Slashdot Mirror
Microsoft Security Essentials Misses 39% of Malware
Barence writes "The latest tests from Dennis Publishing's security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher — with five scoring 98% or 99% — Microsoft's free antivirus software protected against only 61% of the malware samples used in the test. Microsoft conceded last year that its security software was intended to offer only "baseline" performance"."
Microsoft Windows hosts 99.999% of malware.
... they'd just get hit with an antitrust lawsuit.
http://dennistechnologylabs.com/reports/s/a-m/2013/DTL_2013_Q4_Home.1.pdf
Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used
I call bullshit. This seems like a paid advertisement to me. The only reason they used a few undetected ones was because no one would believe anything hit 100%
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
89.376% of stats from "security" outfits are crap with 99.9118000042% confidence interval.
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
So, either MSSE misses over a third of malware, or use Norton and your computer turns into a zombie with the performance of a 486 running WfWG...
Hmm, tough choice there.
-> I dislike sigs...
I tried downloading several lines distributions, and not once did MSSE try to stop me. Epic fail.
If they made a good security product, I'm pretty sure there would be much gnashing of teeth. Remember the uproar because MS dared to include a browser and media player? I'm sure if they put a decent antivirus product in Windows they'd just get sued again.
I just assumed that from the start. It's better than nothing, though.
Thank you.
Reading that, the more important news is probably that McAfee scored even worse.
L.O.L.
Also miss 100% of NSA/FBI malware.
http://www.geek.com/microsoft/microsoft-security-essentials-strikes-out-on-questionable-av-test-1538990/ Geek.com outed this testing firm last Friday for A) running MSE without applied windows updates, and B) accepting sponsorship from tested softwares.
Gently reply
Sorry that's last February not Friday
Gently reply
Norton is in the top 3, yet still many dismiss it as the worst possible thing on earth, based on obsolete knowledge from before 2008 and from expired copies not giving the right protection.
It is not that steamy bloated piece of shit known as 2007! Other labs report it as one of the best with minimal performance degration believe it or not.
It is re engineered and has a tarnished image like real player and IE which are hard to break.
http://saveie6.com/
If they made it good they'd just get hit with an antitrust lawsuit.
Yeah, and considering what happened last time, that'll have 'em shaking in their boots.
"Baseline performance" and "failing miserably while lieing to customers" don't mean the same thing. Not catching zero-days is one thing. Only catching ca. 30% is worse than flipping a coin.
"Tongue tied and twisted, just an Earth bound misfit
If you look at AV Comparitives, who seem to do pretty good testing, MSE is about 90%. That's quite low (though there are commercial apps that are worse) but the tradeoff is zero false positives on essentially every test.
It's certainly not what you get if you want highest security, but it does a reasonably good job, and doesn't generate false positives, which can piss off newbie users and make them want the AV scanner off. It also updates definitions via Windows Update, if its internal updater has an issue, which is nice for people who won't mind after their AV software.
It's not what I use, but it isn't a bad baseline. I'd sure as hell use it rather than Norton :P.
but i would seriously question the source of any "objective report" and check who paid for the report. I know how these things work....
Norton detected 99%. The other 1% is Norton.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
From a Shitty Software company. Why would they prevent viruses and malware from infecting their OS when their OS is basically a piece of stinking malware.
Who had the 99
It may be wonderful, but based on what happened in the early-mid 2000s I won't even look at Norton. I ditched Kaspersky when I bought a 3 license package for the office, but didn't need two of the S/Ns for a couple of months. When I installed them, I found that the timer on all three licenses expired based on when the first one was installed.
I'm not in a high-risk environment, so I'll stick with defender for the time being.
Is it just my observation, or are there way too many stupid people in the world?
I use Avast. This version I use now is pretty good. It is free. If you put it in game/silent mode it wont ever bug you. I notice minimal performance downgrade.
The good news is most AV software is rapidly improving with the exception of McCrappy. True Norton's answer for malware was to encapsolate the whole damn hammer! Worse, may the lord have mercy on your soul if you ran it on Vista! The disk would spin to eternity with indexing and with the whole virtual disk layer encapsulated doing a scam for each damn byte.
If you must use Windows you would be insane not to run anything. It is a sad reality but with all the malware and trojans using flash, zero day exploits, and popular ad networks you can't ever be secure. Even slashdot had malware hosted ads were you would get 0wned if you came here and had flash installed :-(
http://saveie6.com/
I don't know much about the current state of software viruses (I'm a Linux user!) but my understanding was a lot of them looked for suspicious behaviour rather than straight up definitions.
In that case if I'm a Malware writer it's nice if I can sneak around 3rd party anti-virus software, but it's not essential.
But if Security Essentials is built into Window's and it catches my suspicious behaviour every time, well there's not a big niche for my virus. Just like web developers would make sure their pages rendered under IE malware writers have to make sure their code runs under Security Essentials.
Note, this is a good sign for 3rd party anti-virus companies since it implies there's always going to be an opportunity to supply a better product.
I stole this Sig
... the Android OS. Malware by design.
Just read the linked article. They used Win XP w/SP3, IE7, and no other updates to windows even thought tons were available. Not win 7 or 8 with all the latest updates. So yeah, grats, an unpatched XP system is vulnerable.
From page 19 of the report:
What is the difference between a vendor and a partner vendor?
Partner vendors contribute financially to the test in return for a preview of the results, an opportunity to challenge results before publication and the right to use award logos in marketing material. Other participants first see the results on the day of publication and may not use award logos for any purpose.
Do you share samples with the vendors?
Partner vendors are able to download all samples from us after the test is complete. Other vendors may request a subset of the threats that compromised their products in order for them to verify our results. The same applies to client-side logs, including the network capture files. There is a small administration fee for the provision of this service.
I do not block ads. I do block third party scripts.
Geek.com outed this testing firm last Friday for A) running MSE without applied windows updates
I noticed that too while reading the PDF.
But it doesn't seem like much of a defense for MSE's and McAfee's extremely poor showing.
[Fuck Beta]
o0t!
If slashdot keeps posting bullshit and sensationalist articles like this, I'm going to stop reading. Either they're doing worse vetting of material, or I'm just noticing it more. For example, slashdot recently posted an article talking about how some malware authors made off with $30 million, but simply doing the math as described in the article showed the amount was $30k. Readers pointed this out, the article was corrected, but the sensationalist title wasn't revised.
I care about the security of MSE a great deal. MSE does what Av should do. It also does it in the background like it should and out of the way. MSE is a program/tool that is outstanding. Surprised to see it come out of Microsoft. If a paid version were needed/required, I'd pay, and I don't pay for Av protection.
"Mozilla, for instance, removed the ability for Firefox users to simply disable Javascript,"
Can you disable it via:
1. about:config
2. javascript.enabled -> Toggle to FALSE
?
Which effectively make this whole test meaningless. AV softwares passing 99% of tests might just use while-list scanning and report all kinds of weird behaviors regardless of their true purpose (cracks, custom patchers etc).
Kaspersky has the same licence issue. Multi-licences run concurrently, even if not taken up.
It misses 39% of KNOWN malware. There is plenty more which no (or very few) AV software products are able to detect, or eliminate. AV in general is not much more than a snake oil cure, making people think it's some kind of magic charm which holds away evil programs, but it's not, and I think that belief contributes more to actual malware infection than the software protects from.
Just for the sake of it, I made a small wallet.dat stealing trojan and I could find no AV vendor which was able to flag it as malware, even with the highest heuristics/sensitivity settings. If I were more malicious, I could have spread it and got several wallets and made potentially many thousands of dollars in a short time. As soon as AV companies tried to stop it, I could change it ever so slightly and it'd get through again. You know the sole reason I'm not adding to that percentage of FUD malware out there? Because I'm not malicious, and all I did with the wallets was see how easy it would be to crack their encryption (when they had it), and delete them (unless of course I found like a million dollars or something, I couldn't resist if I found that). There are plenty of other people out there though who are poor (or maybe just greedy) who are also far better programmers than I am, and their stuff remains FUD for a very long time. As soon as one version is deprecated they get rid of it and make a new FUD version, and AV companies block the old one and boast about how well protected you are if you buy their product.
MSE is still shit compared to other AV though.
I used to use http://vx.netlux.org/ It was a malware repository, everything that had been released and updated regularly.
It was a serious board for everything malware and filled a nitch. The boards country made any site that carried malware (short term) as illegal.
They fought for awhile and now you can see it's gone.
I always deleted the malware I downloaded, those I wish I'd of kept now.
Is there a place to download malware to check ones malware prevention/detection?
And not the EICAR test file.
Thanks
All I want is a program that combines Autoruns with StartupMonitor. and steps in when any Dll or executable is about to be modified, hell, the OS should do that anyway.
Over 5 years I have enjoyed running my PC virus free. and without the annoyance of anti-virus software's constant nagging. VirusTotal for when I'm in doubt and a scan with Malwarebytes Anti-Malware for when I get a tinge of paranoia.
Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
On the PDF http://dennistechnologylabs.com/reports/s/a-m/2013/DTL_2013_Q4_Home.1.pdf it lists Norton as the 3rd best antivirus, with 97% ranking.
But Norton has failed to catch even the most simple "Recycler Virus".
One of my co-worker's thumbdrive has the "recycler virus", specifically the "855366bc.exe", and I tested the Symantec antivirus on several systems (from the 2012 edition all the way to the latest 2014) and none caught that virus !
Perhaps Norton is focus too much on the sophisticated virus and forgotten all about the simpler, old fashion ones.
Muchas Gracias, Señor Edward Snowden !
And isn't Microsofts Endpoint Protection using the same core as Security Essentials. So much for protection...
Would love to hijack this thread and see what everyone uses since /. ers are likely more sophisticated and knowing in their selection than most ....
So, what you're saying is that after a great ~3 year run, MSE is no longer at the top of the hill in a landscape that is consistently ever changing? Big surprise!
Only, it's not a surprise at all. The best available antivirus package has always been changing, usually in a period of months. That's how the big players became big. For a period of time, their product was the best. Below is a list of former bests that are now derided as shit:
McAfee
Symantec/Norton
CA/Total Defense
TrendMicro
AVG
Avast
Panda
Kaspersky
Microsoft
All once(or more) the best. All now less so. Guess what, today's best will not be next month.
MSE used to be a pay-for service called Live OneCare from Microsoft, and as noted above used to be a separate product originally written by another company. So it's more of a good strategic acquisition rather than an inspired idea by the MS execs themselves. I don't know exactly why they went free, but you missed your chance to pay for it, unless you feel like getting Forefront licenses
Goddammit just when I get my first +5 the Beta rolls out and kills everything
This.
I used avast for a while then it turned to shit.
I used avg for a while then it turned to shit.
Clam av doesn't have online detection.
Norton turned to shit a long time ago.
Mcafee has always been shit (at least counting from when I first tried it).
Anti virus should get out of the way and not nag me when I try doing normal every day things.
Security Complete or Security Ultimate. It knows all about your KVM keygens too and doesn't tell the WGA police.
others call a utility.
MSE doesn't give a damn about Produkey. Every other antivirus I've ran wants to erase it.
I have a program called vfat.com, which was a disk defragmenter for MS-DOS, working only on FAT formatted disks. I have used it hundreds of times for years back in the days of dial-up 2400bps BBS. Now, everybody screams that it's some kind of virus. The damn file predates the Morris worm, and you're telling me that it's a virus, the VFAT virus?
Another program, pskill seems to be on most other antivirus lists. I think it got corrected, but I remember when mIRC was considered a virus because somebody was using it (surreptitiously) for command and control.
Bryan