advantage do you think they gain by this? Everyone keeps refering to it and since you did too I have to assume you have some logical reason for thinking this provides an advantage. What is it? How would this "make their results a little better"?

Re:Encouraging companies to overemphasize tests

[vertinox]

1) Relevent to OneCare how? Its completely different software, its not like OneCare is targeted. Shouldnt we evaluate these individual products on their merits?

Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to talk with Exchange servers but I digress).

2.) I really get tired of seeing this argument. They have a bajillion software products, they cant afford to pour all their resources into every single one of them. Many times their products actually have less resources than their competitors. Google's spending exceeds MSN's by an order of magnitude. I very seriously doubt they are funding OneCare to the tune of billions of dollars (which is what their competitors here are worth)

Really? The argument is that Microsoft has money to burn and hence if they can't make a decent product then perhaps they should spend more to fix it. If throwing money at the problem can't fix it because they need better stock options then perhaps we should consider this when purchasing MS products. As in... The real argument says that MS cares more about making money than about fixing their customers problems.

3.) This isnt true, Norton, McAfee, etc. have brand loyalty. MS has none in this field. Sure there might be a few unsophisticated home users who buy it because of the brand but that will be absolutely dwarfed by the IT departments that use the established competitors.

If it comes with the computer, then no one will buy anything else. This is how IE killed Netscape. Even if you give away a better product for free, it has to be extremely better (say like Firefox) before it will take hold.

And I dare say the main reason Firefox succeeded was because it was a cross platform product (OS X and Linux) that rendered pages just as good as IE.

Re:Encouraging companies to overemphasize tests

[stewbacca]

If MS funded every product they make with billions of dollars they would go bankrupt pretty fast. Generally speaking, in areas where they are not the market leader their product is not as well funded as that of their competitors.

And this is precisely why every Microsoft product is so damned mediocre. They do a lot of things, but they don't do any one thing well (other than make money).

2) "Microsoft creates the OS" OK, I have to ask: What advantage do you think they gain by this?

You don't agree that being the creators of the source-code would give you at least a slight advantage?

Re:Encouraging companies to overemphasize tests

[jorghis]

1) Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to talk with Exchange servers but I digress).

Several other people have responded to me that they think the team working on OneCare has an advantage because they work at MS. Even if they were talking to windows devs every day (which they probably are not) what do you think they would gain? How would this give them an advantage over their competitors in catching a higher percentage of viruses? People here keep saying that it does, but when I ask how noone responds.

2) Really? The argument is that Microsoft has money to burn and hence if they can't make a decent product then perhaps they should spend more to fix it. If throwing money at the problem can't fix it because they need better stock options then perhaps we should consider this when purchasing MS products. As in... The real argument says that MS cares more about making money than about fixing their customers problems.

OK, I think you are trying to argue that they are underfunding development here as opposed to having more funding as the GP claimed. (am I misunderstanding you?) I think the truth is that they are in the middle somewhere, their funding is probably less than that of Norton, but it is still more than adequate. That would be consistant with what they have done in the past.

3) If it comes with the computer, then no one will buy anything else. This is how IE killed Netscape. Even if you give away a better product for free, it has to be extremely better (say like Firefox) before it will take hold.

This is another thing I keep hearing. It isnt bundled with windows. OneCare isnt free. This is a common misconception that I keep seeing here. The other AV companies have deals with OEMs like dell that arent about to disappear overnight. This isnt the same thing as IE vs Netscape.

Re:Encouraging companies to overemphasize tests

[jorghis]

"You don't agree that being the creators of the source-code would give you at least a slight advantage?"

No, I dont. Say for the sake of argument that your claim that OneCare developers have windows source in front of them is true. Explain to me how it would help.

Re:Encouraging companies to overemphasize tests

[Thexare+Blademoon]

As in... The real argument says that MS cares more about making money than about fixing their customers problems.

Welcome to business in the real world.

Re:Encouraging companies to overemphasize tests

[itwerx]

"teaching to the test"

I'm sure you're right - for example look at Symantec's score on those tests compared to how it does in the real world, (abysmally).

Re:Encouraging companies to overemphasize tests

[Guppy06]

"People are going with Microsoft's solution assuming that it is the best one"

Actually, because it's cheapest. $40 retail for av and firewall for 3 PCs for one year.

Re:Encouraging companies to overemphasize tests

[arth1]

jorghis (1000092) wrote:

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

Ah. The no virus-killer left behind act. *Nod, nod*.

Regards,
--
*Art

Re:Encouraging companies to overemphasize tests

[jonbryce]

A new computer I looked at recently, from Toshiba, had Norton installed with Vista, not OneCare.

Re:Encouraging companies to overemphasize tests

[Jimbitz]

It's just sad that Microsoft with all their resource still can't even come up with a product slightly better than several free version anti virus. Do they still need to patch it again up until SP2?

It's a known fact that most virus/malware would prefer to target the ever popular Windows system. They (Microsoft) should already know their own problem in the first place. Looks like another poor release by Microsoft.

let's hope they do better next time! :lol:

Maybe the not-so-good things from this test would be it will give a false sense of security to the average user. The virus/malware creator will always find another new way to fool all the current Top anti virus program. It did happened before and it will happen again.

User still need to enhance their knowledge so they won't be fooled to open every email attachment that they get.


just my 0.02 cents. ;P

How about some constructive news?

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Re:How about some constructive news?

[ip_freely_2000]

Too bad you entered this as AC. I would have given you +1 Insightful.

I guess it's easier for people to take a cheap shot than actually help them improve their systems. Slashdot is so sadly predictable.

Re:How about some constructive news?

[stewbacca]

Considering how much hype Microsoft has created to improve their image as being extraordinarily lame in security, I think the last place finish IS the story. Whoopy doo, a bunch of boring utility programs going head to head, mostly doing the same things equally well....except Microsoft, the multi-billion dollar corporation that controls the OS.

This is just another indictment of the corporate culture of Microsoft...money first, customers somewhere near the bottom. Microsoft includes a bunch of half-assed, half finished apps so they can put on the packaging that Windows has it. The sad thing is OneCare is just another "check-the-block" feature, and average Joe won't know how awful it is or even care. They'll see it has security software bundled in and think that's all they need.

Re:How about some constructive news?

How about some constructive news?
(Score:0)
by Anonymous Coward on Saturday March 03, @11:11AM (#18218022)
The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Too bad you entered this as AC. I would have given you +1 Insightful.

I guess it's easier for people to take a cheap shot than actually help them improve their systems. Slashdot is so sadly predictable.

I wouldn't have given the GP a +1 Insightful, but would love to tag you with -5 Prejudice. I can see certain preferences and credit given to members, however ACs are guests and should be given some respect and not treated as often were the servants at Southern "gentlemen's" clubs were when the servants were slaves. You perhaps gave the AC a bit more elevation, perhaps treated him/her as would a Yankee have been, but thats not much of an elevation.

The title to this article is the same as it is on the linked story, which is a good thing if any Windows user is seeking information on Microsoft OneCare. Just with it being from Microsoft it is going to get sales. Microsoft has a history of selling to clueless management much to the chagrin of admins and many of those visit Slashdot and you can bet some of them bookmarked that report to show any management who asked for OneCare to be implemented. The admin can then give his/her own recommendations on their best choice for anti-virus and other malware protection.

Have to wonder considering who did come out on top as to who paid for these tests. Reading the site closer might provide the answer to that, but just scanning it and remembering Norton etc's recent spats with Microsoft over not being let in on crucial Vista system details does inspire some thoughts. IMO Norton's problems with Microsoft have been extensive since Norton Desktop put Windows 3.x under control. With the appearance of Win95 Norton was officially broken and has never really recovered, at least in my opinion.

Re:How about some constructive news?

[jorghis]

"The sad thing is OneCare is just another "check-the-block" feature, and average Joe won't know how awful it is or even care. They'll see it has security software bundled in and think that's all they need."

I responded to one of your posts above. Maybe the problem you are having is just that you dont understand the situation. OneCare is not bundled with windows as you are claiming in this post.

Frankly, based on your comments I would think that the average Joe's judgement of how "awful" a product is would be about as well informed as your own.

Re:How about some constructive news?

[JebusIsLord]

I installed OneCare myself during the beta period, and was impressed with how well it integrated into Windowsm and didn't try to sell me anything else once in there (Are you listening, McAfee??) Resource usage was also much better than Norton.

I'm disappointed that it performed so poorly. However, I'm not running it anymore anyhow, since I switched to Vista 64-bit and OneCare doesn't work on 64-bit platforms :|

Re:How about some constructive news?

[stewbacca]

OneCare is a product offered by Microsoft. I didn't say it was bundled with Windows, I said OneCare offers bundled security software. It is a half-assed attempt to make sure they can at least say "yes, we have virus protection in our system". You are correct that I don't understand exactly how it works, because I don't use it. I'm merely using data from TFA and 12 years of anecdotal evidence of this sort of corporate culture coming from Microsoft to support my point.

Interestingly enough, you don't seem to deny that OneCare (as most everything from MS) is crap.

Re:How about some constructive news?

[jorghis]

I'm not denying it because I am not a huge fan of OneCare. It will likely get better over time, its a new product. But right now I certainly wouldnt buy it. MS has some good products, I use the ones I like, I use alternatives when I dont, I am not a zealot on either side. But I often come across as an MS fanboy here because I respond when I see arguments against them that I think are flawed, such as yours.

Re:How about some constructive news?

The news isn't that MS came in last, it's that MS was anything but first place in protecting their own OS. Then again I guess that isn't new... OK, you're right.

Re:How about some constructive news?

[uradu]

I don't know what you guys are bitching about. Slashdot is the National Enquirer of the geek world, it offers up EXACTLY the kind of sh!t we come here for.

Re:How about some constructive news?

[MSG]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

I disagree. Certainly, it is important to note which package came in at the top, as advice on what users should use. However, since OneCare is Microsoft's own service, and may be more accessible and better marketed to PC users, I would argue that it is in fact more important to note how badly it scored so that users know what not to use.

If all of the products being evaluated were equally marketed and accessible, then I would back your argument. However, because I don't believe that to be the situation, I disagree.

Re:How about some constructive news?

[HomelessInLaJolla]

only people...crap..."last"...idiots...nothing better...bitch and moan...laugh at Microsoft. The vendor of the story, pcworld.com, deserves the vitriol.

I suspect Why abuse Slashdot? How did you get modded from AC to 5?

Re:How about some constructive news?

"idiots who have nothing better to do than bitch and moan and laugh at Microsoft."

You must be new here.

Re:How about some constructive news?

[stewbacca]

Your credibility takes a small hit though, when you say there are MS products that you use over other alternatives. The only MS product I can think of that doesn't have a better alternative is MS Excel. Even Excel has its flaws (the stats plugins are terrible), but there simply is no competitor. Even when MS wins, it is only because there is no competition.

If my argument is flawed, then feel free to provide examples to the contrary.

Re:How about some constructive news?

[Stewie241]

People seem to miss the fact that in order to write virus detection software one needs to know about viruses, rather than about the operating system. There is a huge barrier to entry because Symantec, Norton and other folks have a large database and amount of knowledge about existing viruses. Microsoft had to start from a lower amount of knowledge.

This product will sell, nonetheless. I no longer use Windows, but my parents have used both McAfee and Norton. Both had their issues and problems and caused weird issues. OneCare will be attractive because its management panel will integrate well with the rest of the OS, while McAfee and Norton won't in the same way. Someone said it was cheaper as well.

Ah well... have fun folks!

Re:How about some constructive news?

[PyroMosh]

Just an aside - Why wouldn't you mod the post up because they're AC?

If the post has value, it should be modded up.

The moderation system isn't about rewarding people, (though that can be a happy side effect with the +1 posting ability and the -1 hit for negative Karma) it's about bringing the best posts to the top of the heap.

Browse at +5 and you should be able to see nothing but the creame of the crop of posts. Browse at -1 and you'll see everything. All the worst garbage and goatse trolls and gay nigger trolls and whatever other BS they're posting these days.

Now feel free to mod this as offtopic (since it is) but I see this a lot, and felt that well, I should reply to it.

Hell, MS Onecare detector was effective on me...

[BrentRJones]

it detected some virus MAKING software I had swiped from some guys in Moscow, turned me in with the Genuine Advantage program and now I am paying "royalties" to some WISE GUYS in Tel Aviv who threatened to post my bank account numbers in Nigeria, put me in the Homeland Security database as a terrorist, and take me off the Do-Not-Call list.

It may be 17% behind the leader, but it is damned effective.

No love for open source, ClamAV

[HTMLSpinnr]

There's no mention of ClamAV's performance in these tests. Granted, it probably isn't designed to be as "complete" as some of the other packages noted, it'd be interesting to see how it fares for those of us who use it on mail gateways and servers.

Besides, it'd have to be better than Microsoft's OneCare!

Re:No love for open source, ClamAV

[Southpaw018]

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link

Re:No love for open source, ClamAV

[flyingfsck]

I've been using ClamAV for 4 years on a busy mail server and no virus got through it in this time. So, these guy's tests are rather suspect in my book.

It actually wasn't "good enough"

[RootWind]

The software has to detect 85% or more to be considered for the on-demand test. MS OneCare was only included for the first time most likely due to the reputation of the former RAV. OneCare will be dropped from the test if they don't improve to 85%.

Coherence

[syylk]

Imagine what happened if it placed first.

Could you hear the whining from AV companies? "It's unfair! They have access to the OS, so they will put us out of business".

Which they will do, obviously: it's just matter of time. But in the meanwhile, the AV corps could still sell some copy of their rig crippling tools^W^W^Wsecurity enhancement programs.

Re:Coherence

[El_Muerte_TDS]

If your businessplan relies on the failure of an other party you have no right to complain when said party finally manages to reduce their failures.

Re:Coherence

[Bert64]

But MS are not fixing the actual problem, they are just selling their own bandaid addon like other companies have been doing for years, only theirs is inferior to the ones already available.
This can only be bad for the consumer... MS now have a conflict of interest between improving the security of windows, or leaving it poor to encourage sales of onecare... Their product will also end up widely used despite the lack of quality, it will sell just like every other MS product simply because it gets pushed along with sales of window/office. The sales reps will start offering discounts against windows/office if they take onecare too, and the customers will consider it pointless to have 2 antivirus products and won't bother buying a third party one anymore.
Once all the other AV vendors are out of business, and all windows users are running onecare or nothing, the malware will have a much easier time of it because malware authors will now have a single known target.

Re:Coherence

[Stewie241]

IMO the reason that Linux does so well in terms of virus is partly due to enhanced security, but also because main distributions use a whitelist approach to applications. Ubuntu has all its applications in repositories, and all those applications are known safe.

Many users don't know how to determine if an application they are going to install is safe. There are ways to do this, and so most knowledgeable users can avoid this.

The best solution to the antivirus problem is to:
a. fix exploits in the Windows code
b. catalogue applications at a reliable source so it can easily be determined if an application is safe or not (probably a wiki type system?)
c. educate users to use b and to keep Windows up to date.

download.com satisfies b to an extent, but few use it as such.

The problem is...

...the OneCare team is composed of Windows source code compatriots!

Damned if they do, damned if they don't

MS gets slammed for not having AV in the OS.
MS puts one in and gets slammed for trying to 'squeeze' out the big AV players.

If MS makes their AV great than they get sued by Norton and McAfee.
If MS makes their AV 'average' or poor they get slammed for being stupid and incompetant.

Damned if they do, damned if they don't.

Re:Damned if they do, damned if they don't

[RLaager]

I think it's the first point where you're off... Microsoft gets slammed for having a buggy OS and insecurity software that make virus propegation easy. Adding anti-virus software has never been a good solution... it's just a band-aid.

Re:Damned if they do, damned if they don't

[RelaxedTension]

MS gets slammed for not having AV in the OS.

No, they get slammed for making everyone need it in the first place by making their OS's so insecure.

MS puts one in and gets slammed for trying to 'squeeze' out the big AV players.

No, they get slammed for trying to lock out competitors (again)

If MS makes their AV great than they get sued by Norton and McAfee.

If it ever happens that they make something "great", we'll see what happens. We haven't had enough experience of that happening yet to say.

If MS makes their AV 'average' or poor they get slammed for being stupid and incompetant.

Can't argue about that. Seems to be the thing to do though, when they play it up as being all you'll ever need and it doesn't cut it. And when it comes to security and AV, there is no praise for average or poor, especially when you get infected and lose everything because you trusted them.

How about tests on older versions?

[schwit1]

I'm curious if older AV versions with current signatures are less capable.

I use McAfee v7.1 because the overhead compared to the newer versions is much lower.

Re:How about tests on older versions?

[Jarnis]

It depends.

If you just use them to scan executables/emails before opening anything, for that an older one with up to date signatures should do fine.

But the old engines tend to lack defenses against 0wnage of the system via different holes. Major reason why new AV clients are so heavy on the system is because they actively try to stop any 'nasty' stuff from happening to the system - even against unknown threats using heuristics.

Older AV software also does not usually do anything against spyware and other crapware.

I've worked in PC repair, and its highly common to see systems with outdated AV software throughly owned by some spyware/adware, disabling the AV software (it would still fetch updates and claim all was well, but it would not do anything in reality), and it's not uncommon to find bunch of viruses in such cases as well.

If your system can't run a modern AV software (I recommend F-Secure, it's pretty lightweight for what it does), either upgrade your system, pull the network cable, or stop using Windows.

OneCares Results

Here are the tests and the results for one care.

Windows viruses 95,02%
Macro viruses 99,30%
Script viruses/malware 67,55%
Worms 89,21%
Backdoors 82,18%
Trojans 78,71%
other malware 58,38%
OtherOS viruses/malware 55,02%

And a bit more

Detection of over 222000 dialers excellent
Detection of over 130000 PUP's mediocre
Detection of over 230000 DOS viruses very high
Detection of polymorphic viruses 4 of 12

High scores for Norton

[Beryllium+Sphere(tm)]

Norton showed up near the top in several categories. Other large studies have shown the same thing.

The highly consistent feedback from people in the trenches has been along the lines of "I removed the viruses, then to make sure the machine ran OK I removed Norton Antivirus, then I installed Kaspersky and all has been well".

Anyone got a hypothesis to account for the difference?

Re:High scores for Norton

[Aladrin]

You mean something like: "Kaspersky has a higher % on that chart, AND it doesn't screw up the system?"

Norton, when it goes bad, is a nightmare to remove. And that's your only option, as you can't just fix the installation once it gets that bad. If you've already gone through the pain to remove it, why not just recommend the better solution and be done with it?

Personally, I like AVG, but that chart doesn't say great things about it. I'm disappointed in its performance. I'm seriously considering seeking a better solution.

Re:High scores for Norton

These tests only report how well the AV software detects viruses etc. Not how bloated the AV sofware is, nor how much it clogs up the rest of your machine's workings.

Re:High scores for Norton

[Lord_Sintra]

Yeah, I have serious trouble getting rid of Norton. It crashed half way through the uninstall, an them became impossible to delete. I had to go into Linux and manually remove it. Kaspersky seems better, but occasionally takes up 98%CPU, for no reason I can see.

Re:High scores for Norton

[York+the+Mysterious]

Norton has (particularly Internet Security from around 2004/2005) have a really hard time removing themselves. It seems like LiveUpdate changes the files and doesn't update the uninstaller. It's pretty pathetic of such a major company. The problem is so widespread that Symantec developed a removal too available on their website that searches for all of their recent products and wipes them off your hard drive. I like to run it after any Norton uninstall because they never go smoothly. I've worked at a University help desk for the last few years and the #1 thing I do is take Norton off computers. The stuff is just garbage. AVG always seems to find viruses on machines that have been protected and checked out fine with Norton and it doesn't slow a brand new machine to a crawl. I'd say I'm at about 500-700 Norton / McAfee removals so far. Perhaps more.

Re:High scores for Norton

[GIL_Dude]

I agree that norton can be a pig both while running and to uninstall. But symantec does have a utility on their web site that will rip it out for you if the uninstall is jacked up. It makes it pretty easy if you just try the uninstall and it fails - go straight to their utility and Norton will be gone.

Re:High scores for Norton

[DragonTHC]

I have seen the same thing.

norton doesn't find any viruses unless you actively scan.

what I've discovered in every situation is, the admin sets norton with the default settings, doesn't bother to schedule a scan or an update.

everytime I've seen it, there's an expired license for norton. This completely disables updates.

I install kaspersky and never have any more problems, except with the user.

Re:High scores for Norton

[flyingfsck]

The scanner is only as good as its update system. I use ClamAV - a fast update response, means a small window of vulnerability. Also, most importantly, ClamAV doesn't fsck up your system. It just works.

An outdated, fscked up Norton doesn't provide any protection...

Re:High scores for Norton

Pay closer attention to which AVG they tested. They tested AVG Antispyware, not AVG AntiVirus.

The test is bunk.

Kaspersky for Free

[bogie]

Kaspersky has always been rated highly and for those of you that don't know AOL, yes that AOL, has repackaged it for Free. I've personally been using it for a while and can whole heartedly recommend it without any hesitation.

http://www.activevirusshield.com/antivirus/freeav/ index.adp?

Re:Check those links!

[TSR+Wedge]

I'll leave you to find the irony in that.

Not suprising

[Monoman]

Companies that venture beyond their core skill set rarely get things right the first couple of times. Sometimes they never get it right but they don't care because it is all about making more money and/or keeping control.

Companies like MS, Cisco, IBM, et. al. typically don't want to coexist with complementary companies. It just goes against their greedy nature. They usually try to buy them or drive them out of business through competition.

There must be a theory that states this is good for consumers but we all know that it isn't always the case.

Microsoft

Good enough for screw ups; good enough for you.

Trend Micro?

Where is Trend Micro's PC-Cillin?

Re:Trend Micro?

[n0dna]

On the shelf at BestBuy where it belongs.

Does not matter if it is not the best!

[codepunk]

It does not matter in the least if anything they bundle is not the best. They own the platform and can bundle whatever they wish to eliminate the competition.

ermmmm...

[IT+073571]

It does not really matter whether the microsoft came in last because their product is still adequate enough to be used. We should not rely too much on the antivirus anyway. Sure they detect malware and stuff, but by the time that happens it just a little too late in term of security concern. If a user really concerns about security, then the first step to be taken should be getting to know the networks and systems vulnerabilities and how to prevent hackers and malware related from taking advantage of the vulnerabilities. For example, a stand alone machine should use a NAT box so that the IP address becomes a non-routable address and that would keep the malicious programs from getting into the system, therefore you dont really need an antivirus. But that does not mean you should dismiss antivirus altogether. The only way for a malicious program to get to that machine is by tricking the user into going to a website with such program, so here, the user has to be smart in deciding what to download and which sites to go. But just in case that if the user made a mistake by going to a malicious site, then what better to use than antivirus. But still, antivirus should not play the major role is keeping your machine free from malware if you really concern about security.

Re:ermmmm...

[evilneko]

I think you downplay the importance of effective anti-virus too much. As much as we may not like to admit it, vulnerabilities in the browser (no matter which browser) and infected ads will be with us for a long time. Human error and complacency will be with us forever.

That's how my dad's system was owned, and he wasn't even using Internet Explorer. A good AV would've stopped the infection cold. A firewall (outbound control) would've prevented it getting any worse, but wouldn't have stopped it completely. I take complete responsibility for it, though--I had been using the system as a testbed for trial-versions of various AV programs, and this happened after I had removed one and neglected to replace it (error). I also incorrectly assumed I had updated it (complacency) against the exploit which was used. The site where the infection took place? wfaa.com -- a local news station's website.

Re:ermmmm...

[justasecond]

For example, a stand alone machine should use a NAT box so that the IP address becomes a non-routable address and that would keep the malicious programs from getting into the system, therefore you dont really need an antivirus.

Question: How the hell does a NAT box prevent e-mail virus attacks? How about viruses that are auto-installed through a malicious webpage attacking web browser holes? What about that neat shareware program you downloaded last night?

Your statement is beyond stupid...you're treading into weapons-grade stupidity territory. How many people have you been telling this nonsense to?

Re:ermmmm...

[IT+073571]

first of all... do you even know what a NAT box is? and for your information... the NAT box makes the IP address non-routable.. meaning that people from the outside network cannot communicate with a machine that has a non-routable IP address. Think about it... how could an outsider send you anything malicious if they cannot get a hold of your IP? NAT will only allows access from the outside network if the non-routable machine initializes the communication. I did not say that you should disregard antivirus... infact, like i said in my earlier comment if you read it right... it is the best way to clean up the user's mistakes if the user were to go to any malicious site. if you want to talk about who's stupid... then i'd say its the person who seems to like to misunderstood of what he's reading in the first place then has the nerves give a comment like what you just did.

Re:ermmmm...

[justasecond]

Do I know what a NAT is? Well, let's see...just finished a graduate school course in computer security? Check. 5 years of running my company's servers under a NAT firewall that I designed myself? Check. Guess I do, huh?

Anyways, forgettabout NAT. You seem to be under the dangerous illusion that the standard infection vector for viruses are through block IP scanning/connection attempts to unprotected Windows services. That's patentently false. NAT is nothing more than security through obscurity, and does nothing to block the standard Windows infection vectors of a) e-mail attachments, b) Internet Explorer bug exploitation, and c) social engineering (coaxing a user to run an executable).

Also, there *are* ways to locate and fingerprint computers hiding behind NAT.

Oh, and by the way, you *did* say "disregard antivirus". You said "therefore you dont really need an antivirus.". Your words.

Re:ermmmm...

[IT+073571]

what i dont get is that why are your comments have to be so rude? are you intentionally rude because you think you're right and im wrong, or are you just naturally rude? i apologize for my last comment since you should know way more about security compare to me because this is only my first semester taking computer security for my undergraduate program. after all, you are obviously much older and much more experienced in this field, so i respect you. but all im trying to say is that antivirus should not play the major role in security feature because by the time the machine is attacked, its just a little too late. antivirus is not for prevention of attacks, it is there to clean up the mess. and i believe that a system is secure only if you can prevent the attacks. so if im wrong, then whats wrong with correcting me nicely and share your knowledge instead of commenting rudely?

Re:ermmmm...

[justasecond]

My apologies, and if I could, I'd rate myself -1, troll.

In fact, to an extent you're right. After bashing you about telling people they shouldn't use a virus scanner, I have to admit that I don't use one! And a small part of the reason for this is that I'm running behind a NAT firewall. (I also don't use IE or Outlook and run WindowXP under a limited account.)

My comments were directed at people using Internet Explorer, running an unpatched Windows2000 under an administrator account, and opening all those nice greeting card programs they get through e-mail. For them, anti-virus scanners are preventative, as they can stop the infections from occurring in the first place. It's not a good idea for them to feel secure just because they hide behind a gateway router.

you are obviously much older
Touché!

No sane IT would use them for comparison

The Virus GR site is much more informative, you can download the test results in a rar format. They also cover viruses, have forums, and recommend products among others.

http://www.virus.gr/english/fullxml/

Poor wine guys

[JohnboyHolmes]

This will be a sad day for the wine guys. Even when Microsoft try not to they can still run 17% of malware, last time I saw someone try to run malware through wine they couldn't get any of test apps to run 100% perfect :-) What a strange world we live in when Microsoft who doesn't want something to work can't stop it, and the wine guys who would feel complete if it did run can't get it to. Wouldn't it almost be in Microsoft's interest to contribute to wine to get malware working 100% on linux.

At what cost performance?

[bitbucketeer]

I'd like to know which of the highly rated products won't "Norton" the performance of my system... My ideal AV would be lean as well as mean. Who in their right mind wants a 99% sol'n that halves the performance of their system?

Re:At what cost performance?

[l0cust]

Use NOD32. Its as good as(if not better than) Kaspersky. I have been using Kaspersky for more than two years now and it is great but it does have the problem of slowing things down a bit (definitely not even close to what norton does to your system though) because it starts scanning each and everything which is being installed/downloaded/changed/deleted/renamed etc. I have tried NOD32 on the system at work and it works great. Planning to switch the one at home to NOD32 too.

Like No Child Left Behind....

[zerofoo]

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

As a network manager for a school, I can tell you that this attitude is not unique to the software industry.

-ted

Misidentification

I was a bit disappointed when it identified craagle.exe as "cracking software" and deleted it for me. How am I supposed to search for xp keys without it?

Re:Misidentification

[NalleBerg]

Try SIW http://www.gtopala.com/ - it gives you all the keys you might want from a Windows system- and any other info you might want from the machine/software too.
It can run from am memory stick if you want it to, so it cannot be deleted in a scan.

./nalle.

ClamAV is the worst antivirus ever created

[thisispurefud]

ClamAV is the worst antivirus ever created: http://www.pcwelt.de/news/sicherheit/64946/index.h tml http://www.pcwelt.de/imgserver/bdb/57800/57894/ori ginal.jpg

Re:Vacuum cleaner

[TaoPhoenix]

Their first one came in dead last. Then they posted a $4000 patch.

Linux : Speaking of which...

[DrYak]

Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines

Speaking of which, it is a pity that the opensource world wasn't represented :
ClamAV is a very good solution, it also has a Windows client which may lack real-time on-access scan, but has numerous plugins (like, for example, built-in for Outlook, or downloadable for FireFox) and few hacks for on-access scanning.
It has been regularly touted for its fast response time against new threats, it supports hrdware acceleration.

It's just a shame that nobody included the anti-virus in the comparison chart. It may not be a ready-for-joe-6pack AV product (no on-access scan) but it's a nice complement for power users.

Kaspersky and Etrust

[adiposity]

I use E-trust at work, it's fine and not a hog. Interesting that it and Kaspersky have identical scores! Anyone know the reason for this?

-Dan

Re:Kaspersky and Etrust

[adiposity]

oops, that was eScan...eTrust is not included.

What's wrong with AVG?

[brunes69]

I use AVG as well. Just wondering why you were 'disappointed' by the report?

At 96.37%, IMO they did very well. Especially when you consider the cost ($0).

Re:What's wrong with AVG?

[Aladrin]

It wasn't the overall score that disappointed me, but the specific scores. "89,04%" for Windows viruses? Ouch! "67,20%" for script viruses/malware? Double-ouch! (Other malware is a different category, which also performs poorly. I don't use it for anti-malware, but I expect it to catch the viral ones.)

Telling Comment?

[Plekto]

I remmber a show several years ago on the birth of the computer industry and on it they had Wozniak(Apple co-founder) commenting that "Microsoft makes second-rate junk for the masses" or sometihng to that effect.

And it still holds true today.

Just say no, bite the bullet, and learn to use *IX. It's like learning to drive stick. A bit of a problem, but once you do, a whole new world opens up to your driving experience.(plus, like *IX, a manual gearbox is cheaper to maintain as well as "hack" if things get wierd.(ie - can't push=start an automatic, for instance)

Ubuntuu is nice, but I like Xandros because it's backed by a company that well, answers emails and fixes stuff in a timely manner. Easy as pie to install as well.(you're paying for having everything in one place and the installers, which honestly, $60 is well worth it, IMO)