AV-Test Deems Windows Security Essentials "Very Good"

← Back to Stories (view on slashdot.org)

AV-Test Deems Windows Security Essentials "Very Good"

Posted by timothy on Wednesday June 24, 2009 @09:57AM from the if-you're-in-the-right-demographic dept.

CWmike writes "Microsoft's new free security software, Windows Security Essentials, passed a preliminary antivirus exam with flying colors, said independent and trusted firm AV-Test, which tested Essentials, launched yesterday in beta, on Windows XP, Vista and Windows 7. It put it up against nearly 3,200 common viruses, bot Trojans and worms, said Andreas Marx, one of the firm's managers. The malware was culled from the most recent WildList, a list of threats actually actively attacking computers. 'All files were properly detected and treated by the product,' Marx said in an e-mail. 'That's good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.' It also tested well on false positives."

20 of 318 comments (clear)

Min score:

Reason:

Sort:

I wonder how Symantec, Norton, et will react by supercell · 2009-06-24 10:06 · Score: 5, Interesting

Norton, Symantec and others have created an entire multi-billion dollar subscription based industry around virus protection for Windows. I wonder how they are going to react to this potential bomb for there business model?
1. Re:I wonder how Symantec, Norton, et will react by Anonymous Coward · 2009-06-24 10:13 · Score: 5, Interesting
  
  claim anti-trust and attempt to sue.
  How dare microsoft plug security holes themselves.
  Come on EU, save us from a secure windows platform.
Anti-trust? by Roger+W+Moore · 2009-06-24 10:08 · Score: 3, Interesting

Should be interesting to see if the current AV vendors try the anti-trust card with MS for this. I imagine it will be a vary hard case to make since really all they are trying to do is fix their broken OS.
1. Re:Anti-trust? by bill_kress · 2009-06-24 10:10 · Score: 5, Interesting
  
  There was talk about antitrust suits when Microsoft first included the TCP/IP stack in windows. Before that you had to go to another vendor.
  It made life a LOT more easy once it was built into the OS.
  I'm pretty sure the same thing will be true of AV software.
2. Re:Anti-trust? by Anonymous Coward · 2009-06-24 10:16 · Score: 2, Interesting
  
  It should be noted that Bill Kress is a Public Relations "professional" who works under contract for Microsoft.
3. Re:Anti-trust? by Anonymous Coward · 2009-06-24 12:22 · Score: 0, Interesting
  
  So, in other words, Apple App Store?
  Thanks, but no thanks. I deal with it on my iPhone, I don't want that restriction on my computer.
4. Re:Anti-trust? by b4dc0d3r · 2009-06-24 12:26 · Score: 2, Interesting
  
  Let me rephrase. They don't consider bugs important unless someone can turn it into a vulnerability. Previous examples have shown that it is possible to turn a seemingly benign bug into a security hole, with a little flash of insight.
  I should be able to submit bug reports directly to MS, instead of having to talk to a desk jockey at the OEM who never passes it on to the company that wrote the software. They would prefer you didn't do that. They will take your "send error report to microsoft" data, but at that point it's just statistical - whatever gets the most reports gets attention.
  They should say at this point, you know what, let us know if you find something and we'll take a look at it to make sure it's not going to cause problems. You know how much that would cost? Probably not as much as you think if it's simple triage.
  If I didn't work at a fortune 100 company, I wouldn't have a vendor support contact I could just call up and say hey this is causing problems, can you look at it? Smart people who know what they are doing can give great feedback and have it completely ignored because it doesn't seem worthwhile to look at something that might have problems.
  They will always have problems with third-party code, and not much you can do about it. But you have to realize that the attack surface area increases, and have your bug-squasher team increase in surface area along with it. I don't see an equal response. Sure I'll be your effective beta tester, but I don't want to hear one more detailed report about bug reports getting ignored.
  Simple, eh?
5. Re:Anti-trust? by shutdown+-p+now · 2009-06-24 15:54 · Score: 4, Interesting
  
  I should be able to submit bug reports directly to MS
  secure@microsoft.com
  I have actually submitted information about a vulnerability that way. It was fixed.
6. Re:Anti-trust? by L4t3r4lu5 · 2009-06-24 19:59 · Score: 2, Interesting
  
  Well, you're correct in that it's a control for rights elevation for a particular process, but way, way off apart from that.
  
  sudo is a manual control; You have to physically type the command into your shell to instigate a rise in privilege. UAC asks you if you want to raise privilege. To a (l)user, desensitised as they are by Microsofts' abuse of message dialogues, clicking "Yes" is almost coded into muscle memory, and it's between MS and the users to sort out who is responsible for that situation.
  
  AFAICT, UAC is just a get-out. It shifts the onus for installing crapware onto users PCs onto the user, as MS can now say "Look, you had to type in the password! You didn't read the box? Oh, well then... That's not our fault!"
  
  sudo requires knowledge. Pressing "Yes" only requires impatience.
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
Hitler's Kosher Hotdogs by EdIII · 2009-06-24 10:08 · Score: 5, Interesting

It's interesting, but at this point can Microsoft really convince anyone that they are serious about putting out a quality product? I think that is there biggest problem here... PR.j I will admit I laughed when I saw the article, and it is Microsoft's reputation that made me laugh. Maybe it is good, but I am I really willing to give them the chance with something that important?
I can remember articles talking about Windows Firewall in the past as being pretty darn good too, yet it seems the first thing a tech person does is to deactivate these days.
Let's face it. If Microsoft was seriously competent about doing these "core" activities, would the 3rd party market be as big as it is?
In any case it will be interesting if they start shipping Windows with this pre-installed. Then maybe the manufacturers won't be so quick to bundle Norton/McAffee with their products, and THAT will be fun to watch.
1. Re:Hitler's Kosher Hotdogs by Pharmboy · 2009-06-24 12:57 · Score: 2, Interesting
  
  People forget (or weren't alive yet) that Windows roots are on a very limited platform that even a Linux kernel can't run on (no hardware support for "root" on a 8088)
  Not exactly accurate. For starters, Windows NT 3.1/3.5 also ran on Alpha and MIPs, not just x86. More importantly, Windows didn't take off until the 386 came out (and i386 is still the basis for much code, including Linux). Almost no one ran Windows on a 286, and virtually no one on a 8086/8088.
  Code originally designed to run on a 8086 and 286 won't even run on a 64 bit version of Vista (and 64 bit is the standard now, assuming you want over 3-4gb of ram, depending on BIOS). The 64 bit version doesn't have any 8 or 16 bit API support, only 32/64, unless you can hack it in virtualization. There really is no reason to run a 32 bit version of Windows 7 either, unless you need those old apps (not common) and will never need 4gb of ram (unlikely).
  In short, Windows Vista/64 and 7/64 won't run DOS or 8088 code, and *isn't* backward compatible.
  As a side note, I *think* you can install the 64 bit version of Linux and run DOS apps in a dosbox if you need. Will have to try that on the servers at work and see.
  
  --
  Tequila: It's not just for breakfast anymore!
2. Re:Hitler's Kosher Hotdogs by westlake · 2009-06-24 13:00 · Score: 4, Interesting
  
  It's interesting, but at this point can Microsoft really convince anyone that they are serious about putting out a quality product?
  Microsoft is strongly positioned as a client OS. On the server. In core business applications. In development tools. In console gaming....
  In software software sales, MS Office is bigger than games.
  Bigger than anything. It is the tail that wags the dog. The 900 pound gorilla. Choose whatever metaphor you like.
  The Win 7 Beta opened to rock-solid reviews and has effortlessly claimed about half the market share of Linux on the desktop. Operating System Market Share
  The geek knows all of this intellectually, but he can't process it emotionally. It is easier to live within the bubble.
  I can remember articles talking about Windows Firewall in the past as being pretty darn good too, yet it seems the first thing a tech person does is to deactivate these days.
  Windows Firewall wasn't designed for the techie.
  It was designed for the user relentlessly nagged by requests to approve outbound access for the obscure subroutines of programs that already have his permission to access the net.
It makes sense by phantomfive · 2009-06-24 10:09 · Score: 5, Interesting

The Microsoft style is to solve problems by throwing a lot of people at it, and they use that strategy fairly well. Instead of simplifying the structure to where it can be reasonably dealt with by a small group of people, they are happy to make it big. For example, compare the number of system calls in the windows kernel with the number in the Linux kernel. Having so many more system calls means each internal refactor will have to take more into consideration, as well as requiring more testing, but it's ok, Microsoft is happy to throw lots of testers at it. The ASP.net model, which basically wraps a whole system around html/javascript to encapsulate it and make it easier for the average programmer was an amazingly man-hour intensive job, once again requiring lots of testing and many special cases, and yet Microsoft did it.

That operating style is especially well suited to AV software, because it is a job that can be easily broken up and handed out to different programmers, and catching all the viruses is a job that can be easily helped if you have a lot of programmers and testers. It makes sense that Microsoft would write good AV software.

--
Qxe4
1. Re:It makes sense by Dutchboy2000 · 2009-06-24 11:33 · Score: 5, Interesting
  
  In my view, using a "small subset of the .NET framework" is not an argument against using ASP.NET. .NET is a huge and extremely varied framework (as you evidently know well). It would be a very odd case where any particular application - whether it be web or Win32 - would require the majority of the functionality provided through .NET.
  
  But the fact that all I need is a screwdriver does not lessen the value of having a well-stocked toolbox. The first time I had to create a web application that could consume and perform complex recursive logic on XML files created by a mobile application framework, I didn't have to wonder whether .NET provided the necessary functionality. I knew it did even though I'd never used it before.
  
  I'm not going to sit here and tell you there aren't things about .NET that drive me nuts. And, in fairness, I don't have a lot of experience with other web application frameworks. Still, .NET gives me what I need when I need it and without a lot of fuss. The biggest problems I deal with each day have very little to do with my framework of choice and much more to do with things outside of my control. C'est la vie, eh?
  
  By the way, I'm the Anonymous Coward that posted above. I just created a new Slashdot account so now I can be a Well-Known Coward.
Great if you're living in one of 5 countries... by jpedlow · 2009-06-24 10:22 · Score: 3, Interesting

So I decided i'd check it out for my XP box.... "Not available in your country or region You appear to be in a country or region where the Microsoft Security Essentials Beta is unavailable. This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only). " So...not Canada? *sigh* Well, time for Nod32 or kaspersky I guess...
Re:Microsoft Hate by h4rr4r · 2009-06-24 11:22 · Score: 4, Interesting

Try using it.
1.
A shell that uses objects is asinine.
It looks like a bunch of java idiots tried to make a shell. If I wanted objects I would use a programming language, this is supposed to be scripting.
2. No ssh, lame.
3. does not support anything like authorized_keys.
Re:Microsoft Hate by ClosedSource · 2009-06-24 12:40 · Score: 1, Interesting

"A shell that uses objects is asinine."
Right. We forgot that UNIX fans worship ASCII.
Re:It seems wrong for an OS vendor/maker to do thi by TSPhoenix · 2009-06-24 12:46 · Score: 5, Interesting

Its a social problem, not a technical one.
All UAC did was train people to press "Yes" on every dialog even more zealously than before. A system based around asking important questions to people who neither understand or care is not a good one. sudo works because everyone using it does care.
What MS is doing here is clever IMO. Instead of trusting the user to not do anything dumb, they've instead given them a big "Press me to fix your computer" button to wail on. People will see their computer is being slow, hit the button and hopefully the problem will be fixed.
Re:Maybe, but... by shutdown+-p+now · 2009-06-24 16:44 · Score: 5, Interesting

Viruses don't target server environments. That's pretty much by definition - as they require active user interaction to spread.
Exploits are a different thing, but, really, have you looked at vulnerability stats in Apache vs IIS6/7 lately? Try it, you might be surprised.
Re:directed self-interest by simplexion · 2009-06-24 18:05 · Score: 1, Interesting

I recommend the best solution to the client all the time. They just like to ignore it and go with Windows anyway.