Microsoft OneCare Last in Antivirus Tests

Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap.

It'll get better over time

[Rosco+P.+Coltrane]

The OneCare team has access to the Windows source code, that's got to give them an edge.

Re:It'll get better over time

[Gothmolly]

How many times have we heard this from Microsoft? Why do people still reward this sort of behavior with continued purchases? If its going to kind of suck out of the box, and get better over time, and you can get support, why not use RedHat Linux or Solaris ?

Re:It'll get better over time

[rblancarte]

Are you serious? I mean, I am no Microsoft or Windows lover, but Linux is no alternative to Windows for Joe and Jane Average Computer user. Using my parents as a gauge (because I consider them pretty average computer users), having them using Linux as an OS would make zero sense. They are much more familiar with Windows products. They don't have to jump through hoops to send out documents that would be compatible with everyone else they communicate with (or to read the documents they get). They understand how to navigate the OS. Basically, the interface is a known to them.

Windows continues to dominate the market from past domination. Plus the fact that most any computer you can buy comes with the latest version of Windows. And because most users are familiar with their older products, they stick with what they know.

RonB

Re:It'll get better over time

[Ucklak]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Don't give me this BS that Dell offers Linux because if it isn't here, it doesn't exist.

I'm about as anti-MS as one can get but I also reailze their importance in the marketplace.
MS is obviously crippling 3rd party malware protection yet their own package fails to make the mark even though they have the advantage.

I've consistently said that MS has crappy programmers and this proves it. That comment is not an attack on the employees but a dig at the finished product which is a reflection on the programmers.
The individuals who program may have talent but when it comes to the committee that puts it all together, it's a mish mash of crap.

I setup an OEM Vista installation last week which was my first exposure to Vista.
Is it better than XP SP2? Didn't seem so to me.
Visually appealing theme wise? I think so. Much better than the default XP theme.
I didn't get all those annoying permission popups when trying to create and delete files that was reported earlier. The popups I did get I didn't feel like it was an intrusion as I didn't get too many unless I was trying to install something.
With 2Gigs of ram, it did seem to perform slower than XP SP2 with 512MB of ram. Wow. That's the perception that matters to the end user too.

What's wrong with Vista is that it's too wordy.
The security center is too confusing for the end user and too wordy.
The popups are too wordy and not intuitively selectable. You get 2 or so choices on popups that don't appear to be decision making selections yet it is asking a question and awaiting an answer.

The other thing that really never bothered me before but Vista does it wrong (on my first impression) is the left-mouse/right-mouse selections.
I don't remember exactly but I was trying to look at network properties or something like that and double left click was different than right click > properties. Much different than XP and before.
What I remember was that what I wanted didn't happen when I selected it making me to have to remember how to get the proper properties of a particular object.
At that moment I finally realized why the Mac had only 1 button on their mouse.

Re:It'll get better over time

[Johann+Lau]

So what you're actually saying is that nothing is an alternative to Windows for Joe and Jane Average Computer user, not just Linux. Which makes me wonder: how did people start using Windows? Weren't they too used to not using Windows to "relearn"? How did people learn to use cellphones, or to use number pads instead of dials before that? People don't stick with what they know, they stick with what everyone else uses and/or tells them to use. There is a difference.

Re:It'll get better over time

[suman28]

You are doing nothing but put your parents "in a box". I repair computers around my neighbourhood and when people tell me they lost their Windows CD or it didn't come with CDs or whatever, I tell them they can spend an extra 150 for their "Genuine" copy of Windows or use Linux. I cannot tell you how many people choose Linux. I tell them to give it a try, since most of them are not using it for anything more than Web browsing and photo viewing. If they don't like it (and some don't), they come back to me and spend an extra 150 or whatever. I have a few Average Computer users that use Linux and are quite satisfied. Thank you.

Re:It'll get better over time

[jorghis]

Everyone keeps saying this and I dont understand the logic behind it.

Even if it were true that they had access to windows source, how would this help them? Everyone has claimed that it does, but noone has explained how.

Re:It'll get better over time

[nakkenakuttaja]

My father is 76 years old and has only used computer for the last 5 years or so. His first PC had Windows 98, but last year I updated his computer with new motherboard, harddisc etc. + I installed Kubuntu on it. He has been very satisfied with it using Linux. I don't think Linux is more difficult to use than Windows. OK, my father probably would not be able to install Kubuntu, but he probably he could not install Windows either.

Re:It'll get better over time

[multipartmixed]

They will continue to design new viruses at a faster rate than Norton, McAfee and Grisoft combined!

Of course, the assumption here is that Microsoft's virus will be able to block the viruses they write. Sorta basic for a Virus Company, but we all know how good MS is at closing the loop..

Re:It'll get better over time

[falsified]

Realistically, for home use, AND for most users (myself included) there WASN'T anything before Windows anyway. Yeah, MacOS, but if I remember correctly the first Macs weren't exactly priced for the casual user. DOS was dominant and Windows ran on top of it. It was a GUI a person could ease into while still duking it out on the more familiar command line.

As OS tasks shift to the Web (and I think that will happen), we'll see a shift to the more stable Linux OS because the casual user won't have to figure out why their computer "has roots" (or whatever...)

Re:It'll get better over time

[mastershake_phd]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.
 
Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do?

Old Viruses

[Subbynet]

I have always had a problem with these "stats".

If Microsoft know 50% (for example) of viruses are so old and won't run on 2000/XP, and they then decide not to search for them during AV tests... Does that mean the AV missed it - or quite rightly the code is so old that MS no longer considered a threat?

Re:Old Viruses

Just because a virus won't run doesn't mean it should be dismissed. Any machine can still be a vector of transmission for viruses that will infect others. Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines, not because they want to protect themselves.

Re:Old Viruses

[Subbynet]

True...

But this is Microsoft, with a product made for Windows XP / Vista. Tell me why they should care about Macs and Linux?

There is that old saying - always look after yourself, and its one I adhere to with regards to Anti-Virus... Just because it was checked at the mail server does not mean I won't check it again.

So using that premise, why should OneCare look or care about Viruses which won't run on the platform?

Re:Old Viruses

[Llywelyn]

Its not that they should care about Macs or Linux, but one would think they would care about older versions of Windows.

The reasons are the same that Mac antivirus programs strip out windows viruses, and viruses from as far back as OS 6. Just because it cannot infect this system, does not mean it is not a threat in general.

Besides, what evidence do you have that what they missed were older viruses? While I admit this is a valid hypothesis, I see no evidence for it one way or another.

Re:Old Viruses

[alx5000]

Sorry to hit you again with the GP's point, but why should they care about older versions of Windows? Doesn't that undermine the get-your-new-shiny-omg-pretty-colors-OS-same-as-be fore-but-with-round-corners philosophy?

We hear every day about MS dropping support from old OS's (something I would stand for, as long as those systems weren't as fucking widely used as W2K is); infecting them and not Vista/XP/Whatever makes the latter look more secure (and as Windows users go, they only way to move).

Feel free to bash me anyway you want, I was only playing Devil's advocate here.

Encouraging companies to overemphasize tests

[jorghis]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test. I'm not trying to single MS out here, video card manufacturers do this sort of thing all the time, hell it may be that the top performers on this test did it too.

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

Re:Encouraging companies to overemphasize tests

[TrappedByMyself]

Incidentally, why all the MS hate?

1) Pretty much all these viruses/malware target Microsoft's own software

2) Microsoft has more resources than all the other companies combined.

3) People are going with Microsoft's solution assuming that it is the best one

So basically, Microsoft's half-assed software made antivirus software a requirement in the first place. Instead of using their vast resources to fix the underlying problems, they build more half-assed software as part of their big money grab.

How about some constructive news?

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Re:How about some constructive news?

[ip_freely_2000]

Too bad you entered this as AC. I would have given you +1 Insightful.

I guess it's easier for people to take a cheap shot than actually help them improve their systems. Slashdot is so sadly predictable.

Re:How about some constructive news?

[stewbacca]

Considering how much hype Microsoft has created to improve their image as being extraordinarily lame in security, I think the last place finish IS the story. Whoopy doo, a bunch of boring utility programs going head to head, mostly doing the same things equally well....except Microsoft, the multi-billion dollar corporation that controls the OS.

This is just another indictment of the corporate culture of Microsoft...money first, customers somewhere near the bottom. Microsoft includes a bunch of half-assed, half finished apps so they can put on the packaging that Windows has it. The sad thing is OneCare is just another "check-the-block" feature, and average Joe won't know how awful it is or even care. They'll see it has security software bundled in and think that's all they need.

Re:How about some constructive news?

[JebusIsLord]

I installed OneCare myself during the beta period, and was impressed with how well it integrated into Windowsm and didn't try to sell me anything else once in there (Are you listening, McAfee??) Resource usage was also much better than Norton.

I'm disappointed that it performed so poorly. However, I'm not running it anymore anyhow, since I switched to Vista 64-bit and OneCare doesn't work on 64-bit platforms :|

Re:How about some constructive news?

[MSG]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

I disagree. Certainly, it is important to note which package came in at the top, as advice on what users should use. However, since OneCare is Microsoft's own service, and may be more accessible and better marketed to PC users, I would argue that it is in fact more important to note how badly it scored so that users know what not to use.

If all of the products being evaluated were equally marketed and accessible, then I would back your argument. However, because I don't believe that to be the situation, I disagree.

No love for open source, ClamAV

[HTMLSpinnr]

There's no mention of ClamAV's performance in these tests. Granted, it probably isn't designed to be as "complete" as some of the other packages noted, it'd be interesting to see how it fares for those of us who use it on mail gateways and servers.

Besides, it'd have to be better than Microsoft's OneCare!

Re:No love for open source, ClamAV

[Southpaw018]

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link

It actually wasn't "good enough"

[RootWind]

The software has to detect 85% or more to be considered for the on-demand test. MS OneCare was only included for the first time most likely due to the reputation of the former RAV. OneCare will be dropped from the test if they don't improve to 85%.

How about tests on older versions?

[schwit1]

I'm curious if older AV versions with current signatures are less capable.

I use McAfee v7.1 because the overhead compared to the newer versions is much lower.

Re:How about tests on older versions?

[Jarnis]

It depends.

If you just use them to scan executables/emails before opening anything, for that an older one with up to date signatures should do fine.

But the old engines tend to lack defenses against 0wnage of the system via different holes. Major reason why new AV clients are so heavy on the system is because they actively try to stop any 'nasty' stuff from happening to the system - even against unknown threats using heuristics.

Older AV software also does not usually do anything against spyware and other crapware.

I've worked in PC repair, and its highly common to see systems with outdated AV software throughly owned by some spyware/adware, disabling the AV software (it would still fetch updates and claim all was well, but it would not do anything in reality), and it's not uncommon to find bunch of viruses in such cases as well.

If your system can't run a modern AV software (I recommend F-Secure, it's pretty lightweight for what it does), either upgrade your system, pull the network cable, or stop using Windows.

Re:Coherence

[El_Muerte_TDS]

If your businessplan relies on the failure of an other party you have no right to complain when said party finally manages to reduce their failures.

OneCares Results

Here are the tests and the results for one care.

Windows viruses 95,02%
Macro viruses 99,30%
Script viruses/malware 67,55%
Worms 89,21%
Backdoors 82,18%
Trojans 78,71%
other malware 58,38%
OtherOS viruses/malware 55,02%

And a bit more

Detection of over 222000 dialers excellent
Detection of over 130000 PUP's mediocre
Detection of over 230000 DOS viruses very high
Detection of polymorphic viruses 4 of 12

Re:Damned if they do, damned if they don't

[RLaager]

I think it's the first point where you're off... Microsoft gets slammed for having a buggy OS and insecurity software that make virus propegation easy. Adding anti-virus software has never been a good solution... it's just a band-aid.

Kaspersky for Free

[bogie]

Kaspersky has always been rated highly and for those of you that don't know AOL, yes that AOL, has repackaged it for Free. I've personally been using it for a while and can whole heartedly recommend it without any hesitation.

http://www.activevirusshield.com/antivirus/freeav/ index.adp?

Re:High scores for Norton

[Aladrin]

You mean something like: "Kaspersky has a higher % on that chart, AND it doesn't screw up the system?"

Norton, when it goes bad, is a nightmare to remove. And that's your only option, as you can't just fix the installation once it gets that bad. If you've already gone through the pain to remove it, why not just recommend the better solution and be done with it?

Personally, I like AVG, but that chart doesn't say great things about it. I'm disappointed in its performance. I'm seriously considering seeking a better solution.

Re:High scores for Norton

[Lord_Sintra]

Yeah, I have serious trouble getting rid of Norton. It crashed half way through the uninstall, an them became impossible to delete. I had to go into Linux and manually remove it. Kaspersky seems better, but occasionally takes up 98%CPU, for no reason I can see.

ermmmm...

[IT+073571]

It does not really matter whether the microsoft came in last because their product is still adequate enough to be used. We should not rely too much on the antivirus anyway. Sure they detect malware and stuff, but by the time that happens it just a little too late in term of security concern. If a user really concerns about security, then the first step to be taken should be getting to know the networks and systems vulnerabilities and how to prevent hackers and malware related from taking advantage of the vulnerabilities. For example, a stand alone machine should use a NAT box so that the IP address becomes a non-routable address and that would keep the malicious programs from getting into the system, therefore you dont really need an antivirus. But that does not mean you should dismiss antivirus altogether. The only way for a malicious program to get to that machine is by tricking the user into going to a website with such program, so here, the user has to be smart in deciding what to download and which sites to go. But just in case that if the user made a mistake by going to a malicious site, then what better to use than antivirus. But still, antivirus should not play the major role is keeping your machine free from malware if you really concern about security.

Re:Coherence

[Bert64]

But MS are not fixing the actual problem, they are just selling their own bandaid addon like other companies have been doing for years, only theirs is inferior to the ones already available.
This can only be bad for the consumer... MS now have a conflict of interest between improving the security of windows, or leaving it poor to encourage sales of onecare... Their product will also end up widely used despite the lack of quality, it will sell just like every other MS product simply because it gets pushed along with sales of window/office. The sales reps will start offering discounts against windows/office if they take onecare too, and the customers will consider it pointless to have 2 antivirus products and won't bother buying a third party one anymore.
Once all the other AV vendors are out of business, and all windows users are running onecare or nothing, the malware will have a much easier time of it because malware authors will now have a single known target.

Re:High scores for Norton

[GIL_Dude]

I agree that norton can be a pig both while running and to uninstall. But symantec does have a utility on their web site that will rip it out for you if the uninstall is jacked up. It makes it pretty easy if you just try the uninstall and it fails - go straight to their utility and Norton will be gone.

At what cost performance?

[bitbucketeer]

I'd like to know which of the highly rated products won't "Norton" the performance of my system... My ideal AV would be lean as well as mean. Who in their right mind wants a 99% sol'n that halves the performance of their system?