Microsoft OneCare Last in Antivirus Tests

Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap.

It'll get better over time

[Rosco+P.+Coltrane]

The OneCare team has access to the Windows source code, that's got to give them an edge.

Re:It'll get better over time

[Gothmolly]

How many times have we heard this from Microsoft? Why do people still reward this sort of behavior with continued purchases? If its going to kind of suck out of the box, and get better over time, and you can get support, why not use RedHat Linux or Solaris ?

Re:It'll get better over time

[Johann+Lau]

So what you're actually saying is that nothing is an alternative to Windows for Joe and Jane Average Computer user, not just Linux. Which makes me wonder: how did people start using Windows? Weren't they too used to not using Windows to "relearn"? How did people learn to use cellphones, or to use number pads instead of dials before that? People don't stick with what they know, they stick with what everyone else uses and/or tells them to use. There is a difference.

Re:It'll get better over time

[suman28]

You are doing nothing but put your parents "in a box". I repair computers around my neighbourhood and when people tell me they lost their Windows CD or it didn't come with CDs or whatever, I tell them they can spend an extra 150 for their "Genuine" copy of Windows or use Linux. I cannot tell you how many people choose Linux. I tell them to give it a try, since most of them are not using it for anything more than Web browsing and photo viewing. If they don't like it (and some don't), they come back to me and spend an extra 150 or whatever. I have a few Average Computer users that use Linux and are quite satisfied. Thank you.

Re:It'll get better over time

[mastershake_phd]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.
 
Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do?

Old Viruses

[Subbynet]

I have always had a problem with these "stats".

If Microsoft know 50% (for example) of viruses are so old and won't run on 2000/XP, and they then decide not to search for them during AV tests... Does that mean the AV missed it - or quite rightly the code is so old that MS no longer considered a threat?

Re:Old Viruses

Just because a virus won't run doesn't mean it should be dismissed. Any machine can still be a vector of transmission for viruses that will infect others. Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines, not because they want to protect themselves.

Re:Old Viruses

[Llywelyn]

Its not that they should care about Macs or Linux, but one would think they would care about older versions of Windows.

The reasons are the same that Mac antivirus programs strip out windows viruses, and viruses from as far back as OS 6. Just because it cannot infect this system, does not mean it is not a threat in general.

Besides, what evidence do you have that what they missed were older viruses? While I admit this is a valid hypothesis, I see no evidence for it one way or another.

Re:Old Viruses

[alx5000]

Sorry to hit you again with the GP's point, but why should they care about older versions of Windows? Doesn't that undermine the get-your-new-shiny-omg-pretty-colors-OS-same-as-be fore-but-with-round-corners philosophy?

We hear every day about MS dropping support from old OS's (something I would stand for, as long as those systems weren't as fucking widely used as W2K is); infecting them and not Vista/XP/Whatever makes the latter look more secure (and as Windows users go, they only way to move).

Feel free to bash me anyway you want, I was only playing Devil's advocate here.

Encouraging companies to overemphasize tests

[jorghis]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test. I'm not trying to single MS out here, video card manufacturers do this sort of thing all the time, hell it may be that the top performers on this test did it too.

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

Re:Encouraging companies to overemphasize tests

[TrappedByMyself]

Incidentally, why all the MS hate?

1) Pretty much all these viruses/malware target Microsoft's own software

2) Microsoft has more resources than all the other companies combined.

3) People are going with Microsoft's solution assuming that it is the best one

So basically, Microsoft's half-assed software made antivirus software a requirement in the first place. Instead of using their vast resources to fix the underlying problems, they build more half-assed software as part of their big money grab.

How about some constructive news?

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Re:How about some constructive news?

[MSG]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

I disagree. Certainly, it is important to note which package came in at the top, as advice on what users should use. However, since OneCare is Microsoft's own service, and may be more accessible and better marketed to PC users, I would argue that it is in fact more important to note how badly it scored so that users know what not to use.

If all of the products being evaluated were equally marketed and accessible, then I would back your argument. However, because I don't believe that to be the situation, I disagree.

No love for open source, ClamAV

[HTMLSpinnr]

There's no mention of ClamAV's performance in these tests. Granted, it probably isn't designed to be as "complete" as some of the other packages noted, it'd be interesting to see how it fares for those of us who use it on mail gateways and servers.

Besides, it'd have to be better than Microsoft's OneCare!

Re:No love for open source, ClamAV

[Southpaw018]

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link

It actually wasn't "good enough"

[RootWind]

The software has to detect 85% or more to be considered for the on-demand test. MS OneCare was only included for the first time most likely due to the reputation of the former RAV. OneCare will be dropped from the test if they don't improve to 85%.

How about tests on older versions?

[schwit1]

I'm curious if older AV versions with current signatures are less capable.

I use McAfee v7.1 because the overhead compared to the newer versions is much lower.

Re:High scores for Norton

[Aladrin]

You mean something like: "Kaspersky has a higher % on that chart, AND it doesn't screw up the system?"

Norton, when it goes bad, is a nightmare to remove. And that's your only option, as you can't just fix the installation once it gets that bad. If you've already gone through the pain to remove it, why not just recommend the better solution and be done with it?

Personally, I like AVG, but that chart doesn't say great things about it. I'm disappointed in its performance. I'm seriously considering seeking a better solution.