Microsoft Security Essentials Misses 39% of Malware

← Back to Stories (view on slashdot.org)

Microsoft Security Essentials Misses 39% of Malware

Posted by timothy on Friday December 20, 2013 @12:22PM from the talked-harshly-with-the-other-61-percent dept.

Barence writes "The latest tests from Dennis Publishing's security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher — with five scoring 98% or 99% — Microsoft's free antivirus software protected against only 61% of the malware samples used in the test. Microsoft conceded last year that its security software was intended to offer only "baseline" performance"."

17 of 149 comments (clear)

Min score:

Reason:

Sort:

In other news by NoNonAlphaCharsHere · 2013-12-20 12:25 · Score: 5, Funny

Microsoft Windows hosts 99.999% of malware.
1. Re:In other news by Stormwatch · 2013-12-20 13:48 · Score: 4, Funny
  
  Obligatory blast(er worm) from the past...
  Is Windows a virus?
  No, Windows is not a virus. Here's what viruses do:
  1 - They replicate quickly - okay, Windows does that.
  2 - Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
  3 - Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
  4 - Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
  5 - Viruses will occasionally make the user suspect their system is too slow (see 2.) and the user will buy new hardware. Yup, that's with Windows, too.
  Until now it seems Windows is a virus, but there are fundamental differences: viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.
  So Windows is not a virus. It's a bug.
  
  --
  Circumcision is child abuse.
2. Re:In other news by tlambert · 2013-12-20 14:01 · Score: 4, Funny
  
  Windows is malare.
  no it's not. stop being dramatic. it only makes you look like an idiot.
  How exactly is Windows making him look like an idiot?
Actual Reports by mythosaz · 2013-12-20 12:26 · Score: 5, Informative

http://dennistechnologylabs.com/reports/s/a-m/2013/DTL_2013_Q4_Home.1.pdf
1. Re:Actual Reports by mythosaz · 2013-12-20 12:33 · Score: 5, Insightful
  
  7.2 Threat selection
  The malicious web links (URLs) used in the tests
  were not provided by any anti-malware vendor.
  They were picked from lists generated by Dennis
  Technology Labs’ own malicious site detection
  system, which uses popular search engine
  keywords submitted to Google. It analyses sites
  that are returned in the search results from a
  number of search engines and adds them to a
  database of malicious websites.
  In all cases, a control system (Verification Target
  System - VTS) was used to confirm that the URLs
  linked to actively malicious sites.
  Malicious URLs and files are not shared with any
  vendors during the testing process.
  In other words, you get to take his word for it, and we don't know what failed or why.
2. Re:Actual Reports by LordLimecat · 2013-12-20 16:52 · Score: 5, Insightful
  
  CryptoLocker has showed that to be the case.
  Having been on a team that dealt with cryptolocker, I can say that you are not correct.
  Cryptolocker often is sent as malicious executables contained in zip file email attachments, which could target Linux or OSX or AIX just as easily.
  
  you tend to be screwed no matter how good the AV program is,
  If the virus is in usermode, the AV can easily remove it no matter what measures it takes, since the AV runs with root privileges. If the virus has root, it depends on what virus and what AV and how recent each is.
  The whole premise of "Windows gets viruses because its insecure" is such an absurd myth thats been disproved so many times that its astonishing that people still make such a stupid claim. Go look up Pwn2Own, and see how vulnerable your *nix systems can be when theres a sufficient incentive to break in. Go look up the cross-platform PDF Proof of concept. Check the stats on what type of exploits are used for the majority of malware (OS / third party /browser plugin); I think you'll find that OS-level exploits are quite uncommon these days compared with the others.
  
  ...[2]....
  Viruses dont do that because there is no financial gain whatsoever to killing a Bitlocker volume.
3. Re:Actual Reports by hairyfeet · 2013-12-20 20:34 · Score: 4, Informative
  
  I have an even better question....how much of the stuff did he just ignore what MSE told him and kept on installing? How much was an actual failure, IE a drive by or zero warning from MSE, and how much was deliberate PEBKAC?
  As a PC builder and repairman I have more exp than most when it comes to bugs and AVs (disclosure, I give customers Comodo or Avira, depending on how big PEBKAC they are) and I use MSE on my gaming system and here is the thing...while MSE will TELL you, it won't yank the keyboard out of your hand and slap your wrists. You can say "I choose to ignore this" and click a single button and bypass the block. Now some AVs very much WILL yank the keyboard from you, in fact I recently stopped giving out Avast because it had gotten SO aggressive that even if you told it that it was a false positive and to let it run? it would just straight up ignore you.
  But here is the two things you must keep in mind if you choose to run MSE, 1.- It don't do shit as far as webpages, in fact I don't think I have ever seen MSE block single webpage no matter what was on it, so using a browser that runs in low rights mode is a must, and 2.- It was originally Giant AntiSpy and so that is what it works best on, its not really any good at blocking the social engineering based attacks we see a lot today, the "Hey its your BFF (insert name) on (insert chat client) and I found this great page, just click here!" where the person is then led to a page full of zero days type of attack.
  That said frankly you shouldn't be giving MSE to your clueless types anyway, that is what a sandboxing AV like Comodo or one that holds their hand like Avira is best at, what MSE is for is for your non clueless who aren't gonna be doing PEBKAC shit and just want a lightweight AV to scan executables and add another layer to their defenses. It was never designed to be the end all be all, you got half a dozen free AVs that do that particular job VERY well, but all of them do HELL of a lot more scanning and thus take up more cycles, and when I'm gaming or editing audio/video? I NEED those cycles, thanks anyway.
  My Win 7 system has been running ME since RTM in Oct 09 and its clean as a whistle, then again I run a low rights browser with ABP (a good 85% of bugs IME come from infected ads), don't run strange executables and don't click on email links either. If you are smart enough to show common sense on the web? MSE is fine. if not? Comodo, Avira, Avast, you have choices.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Bullshit by TheRealMindChild · 2013-12-20 12:26 · Score: 5, Interesting

Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used

I call bullshit. This seems like a paid advertisement to me. The only reason they used a few undetected ones was because no one would believe anything hit 100%

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
1. Re:Bullshit by 00Monkey · 2013-12-20 12:38 · Score: 4, Interesting
  
  Seconded! There's no way in hell NIS performed at this level on a legitimate test. It's shit and that's putting it nicely.
2. Re:Bullshit by Anonymous Coward · 2013-12-20 12:42 · Score: 5, Funny
  
  Norton failed to detect itself. That's why it only got 99%.
MSSE vs Norton by Mr+Foobar · 2013-12-20 12:28 · Score: 4, Insightful

So, either MSSE misses over a third of malware, or use Norton and your computer turns into a zombie with the performance of a 486 running WfWG...
Hmm, tough choice there.

--
-> I dislike sigs...
Re:They'd get convicted again by chuckugly · 2013-12-20 12:50 · Score: 4, Informative

It used to be pretty decent, at one point MS was trying to recruit me to work on that since I had a lot of AV development experience; I eventually declined and fed them a few resumes who they did hire, but to get to the point, they have done this in the past at least once before. Maintaining AV is an ongoing and expensive endeavor, and MS just doesn't seem to learn that lesson. It's not something they can develop and then tweak for year after year, they need to have developers and AV researchers on it 24/7, every week of the year. That's not cheap and apparently not their model.
Re:Bullshit February 2013 DennisTech by retroworks · 2013-12-20 12:56 · Score: 5, Informative

http://www.geek.com/microsoft/microsoft-security-essentials-strikes-out-on-questionable-av-test-1538990/ Geek.com outed this testing firm last Friday for A) running MSE without applied windows updates, and B) accepting sponsorship from tested softwares.

--
Gently reply
Sounds about right by Sycraft-fu · 2013-12-20 13:39 · Score: 5, Insightful

If you look at AV Comparitives, who seem to do pretty good testing, MSE is about 90%. That's quite low (though there are commercial apps that are worse) but the tradeoff is zero false positives on essentially every test.
It's certainly not what you get if you want highest security, but it does a reasonably good job, and doesn't generate false positives, which can piss off newbie users and make them want the AV scanner off. It also updates definitions via Windows Update, if its internal updater has an issue, which is nice for people who won't mind after their AV software.
It's not what I use, but it isn't a bad baseline. I'd sure as hell use it rather than Norton :P.
1. Re:Sounds about right by gman003 · 2013-12-20 18:31 · Score: 4, Insightful
  
  More to the point:
  Defense, of any sort, requires layers. And with enough layers, each individual layer can have quite a significant failure without compromising the integrity of the whole defense. My browsing habits, AdBlock, browser-based malware blocking, antivirus, and OS-level permission limits - all of those protect me. Each one probably only has a 90% success rate, but that combines to 99.999% effectiveness (assuming each layer is fully independent - in reality, stuff that can break one layer is likely able to break some of the others, so it may only be 99.9% effective, which is still pretty damn good).
  I use MSE not because it's the best, but because it's the least intrusive. It nags me to run a scan about once a month, and I think only once has it flagged any malware (false positive - I do scans with MalwareBytes every few months, which is much better at detection and removal but does nothing for real-time protection, and it did not find anything). Other than that, it doesn't put any noticeable load on my system or bother me with meaningless alerts - unlike even "good" AV like AVG.
Re:Oh look... by tqk · 2013-12-20 13:40 · Score: 4, Interesting

... based on obsolete knowledge from before 2008 and from expired copies not giving the right protection.
Meanwhile, free software ticks along happily needing none of this BS. Funny that.

--
"Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
Sponsored? by dcooper_db9 · 2013-12-20 16:06 · Score: 5, Insightful

From page 19 of the report:
What is the difference between a vendor and a partner vendor?
Partner vendors contribute financially to the test in return for a preview of the results, an opportunity to challenge results before publication and the right to use award logos in marketing material. Other participants first see the results on the day of publication and may not use award logos for any purpose.
Do you share samples with the vendors?
Partner vendors are able to download all samples from us after the test is complete. Other vendors may request a subset of the threats that compromised their products in order for them to verify our results. The same applies to client-side logs, including the network capture files. There is a small administration fee for the provision of this service.

--
I do not block ads. I do block third party scripts.