Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Security Essentials Misses 39% of Malware

Posted by timothy on from the talked-harshly-with-the-other-61-percent dept.

Barence writes "The latest tests from Dennis Publishing's security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher — with five scoring 98% or 99% — Microsoft's free antivirus software protected against only 61% of the malware samples used in the test. Microsoft conceded last year that its security software was intended to offer only "baseline" performance"."

9 of 149 comments (clear)

  1. In other news by NoNonAlphaCharsHere · · Score: 5, Funny

    Microsoft Windows hosts 99.999% of malware.

  2. Actual Reports by mythosaz · · Score: 5, Informative

    http://dennistechnologylabs.com/reports/s/a-m/2013/DTL_2013_Q4_Home.1.pdf

    1. Re:Actual Reports by mythosaz · · Score: 5, Insightful

      7.2 Threat selection
      The malicious web links (URLs) used in the tests
      were not provided by any anti-malware vendor.
      They were picked from lists generated by Dennis
      Technology Labs’ own malicious site detection
      system, which uses popular search engine
      keywords submitted to Google. It analyses sites
      that are returned in the search results from a
      number of search engines and adds them to a
      database of malicious websites.
      In all cases, a control system (Verification Target
      System - VTS) was used to confirm that the URLs
      linked to actively malicious sites.
      Malicious URLs and files are not shared with any
      vendors during the testing process.

      In other words, you get to take his word for it, and we don't know what failed or why.

    2. Re:Actual Reports by LordLimecat · · Score: 5, Insightful

      CryptoLocker has showed that to be the case.

      Having been on a team that dealt with cryptolocker, I can say that you are not correct.

      Cryptolocker often is sent as malicious executables contained in zip file email attachments, which could target Linux or OSX or AIX just as easily.

      you tend to be screwed no matter how good the AV program is,

      If the virus is in usermode, the AV can easily remove it no matter what measures it takes, since the AV runs with root privileges. If the virus has root, it depends on what virus and what AV and how recent each is.

      The whole premise of "Windows gets viruses because its insecure" is such an absurd myth thats been disproved so many times that its astonishing that people still make such a stupid claim. Go look up Pwn2Own, and see how vulnerable your *nix systems can be when theres a sufficient incentive to break in. Go look up the cross-platform PDF Proof of concept. Check the stats on what type of exploits are used for the majority of malware (OS / third party /browser plugin); I think you'll find that OS-level exploits are quite uncommon these days compared with the others.

      ...[2]....

      Viruses dont do that because there is no financial gain whatsoever to killing a Bitlocker volume.

  3. Bullshit by TheRealMindChild · · Score: 5, Interesting

    Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used

    I call bullshit. This seems like a paid advertisement to me. The only reason they used a few undetected ones was because no one would believe anything hit 100%

    --

    "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    1. Re:Bullshit by Anonymous Coward · · Score: 5, Funny

      Norton failed to detect itself. That's why it only got 99%.

  4. Re:Bullshit February 2013 DennisTech by retroworks · · Score: 5, Informative

    http://www.geek.com/microsoft/microsoft-security-essentials-strikes-out-on-questionable-av-test-1538990/ Geek.com outed this testing firm last Friday for A) running MSE without applied windows updates, and B) accepting sponsorship from tested softwares.

    --
    Gently reply
  5. Sounds about right by Sycraft-fu · · Score: 5, Insightful

    If you look at AV Comparitives, who seem to do pretty good testing, MSE is about 90%. That's quite low (though there are commercial apps that are worse) but the tradeoff is zero false positives on essentially every test.

    It's certainly not what you get if you want highest security, but it does a reasonably good job, and doesn't generate false positives, which can piss off newbie users and make them want the AV scanner off. It also updates definitions via Windows Update, if its internal updater has an issue, which is nice for people who won't mind after their AV software.

    It's not what I use, but it isn't a bad baseline. I'd sure as hell use it rather than Norton :P.

  6. Sponsored? by dcooper_db9 · · Score: 5, Insightful

    From page 19 of the report:

    What is the difference between a vendor and a partner vendor?

    Partner vendors contribute financially to the test in return for a preview of the results, an opportunity to challenge results before publication and the right to use award logos in marketing material. Other participants first see the results on the day of publication and may not use award logos for any purpose.

    Do you share samples with the vendors?

    Partner vendors are able to download all samples from us after the test is complete. Other vendors may request a subset of the threats that compromised their products in order for them to verify our results. The same applies to client-side logs, including the network capture files. There is a small administration fee for the provision of this service.

    --
    I do not block ads. I do block third party scripts.