Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Fails Antivirus Certification Test (Again), Challenges the Results

timothy posted about 2 years ago | from the but-we-wrote-the-virus-too dept.

Businesses 228

redletterdave writes "For the second time in a row, Microsoft's Security Essentials failed to earn certification from AV-Test, the independent German testing lab best known for evaluating the effectiveness of antivirus software. Out of 25 different security programs tested by AV-Test, including software from McAfee, Norman, Kaspersky, and others, Microsoft's Security Essentials was just one out of three that failed to gain certification. These results are noteworthy because Microsoft Security Essentials is currently (as of December) the most popular security suite in North America and the world."

Sorry! There are no comments related to the filter you selected.

This is why (5, Insightful)

LordLimecat (1103839) | about 2 years ago | (#42621237)

For anyone who didnt get why bundling MSSE with Win8 was a terrible idea, this is it. I guarentee it is now the very first thing malware authors test against prior to release, and the number one target for circumvension. Previously McAfee and Norton were heavily targetted for circumvention, and had correspondingly bad scores; now its MSSEs turn.

Really, its eerie how perfectly the timing corresponds with Win8's release.

Hooray monoculture! Hooray killing off a previously viable AV option!

Re:This is why (-1, Troll)

Anonymous Coward | about 2 years ago | (#42621265)

Yeah what a bunch of nigger shit.

Re:This is why (5, Insightful)

bmo (77928) | about 2 years ago | (#42621347)

So whatever next comes out on top for market share will be the target. So what?

You don't even need to have the top 10 virus scanners installed even locally, there are websites that will happilly test your particular malware against the top 10 for you, automagically.

I don't see the point of your message, honestly.

--
BMO

Re:This is why (5, Insightful)

LordLimecat (1103839) | about 2 years ago | (#42621407)

The point is that MSSE was basically the best AV because it has no financial interest in bugging the user to upgrade to a pro version or to use scare tactics. Now that MSSE is out of the race, we're back to "OK" avs with complicated interfaces and upgrade prompts all over the place.

Users tended to love MSSE because it shut up and did its job, unlike most of the alternatives.

Re:This is why (2, Insightful)

mark-t (151149) | about 2 years ago | (#42621543)

Except, I think, that the point of the article is that MSSE *WASN'T* doing its job.

Or at least not doing it well.

Re:This is why (0)

Anonymous Coward | about 2 years ago | (#42621583)

Except, I think, that the point of the article is that MSSE *WASN'T* doing its job.

Or at least not doing it well.

I don't think you actually read the article, did you? Naturally this Slashdot "write-up" is sensationalist.

Re:This is why (-1)

NoNonAlphaCharsHere (2201864) | about 2 years ago | (#42621821)

What part of "failed" wasn't clear?

Re:This is why (0)

Sir_Sri (199544) | about 2 years ago | (#42621597)

No, it *was* it just isn't anymore. Maybe that means it hasn't been doing a great job for a few months or the like, but certainly for a couple of years it was the way to go.

And it's still a good idea. Even if it's only the bad (or old) viruses being caught, it's still better than nothing, or something that users can't figure out and don't keep up to date which would be equally bad.

Re:This is why (0)

mark-t (151149) | about 2 years ago | (#42621769)

Did I somehow imply with my use of "wasn't", that I was implying never? Is there some form of past tense that is specific to the recent past only? Because I only know of the one.

Re:This is why (5, Informative)

Luckyo (1726890) | about 2 years ago | (#42621859)

MSSE does its job, and does it well. The main point where it "fails" is detecting zero day stuff or stuff that is rarely or never detected outside the labs.

Zero day stuff is detected with heuristics. Heuristics are the main cause for massive amount of false positives. MSSE has it set to low on purpose - to minimize constant "I've detected something that sorta, kinda, might possibly, maybe, be something that remotely resembles a virus" that many other AV suites tend to get.

So unless you're being actively targeted by zero day virii (and these tend to be costly, so private person is highly unlikely to be a target), MSSE is probably the best option on the market. It's free, it doesn't have overly right heuristics engine telling you that compressed executables are potential viruses, it's fast because it doesn't do those intensive heuristics scans.

And it detects most non-zero day stuff just fine.

And that's the reality of it. If you're a company, or a person in need of some extra chance of detecting zero day threats at expense of significant loss of system resources as well as dealing with false positives, you should look elsewhere. If you're just a home user with sane security policy, MSSE is likely the best choice for you.

I strongly recommend you read microsoft's answer. It's very through in why the entire "certification" is basically yet another attempt to scare people into buying anti-malware suite.

Below are the main bullet points of MS's answer in addition to factor mentioned above:

      1. AV-Test reports on samples hit/missed by category. We report (and prioritize our work) based on customer impact.
      2. AV-Test's test results indicate that our products detected 72 percent of all "0-day malware" using a sample size of 100 pieces of malware. We know from telemetry from hundreds of millions of systems around the world that 99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test.
      3. AV-Test's test results indicate that our products missed 9 percent of "recent malware" using a sample size of 216,000 pieces of malware. We know from telemetry that 94 percent of these missed malware samples were never encountered by any of our customers.

"virii" is not a fucking word, moron. (0, Flamebait)

Anonymous Coward | about 2 years ago | (#42621997)

"virii" is not a fucking word, moron.

Re:This is why (5, Informative)

icebike (68054) | about 2 years ago | (#42621565)

The point is that MSSE was basically the best AV because it has no financial interest in bugging the user to upgrade to a pro version or to use scare tactics. Now that MSSE is out of the race, we're back to "OK" avs with complicated interfaces and upgrade prompts all over the place.

Users tended to love MSSE because it shut up and did its job, unlike most of the alternatives.

If you read Microsoft's response, they are concentrating on anything that exists in the wild, not absolutely everything in the world.
I rune MSSE and also do a weekly scan with another paid virus scanner, and neither has detected anything that the other missed, other than
Avira has found several false positives.

Re:This is why (1)

Anonymous Coward | about 2 years ago | (#42621359)

Hooray monoculture! Hooray killing off a previously viable AV option!

As long as the popularity of that monoculture reduces the ROI of targeting my Linux distro with malware to nothing, I'm happy for others to embrace it wholeheartedly.
Oh, and sucks to be them.

Re:This is why (0)

Anonymous Coward | about 2 years ago | (#42621375)

As long as the popularity of that monoculture reduces the ROI of targeting my Linux distro with malware to nothing

linux doesn't have the masses of stupid users that windows does. that is the very biggest security hole in the world - dumb, ignorant, uninformed users who can't be bothered to do a little reading.

Re:This is why (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#42621459)

And with your shitty, sarcastic attitude you can be assured to keep your little clubhouse all to your self.

Year of the Linux Desktop my ass. You fucktards won't ever get even close to 1% adoption rate.

Re:This is why (1)

mark-t (151149) | about 2 years ago | (#42621575)

...won't ever get even close to 1% adoption rate.

0.8% is pretty close to 1%. Just FYI. If you had said 2 or 3%, then yeah... you'd probably have been more accurate.

Re:This is why (0)

Anonymous Coward | about 2 years ago | (#42621469)

Sure.

That and decades of really shitty security practices.

Re:This is why (-1)

Anonymous Coward | about 2 years ago | (#42621567)

Linux has masses of stupid users; they are just stupid in different ways.

Re:This is why (5, Interesting)

smpoole7 (1467717) | about 2 years ago | (#42621367)

I'm anything but a Microsoft lover, but I have to defend them.

About a million years ago, back during the DOS era, a friend and I wrote an anti-virus suite (the ARF Antivirus, maybe you can still find it online, though I don't recommend that you use it!). It was quite effective; we used the file integrity approach, and stored the integrity information in the files themselves. (We were up front about it; some people don't like that, so we said, hey, you don't like it, just don't use our stuff. No hard feelings.)

Ergo, I think I can at least offer an opinion that's slightly above drooling moron status.

One of my biggest complaints about AV tests is that they're unrealistic. This has been years ago, now, so maybe it has changed, but back then, the folks who did the testing were arrogant and very hard to deal with. Your software had to produce a .TXT log file; it had to do this, it had to do that, or they would just fail it outright.

Once you made them happy, then they tested it against every virus they could find, including some that WERE NOT (and never would be) in the wild.

Bottom line, and to make a long story short: the people who were writing AV software back then were writing it for these tests, and not for the real world. I don't know if that's the case nowadays; I just don't know. (For that matter, maybe Microsoft's stuff really does suck. Given how badly their stuff worked back in the DOS era, it wouldn't surprise me. But I just don't know.)

But fair is fair. I ran from that circus after about a year of endless arguments with the pompous egotists in Compuserve's Anti Virus forum. I don't know if it's still that way, but I haven't used anyone else's anti virus stuff in years (I protect my stuff a different way, primarily by using secured Linux with good backups, and with periodic integrity checks).

Re:This is why (4, Funny)

smpoole7 (1467717) | about 2 years ago | (#42621449)

Proof that I'm an old timer: my used of the term "anti virus." It's not called that nowadays. It's Malware Detection, Security Software and Shields and Bad Guy Blockers(tm). I must update my terminology and get with the times. :)

Re:This is why (0)

Anonymous Coward | about 2 years ago | (#42621655)

Because it's not just viruses that threaten us, and it's not just viruses that the aforementioned software fights off any more. Makes sense to upgrade the terminology. I like Bad Guy Blockers(tm). Has a badass vibe to it, like a maverick cop TV series.

Re:This is why (4, Funny)

sa1lnr (669048) | about 2 years ago | (#42621723)

"Compuserve"

That was the proof for me. :)

Re:This is why (2)

Luckyo (1726890) | about 2 years ago | (#42621875)

Actually, you just summarized microsoft's answer there. They even provide accurate numbers to back up your point along with making your point.

Re:This is why (1)

morcego (260031) | about 2 years ago | (#42621377)

I guarantee it is now the very first thing malware authors test against prior to release, and the number one target for circumvention.

That is a good thing, as far as I'm concerned. Forces the company to improve its products.

We don't need more security through obscurity.

Re:This is why (1)

LordLimecat (1103839) | about 2 years ago | (#42621429)

It wont matter is MS improves, before the new daily compile of TDSS or whatever malware is released, it will be scanned with latest MSSE defs and heuristics. The malware will then be tweaked to get around it.

This isnt new, whats new is that whereas before the malware author had to try to bypass 5-10 different heuristics and defs lists, now it goes for one and hits 80% of the market.

Re:This is why (4, Insightful)

Sir_Sri (199544) | about 2 years ago | (#42621621)

At least with MSSE it will silently update, millions of users running security software that isn't up to date isn't doing them any favours either.

Re:This is why (1)

GigaplexNZ (1233886) | about 2 years ago | (#42621783)

It doesn't silently update for me. I checked to see what Windows Updates were available on my Win 8 machine the other day (Win 8 no longer has the nagging system tray, there's just a small bit of text on the login screen and I don't log out often) and there were definition updates that were over 2 weeks old.

Re:This is why (5, Insightful)

Anonymous Coward | about 2 years ago | (#42621391)

For anyone who didnt get why bundling MSSE with Win8 was a terrible idea, this is it. I guarentee it is now the very first thing malware authors test against prior to release, and the number one target for circumvension. Previously McAfee and Norton were heavily targetted for circumvention, and had correspondingly bad scores; now its MSSEs turn.

Really, its eerie how perfectly the timing corresponds with Win8's release.

Hooray monoculture! Hooray killing off a previously viable AV option!

I'm sorry...but the main reason MSSE was successful in gaining marketshare wasn't simply a matter of it having microsoft's branding... it was the least obtrusive, most user-transparent, comparatively fast, full-featured and free. For years, AV/security companies have been churning out new products with more, heavy, useless "features" that just create more bloat....some of them even add entirely programs that the user gets to install and have *always* running in the background.

People want security, but they don't want security at the expense of obscene performance losses. This is where the popular AV/security companies should have taken notice and met customer demands...rather than trying to bundle all this "value" shit and obtuse flashy menu and window designs. Lots of quality products typically end up as bloatware when they increase in popularity (i.e., AVG, AVAST).

With MSSE, Microsoft gave people an acceptable level of protection with none of the baggage that its competitors were plagued with.

Re:This is why (0)

LordLimecat (1103839) | about 2 years ago | (#42621437)

That was my point, but its now irrelevant as MS has just made their own software useless. What idiot would release a virus that gets caught by the built in AV of its target OS?

Re:This is why (2, Insightful)

Anonymous Coward | about 2 years ago | (#42621629)

That was my point, but its now irrelevant as MS has just made their own software useless. What idiot would release a virus that gets caught by the built in AV of its target OS?

An idiot with an up to date system who knows most people aren't up to day? Was that a trick question?

Re:This is why (0)

Anonymous Coward | about 2 years ago | (#42621505)

Perfect post...and explains why I use MSSE on my windows boxen.

Now someone crack the whip to get Balmer's Boys to clean up the litter box!

fs (1)

Anonymous Coward | about 2 years ago | (#42621239)

GROW UP >> "in North America and the world"

Popularity (0)

Anonymous Coward | about 2 years ago | (#42621241)

It's likely one of the most popular due to:

Free
Least amount of bloatware

Norman? Norton! (0, Funny)

Anonymous Coward | about 2 years ago | (#42621245)

WTF editors.

Re:Norman? Norton! (2)

amicusNYCL (1538833) | about 2 years ago | (#42621279)

Norman [norman.com]

Re:Norman? Norton! (1)

slashmydots (2189826) | about 2 years ago | (#42621335)

I bullshit you not, there's a Norman: Security Suite Pro 9.0. I seriously doubt that's what they meant to type though, given the context.

Re:Norman? Norton! (2)

morcego (260031) | about 2 years ago | (#42621403)

Actually, considering they are mentioning company names, and not products, I'm sure they meant Norman. "Norton" is the name of the product by Symantec, and Norman is listed on the tests.

Re:Norman? Norton! (4, Funny)

Intropy (2009018) | about 2 years ago | (#42621415)

Saxon AV has always been better.

Re:Norman? Norton! (2)

Nyder (754090) | about 2 years ago | (#42621427)

I bullshit you not, there's a Norman: Security Suite Pro 9.0. I seriously doubt that's what they meant to type though, given the context.

Actually both Norman (it's real) and Norton passed. http://www.av-test.org/en/tests/home-user/windows-7/novdec-2012/ [av-test.org]

SRS BIDNESS (-1)

Anonymous Coward | about 2 years ago | (#42621257)

“We conduct a rigorous review of the results whenever test results warrant it,” wrote Joe Blackbird, program manager at Microsoft’s Malware Protection Center. “We take the protection of our customers very seriously, and the investments we make to do these reviews is an example of that commitment.

“Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test. In addition, 94 percent of the malware samples not detected during the test didn't impact our customers.”

So what he's really saying is: "We take the protection of 99.9967% our customers very seriously." (??)

Re:SRS BIDNESS (0)

Anonymous Coward | about 2 years ago | (#42621877)

To be honest, 99.9967% isn't very bad at all. It's pretty close to the golden "five nines."

Lemmings.. (2)

freeweaver (2548146) | about 2 years ago | (#42621259)

When people have invested time and money into learning and deploying a technology, there is no argument, no matter how rational, that will persuade them to use something different.

It's a very sad state of affairs.

Re:Lemmings.. (0)

Anonymous Coward | about 2 years ago | (#42621881)

It's called investment. Both in time and money.
If you spent time and money developing something and then just scrap the whole idea, it is 100% waste and if you never use it you have 0 chance to make it make the money back.
Obviously something that doesn't do the job properly shouldn't be used...but this is business we're talking about :)

Re:Lemmings.. (0)

Anonymous Coward | about 2 years ago | (#42621955)

I only use it to placate the bosses. It doesn't have to work. I don't get viruses in the first place.

Popularity (2, Insightful)

girlintraining (1395911) | about 2 years ago | (#42621287)

Popularity shouldn't be based on the number of installs, but the number of people who use it, and how often they use it. Microsoft has more or less forced people to install Microsoft Security Essentials, so I don't think it's a fair comparison at all. I don't use it, but it's there and Windows Update gets psychotic with errors and alerts if it's uninstalled. More so than if it's not "genuine" even!

That site is BS (5, Insightful)

slashmydots (2189826) | about 2 years ago | (#42621295)

MSSE sucks, okay. That aside, AV-TEST is a fucking joke. Their top three products on their site are the worst overall products I've ever seen. Yes, they detect viruses. They also slow your system to a crawl, have awful user interfaces, are terribly priced, have bad scanning options, slow scanning engines, have false positives like crazy, and and generally terrible. They apparently didn't take much if any of THAT into consideration unfortunately. Obviously the tests were tailored towards certain products so the whole site is a giant joke/advertisement.

Re:That site is BS (0)

Anonymous Coward | about 2 years ago | (#42621487)

If performance is your priority then don't use A/V.

Shade of gray (4, Insightful)

alexo (9335) | about 2 years ago | (#42621555)

If performance is your priority then don't use A/V.

How about: "If security is your priority then keep your computer powered off."

Obviously there are various trade-offs between these two extremes.

Power Off? (4, Funny)

raftpeople (844215) | about 2 years ago | (#42621867)

I take it a step further. I carry around a "1" and a "0" in my pocket.

If I need to compute something I pull them out and get to work.

Re:That site is BS (3, Interesting)

AHuxley (892839) | about 2 years ago | (#42621501)

Well based on clicking the 31 producers on http://www.av-test.org/en/tests/home-user/ [av-test.org]
Reading the 2012/2013 results for Protection only:
BitDefender
F-Secure
Trend Micro
Get 6 out of 6.

Re:That site is BS (3, Informative)

LordLimecat (1103839) | about 2 years ago | (#42621513)

They actually do test for performance under the usability category, and their results (bitdefender as top pick) matches the results from the well respected AV Comparatives, and the rest of their results arent much different-- those top 3 you mention are all AV Comparatives top picks ( http://www.av-comparatives.org/images/docs/avc_sum_201212_en.pdf [av-comparatives.org] )

Might have been nice if you actually did some research before spouting off.

Re:That site is BS (1)

rjr162 (69736) | about 2 years ago | (#42621551)

I find it odd lavasoft shows a higher score than kerpasky for the home windows 7 group... yet their 3 (or 4 if you include useability) shows kerpasky being much better than lavasoft

North America and the world? (1)

Scorpyn (1352523) | about 2 years ago | (#42621307)

Since when is North America not part of the rest of the world?

Re:North America and the world? (0)

Anonymous Coward | about 2 years ago | (#42621379)

Since when is North America not part of the rest of the world?

You're not the only person posting here who can't seem to parse that sentence, so I'd say it could have been better written. What they mean is:

Microsoft Security Essentials is the most popular security suite in North America and also in the world.

Re:North America and the world? (4, Informative)

ohnocitizen (1951674) | about 2 years ago | (#42621397)

A piece of software might be #1 in one market (the US), #1 overall (the world), but not #1 in other markets (like Europe, Japan, or South Africa).

Re:North America and the world? (2)

AaronLS (1804210) | about 2 years ago | (#42621409)

That is not what it is saying at all. It is a compound sentence that is stating two things:

1) It is the most popular security suite in North America.
2) It is the most popular security suite in the world.

These things are not mutual, so it makes sense to state both. It could be the most popular in the N America, but some other AV product in China could be even more popular and hold the rank of "most popular in the World". Now I'm sure some people would say why then doesn't it fairly list off dozens of other countries, etc. I'm not going to get into all that.

Sigh.

Re:North America and the world? (0)

Anonymous Coward | about 2 years ago | (#42621413)

There is a slight difference in meaning. There are several products that might be the most popular in the world but not in North America. I think the Sega Genesis was like that. Most popular in the world but Nintendo was most the popular in the North America. So saying 'most popular in the world' is not the same as 'most popular in North American and the world'. Since Slashdot is U.S. centric this is a more useful way to say it than just 'most popular in the world'

Re:North America and the world? (0)

Anonymous Coward | about 2 years ago | (#42621417)

When looking at technology, statistics inside North America have a tendency to be different than every other part of the country. Things like the popularity of Macs, iphones, Symbian Mobile Devices, Blackberry usage, Linux Desktop usage, ect. More often than not there is a strong correlation, but I think here they were just emphasising that point.

Like if you're normally a great student, but get a bad grade it would be proper to say something like " Scorpyn and the entire class failed the math test" That isn't meant to imply that you are not part of the class, but that both categories ( you, and everyone including you) failed.

Re:North America and the world? (2)

LordLimecat (1103839) | about 2 years ago | (#42621457)

We seceded, because we were tired of having to put up with everyone elses crap.

North America AND the world? (0)

Anonymous Coward | about 2 years ago | (#42621309)

Microsoft Security Essentials is currently (as of December) the most popular security suite in North America and the world.

Sorry to nitpick, but seriously? Did it REALLY need to be specified that it's the most popular in North America AND the world?

They DO realize that North America is part of the planet, right?

Re:North America AND the world? (1)

Anonymous Coward | about 2 years ago | (#42621425)

They DO realize that North America is part of the planet, right?

Sad, but true.

North America AND the world? Yes. (4, Informative)

DragonWriter (970822) | about 2 years ago | (#42621439)

Did it REALLY need to be specified that it's the most popular in North America AND the world?

Yes.

They DO realize that North America is part of the planet, right?

And yet, its quite possible for something to be the most popular in North America but not the most popular in the world, or vice versa. So, inasmuch as both "North America" and "the world" are interesting scopes of analysis, it is meaningful to identify that MSSE is the most popular in each of those scopes.

Re:North America AND the world? (0)

Anonymous Coward | about 2 years ago | (#42621443)

Face it. If they'd said "In the world", you'd be wondering about whether China's piracy rate (or something) was artificially inflating it. If they'd said "In North America" you'd be up in arms for forgetting the EU. The way it was written clearly shows that this suite is the most popular security suite in North America. Also, this suite is the most popular security suite in the world.

I'm rarely one to defend wording on /., but you guys are making a mountain out of a molehill.

Re:North America AND the world? (2)

AaronLS (1804210) | about 2 years ago | (#42621455)

What if 100,000 people used in the North America, and that is more than any other AV product in North America, but in China 5,000,000 use Chinese National AV Protection service(I made the name up) and no one uses MSSE outside of N America. So then MSSE wouldn't hold the title of "in the world" now would it?

So they are stating:
1) It is the most popular security suite in North America.
2) It is the most popular security suite in the world.

These things are not mutual, so it makes sense to state both. They are independent, and one does not imply the other.

There's only one thing worse than a grammar Nazi, and that's a grammar Nazi that doesn't know grammar.

Who cares (0)

Anonymous Coward | about 2 years ago | (#42621327)

I don't even recommend to use any other AV because they mostly scare users, keeps reminding them that antivirus is updated, might be out of date and do another annoying stuff.

Classic (2)

YodasEvilTwin (2014446) | about 2 years ago | (#42621349)

This is always the problem with testing AV software in a lab -- it's barely indicative of anything in the real world, and you can't truly test in the real world due to having no idea what you've missed (unless you go back and search as MS apparently did in this case).

So the question is whether Microsoft's reponse is correct or FUD. Did they perform better in the real world than on this test? Do they perform better in the real world compared to competitors who did well on the test? Those are super hard questions to answer.

I use MSE in large part because it's really lightweight. Norton is a pig and AVG never failed to fuck itself up on my system. And so far I've had no malware issues, so I'm inclined to believe them here even those my experience is anecdotal.

Re:Classic (1)

David_Hart (1184661) | about 2 years ago | (#42621527)

I use MSE in large part because it's really lightweight. Norton is a pig and AVG never failed to fuck itself up on my system. And so far I've had no malware issues, so I'm inclined to believe them here even those my experience is anecdotal.

I used McAfee for the last 10 years, which tends to be a hog as well, but did a good job at protecting my system.

When I recently built my new Windows 8 system I considered using MSE, but the problem is that I still don't fully trust it. I did some research and decided to go with Avast! So far, I find it to be very lightweight and was happy to find that they also have a mobile Android version.

Re:Classic (0)

Anonymous Coward | about 2 years ago | (#42621677)

I used a rock in my pocket for the last 10 years, which tends to be considered unorthodox, but did a good job at protecting my system. Honestly, I have never had one good reason to put A/V on my computer. I know what I'm doing. I know when I'm screwed. I backup. I limit my own access. I have one computer in particular that I use for unsafe browsing. Nothing is saved on it so a refresh is easy. Seriously, what are people running that this is really a problem. I hear about drive-by website downloading stuff. What, do they have every plug-in and active-x set to accept anything?

"Independent" (2, Insightful)

Anonymous Coward | about 2 years ago | (#42621351)

I doubt this company tests all those AV suites out of the kindess of their own heart. A "test" commissioned by the for-profit AV industry is going to show their products in a favorable light. (Or you'll never see it published)

AV at this point is damn near snake oil. Well, at least anything beyond the coverage that MSE provides.It keeps old threats from spreading, which is good. It's damn foolish to be hit by a 2 year old virus. In the enterprise/buisness having an AV suite is just PR move. A CYA to show that you put a token of effort in to protecting your systems. (Hey! We had an AV suite. It's not our fault our network is riddled with worms)

But the real threat is still the new stuff. The bad guys still do quite well for themselves even if they have to write a new virus every few weeks. Who gives a wet fart about how well your signature based AV suite (which the all are) does against zero day threats? Nobody. Because it's impossible for a signature based AV suite to offer any kind of effective defense against unknown threats.

Return fire! (5, Informative)

slashmydots (2189826) | about 2 years ago | (#42621357)

Aaaaaand AV-TEST responded already:
http://www.theregister.co.uk/2013/01/17/avtest_microsoft_test_dispute/ [theregister.co.uk]

Re:Return fire! (4, Informative)

Frosty Piss (770223) | about 2 years ago | (#42621451)

An interesting part of the El Reg story:

The AV-Test results show that Microsoft's twin security programs protected against 100 per cent of known threats, as did every other security suite. The two packages produce low rates of false positives in comparison to the competition and are significantly lighter on processor load during operations.

But where Redmond is falling down is in protecting against zero-day attacks. Security Essentials and Forefront both scored last in this regard among all the suites tested, getting 78 per cent of zero-days apiece. Blackbird said that AV-Test attached too much importance to the zero-day threat in its metrics, since that section of the testing accounts for 50 per cent of the final score, but Marx argued that zero-day performance was crucial to real-world threats.

Re:Return fire! (3, Insightful)

TheLink (130905) | about 2 years ago | (#42621641)

But how do they test for effectiveness against zero-day attacks? Where do they get the zero-days from? If I'm a virus author I'd test my zero day with one of those websites ( http://www.makeuseof.com/tag/7-reliable-sites-quick-free-anti-virus-scan/ [makeuseof.com] ) that scan for viruses with practically all the AV software in the market.

So the zero day when finally released will NOT be detected by ANY of them!

Maybe what an AV vendor could do is secretly work with these AV websites to detect suspicious activity..

Re:Return fire! (4, Insightful)

Luckyo (1726890) | about 2 years ago | (#42621919)

Heuristics. Basically AV vendors set their software to look for something, anything that could be judged as "virus like" and flag it.

As a result, tester's top AV software picks are also top picks in hogging system resources, and tend to produce ridiculous amounts of false positives. Because that's what massively overly tight settings on heuristics engine will do. But AV vendors sell FEAR first and foremost. The more "scary stuff" their AV finds, the more likely user will think "oh this AV just saved me from losing my bank account!" and buy more.

MSSE has worst success in zero day detection because their heuristics engine is one of the more sane ones on the market. It's light on resources and rarely (in comparison to the top picks of that tests) produces false positives. As a result, it also has a higher chance of missing zero day stuff that might have been detected by extremely aggressive heuristics scanner.

Re:Return fire! (1)

stymy (1223496) | about 2 years ago | (#42621751)

There seems to be an obvious reason for why MSE has a low detection rate for zero days. It has a very low false positive rate (I've yet to get one, while I've had several with other anti virus programs) but that comes with a lower rate of detection for malware that's unknown to it.

Re:Return fire! (3, Informative)

Skuld-Chan (302449) | about 2 years ago | (#42621999)

Real World (TM) experience here - we use McAfee in our enterprise (happens to be a university) and if I had a dollar for every zero-day Virus that goes completely unchecked by McAfee I could quit my day job. McAfee went weeks on the Mac before it could even detect Flackback - as a good example.

Virus scanners only catch low hanging fruit - I wouldn't count on them for detecting zero-day attacks and vulnerabilities - because they don't work.

Re:Return fire! (1)

AHuxley (892839) | about 2 years ago | (#42621599)

Ty, interesting comments.
You can get amazing results with a database of older, known threats.
Or you can work very hard and offer products that try to protect against zero-day malware.

Like I said... (-1, Troll)

icannotthinkofaname (1480543) | about 2 years ago | (#42621399)

With the right spin, this is what I believed from the beginning about Microsoft Security Essentials. If the company can't even write a decent, secure operating system to begin with, why should we trust them to write decent dedicated antivirus software? What reason could we as a population of computer users have for having any confidence in this product? Of course it should be a relatively terrible at protecting a user's computer from viruses, because it comes from the same company who has that sort of track record with viruses in the OS to begin with (that is, the same reason why antivirus software is pushed onto users in the first place).

To believe that Microsoft Security Essentials is any good at what it is ostensibly meant to do is to believe that Microsoft is good at detecting and clearing viruses from users' systems, but to believe this is to hold a contradiction to every observation made of various versions of the Windows operating system.

Re:Like I said... (0)

Anonymous Coward | about 2 years ago | (#42621605)

Let me know once you've successfully installed Norton OS 5.0, AVG OS 3.2 or even AVAST! OS 13.5...

My response in 3 words (0, Troll)

s.petry (762400) | about 2 years ago | (#42621405)

Ha Ha Ha!

Does anyone else remember Microsoft DOS 6 with AV built in? It was defeated by every virus writer imaginable before it was released. Hell, even VCL (virus creation lab) had it circumvented before released.

Okay, but seriously. If anyone trusts a company with a known history of abuses to audit and secure themselves, PT Barnum had you pegged.

Re:My response in 3 words (1)

yuhong (1378501) | about 2 years ago | (#42621983)

Of course, DOS 6 is almost 20 years old now. And AFAIK, this was licensed from Central Point, which continued to provide definition updates until 1996 or so.

Correct you if you're wrong, but... (5, Interesting)

VortexCortex (1117377) | about 2 years ago | (#42621471)

So long as you keep your software updated then there's not really much of a point other than the chance you'll spread an infected file onward without being infected yourself.

Think. No, that's not good enough, think some more: Viruses (we are explicitly talking viruses here, says "Antivirus" right in the test and headline) exploit unpatched vulnerabilities (mistakes) in software. Patched software is immune to the prior vulnerabilities, so AV won't "protect" you from things you're immune to. It also won't protect you from viruses with signatures that it doesn't know about. So, What's the point of wasting all those CPU cycles scanning? Oh, maybe you got infected and it could remove it later? WRONG. Viruses actually mutate, say a malware author snags a virus, they reverse engineer how the payload is delivered and they change the payload to theirs and send it on its way -- The malware can even install other malware once it gets running. So, the (automated) removal options/instructions are probably not complete if the code has ever had a chance to run before. Ah, so now you may be thinking that it's exactly the reason why you'd waste CPU time on an AV scan, to detect infection so at least you'll know -- Except that's just silly. Think. If you were a spy and I asked you if you were a spy then would you say yes? An AV running in an infected machine can not reliably determine the state of the infected machine. AV: "Any Viruses here" Virus: "Nope!"

Often times I'll get people telling me, no matter which AV product they're using, that their machine is working strange, slower, showing adverts and wrong websites, and their AV will be chugging along saying everything is fine. You get more reliable warning from the malware itself! "You may have been Infected with 2042 viruses!" the scareware will prompt every boot, while Norton, or McAfee, or AVG, or ANY AV product I run across the infected machine says the coast is clear. You can't "remove" malware -- Nuke it from orbit, and re-install, it's the only way to be sure.

Look, people, hardware supports virtualization now. If you're NOT running your Windows boxen in a VM, then you're not concerned enough about security to benefit from an anti-virus anyway. Boot from a known clean state, maybe even a LiveCD/USB then do your virus scanning from there if you want to be able to detect anything with any degree of certainty, and even then it's questionable. If your data partition is separate from your (virtual) OS partitions then you can just always run (or restore) from a known good snapshot, and install updates to the known good snapshots, then make another snapshot before you do anything else.

I'm no Microsoft apologist, I don't have to worry about such things as much anymore because I use an OS that gets the patches out much faster than MS does, but I can certainly see where the people who understand the issues in Microsoft might realize that Antivirus isn't really the right option anyway, it's just a waste of time and there are other better solutions... Windows Steady State (or whatever it's called now), for example.

"Insanity: doing the same thing over and over again and expecting different results."
"The significant problems we face can not be solved at the same level of thinking we were at when we created them."
- Albert Einstein

Re:Correct you if you're wrong, but... (1)

phantomfive (622387) | about 2 years ago | (#42621571)

Yeap, if you care about security, virus protection is a joke.

Re:Correct you if you're wrong, but... (1)

futhermocker (2667575) | about 2 years ago | (#42621665)

You are right on most parts. But not all viruses need a bug to be effective. Think ransomware, which might start encrypting your files.That is why a decent AV also has a heuritics engine, to detect unusual behavior based on known tricks and assumptions.

Re:Correct you if you're wrong, but... (1)

AaronLS (1804210) | about 2 years ago | (#42621705)

If I am to understand that you are saying antivirus is pointless, then I disagree. I do agree with some of your points on other ways to mitigate risks. However, VM is not viable for majority of users because VMs haven't mastered the pass through needed for some important hardware. It is also a conceptual layer of abstraction that many lay users will find too confusing. Eventually everything they have is installed in the VM. You can't expect them to constantly make good decisions about how to separate programs into separate VMs They get a virus, and their VM is toast, well they used the VM all the time, so that's about the same as loosing everything on their computer anyway. Besides, many applications are already using app level visualization to isolate threats and render them ineffective. Not only do malware writers have to find a vulnerability in the browser, they also have to find a vulnerability in the sandboxing. Hence, when a vulnerability is released, it has limited effectiveness without also a vulnerability that allows breaking out of the sandboxing. Trying to find both in the same time period that are unknown/unfixed is more challenging. Same reason why flash is sandboxed in chrome. Java plugin, unfortunately, is not sandboxed, and thus recent exploits are not limited by sandboxing in Chrome.

This goes to why it is probably more important that vulnerabilities be patched quickly and effectively and provide encouraging channels for early private disclosure of vulnerabilities.

"while Norton, or McAfee, or AVG, or ANY AV product I run across the infected machine says the coast is clear."
You got to the fire too late. The house is already burned down. You can't reasonably expect AV to find a virus after the fact. Hence the reason scanners are usually ineffective. This is why most AV has hooks(AKA realtime protection) into low level OS where every file access/execute is monitored, to prevent the malware from even being executed and infecting the system. Once it infects a system and gains enough access, it can take a wide variety of steps to hide itself from other processes, and then after-the-fact scans won't find it. However, most scareware I've encountered, isn't that sophisticated. They don't make money off longterm infections the way botnets do. They only need to go as far as getting on the system and hoping the user is stupid enough to buy the scareware when they start getting prompts/reboots. They don't make the effort to hide, because to any trained individual, it's obvious from the prompts that it is infected. Run malwarebytes to remove it, and they never have a problem again.

This is like saying we should abolish all laws because some laws do not stop crime 100% of the time. Heck, laws, which are supposed to prevent things far worse than a computer virus, probably don't have the success rate of MSSE.

Now I'm not making excuses for MSSE, I think protecting against 0-day threats is indeed important, and it is a very challenging problem indeed. There was a time when heuristic analysis was not part of AV products. You simply hoped that they would release an update fairly quickly, and the automatic updates would pick it up before the 0-day made it to you.

Kind of funny. (5, Funny)

plebeian (910665) | about 2 years ago | (#42621507)

Does anyone else think it is kind of funny that the Microsoft response is (to paraphrase); We did not detect any of the software they say we could not detect. That being said they may have a real point that their software is designed to detect real world threats and not proof of concepts that never leave the lab. Without more in depth analyses than I am willing to do, I can do little more than jump to conclusions based upon my own personal bias.

Re:Kind of funny. (2)

Todd Knarr (15451) | about 2 years ago | (#42621537)

Though, how often have we seen the statement "That's only a proof-of-concept, there's no need to worry about it because we haven't seen it in the wild." followed within weeks by announcements of that same malware appearing in the wild (and usually on a large scale)? I've long since filed "It's only a proof of concept." right alongside "What could possibly go wrong?" as a virtual guarantee that Murphy'll be visiting shortly.

Re:Kind of funny. (2)

v1 (525388) | about 2 years ago | (#42621615)

A substantial part of their score was for things that very specifically were not actively being exploited. They were testing the heuristics to see if it could identify "virus and malware-like behavior". You can't rely on software updates and AV definition updates to protect you from zero-day's, that's 100% on the head of your AV software to keep you safe from.

And MS fails miserably at protecting users from zero-days. They flunked, and they deserved to flunk. There's just too many new viruses and malware being developed every day to try to function on a blacklist-only basis. Some behaviors need to be whitelist only, and quite a few need to be greylisted with heuristics so that your system survives long enough for the new exploit to get added to tomorrow's definitions file.

Hardly matters..... (1)

Dega704 (1454673) | about 2 years ago | (#42621541)

Personally I think this is pretty much irrelevant. The antivirus model in general is extremely dated and innefective. I see infected machines left and right with every antivirus out there. I usually install Security Essentials simply because it is lightweight and has no leg-humping pop-ups every time you so much as scratch your nose. Otherwise the most effective protection is to remove every security hole-ridden piece of crapware and browser add-on that you don't use (yes that includes Java), install an ad-blocker, and don't be a freaking retard about what you click on and/or download. So long as people expect their antivirus to be a magic malware-blocking forcefield(and as long as the vendors continue advertising them as such), this problem will not get any better.

minor correction (0)

Anonymous Coward | about 2 years ago | (#42621547)

AV-Test’s review looks at three key areas of security software, including protection, reparability, and usability of the whole computer based on the software’s impact. Across those three areas, Microsoft Security Essentials scored a 1.5 out of 6 on protection against viruses and worms, a 3.0 out of 6 on a reparability scale, and a 5.5 out of 6 on the usability scale, where “lower values indicate better results.” This is incorrect, higher values indicate better results, otherwise this article would be about how great MSE is at detecting viruses and worms, but how no one uses it because the usability is awful.

From the AV-TEST test results [av-test.org] , it appears the issue with MSE doing poorly in this test is a poor score in protection against 0-day malware attacks (~70% vs an average of ~90% protected) and in detecting relatively newer malware "Detection of a representative set of malware discovered in the last 2-3 months" (~90% vs an average of ~97% detected). Although things like "representative sets" could potentially be used in a biased manner...

Glad we can trust these guys... (2)

Slyswede (945801) | about 2 years ago | (#42621619)

From the article:

“The other 94 percent of the samples don't represent what our customers encounter. When we explicitly looked for these files, we could not find them on our customers' machines.

Or in other words: "Thank you for installing the software necessary to allow us to browse through the contents of your computer when we feel like it and report any interesting findings back to us..."

All in good faith, of course.

Re:Glad we can trust these guys... (1)

Scorpyn (1352523) | about 2 years ago | (#42621681)

There are settings for whether they are allowed to check that though.

Re:Glad we can trust these guys... (2)

AaronLS (1804210) | about 2 years ago | (#42621727)

Exactly, there is a pretty explicit step that involves allowing them this access when setting up MSSE. It is the same thing they use to collect information on new threats and improve the software.

Not Certified? Norman vs Norton? (1)

DERoss (1919496) | about 2 years ago | (#42621675)

I went to the AV-Test Web site at http://www.av-test.org/en/home/ [av-test.org] . First of all, there is indeed a Norman Security Suite at http://safeground.norman.com/us/home_and_small_office [norman.com] . AV-Test listed Norton under Symantec. Yes, AV-Test evaluated both Norton and Norman.

For home users of Windows XP, Microsoft's Security Essentials has a AV-Test certified seal with a test date in August 2012. For corporate users of Windows XP, Microsoft's Forefront Endpoint Protection has a AV-Test certified seal with a test date also in August 2012. Neither product has the certified seal for Windows 8. But then how many corporate users have actually adopted Windows 8?

Besides AV-Test, there is also ICSA Labs at https://www.icsalabs.com/ [icsalabs.com] . ICSA Labs also reports on Norman.

ICSA Labs certifies Microsoft Security Essentials for home users of Windows XP and Microsoft Forefront Endpoint Protection for Windows 7 without any dates indicated. Apparently, ICSA has not certified any anti-virus applications for Windows 8.

I use AVG 2013 Free, which is certified by AV-Test but has not been evaluated by ICSA Labs since 2005 (many versions ago). I also prefer to go to the original sources of information on software -- AV-Test and ICSA Labs in this case -- not to news reports often written by reporters who might not understand the subject.

Too Bad (0)

epp_b (944299) | about 2 years ago | (#42621691)

Other than it's actual effectiveness, I guess, I really like MSE for its clean, no-nonsense UI -- as opposed to every other AV software maker has elected to use some batshit redarted-ass UI that changes on a daily basis because AV software is otherwise boring and unglamourous.

Shady AV companies (4, Interesting)

futhermocker (2667575) | about 2 years ago | (#42621743)

I am convinced there must be at least ONE shady AV company that creates viruses to make money. Hard to prove, but very well possible.

It's important to keep up on these things. (1)

apcullen (2504324) | about 2 years ago | (#42621747)

I used to read the AV comparisons once in a while. MS Security Essentials used to score fairly high on these tests! Back when it was one of the top rated products I installed it on the two machines that in my house that still run windows -- my wife's laptop and my son't netbook. I assumed (obviously wrongly) that the quality had been maintained.

Re:It's important to keep up on these things. (1)

Tridus (79566) | about 2 years ago | (#42621819)

Now that it's gotten more popular, the malware makers devote more time to making sure their stuff gets around it. The quality of the product hasn't changed so much as the quality of the work being done against it has improved. It's been true of pretty much every such program that gets popular.

MSE still has the upside of not turning computers into boat anchors, unlike Symantec's crap bloatware.

Like watching a political race (0)

Anonymous Coward | about 2 years ago | (#42621837)

May the best liar win. Sure they both have their own peculiar brand of corruption; but they're both liars.

Security software is like birth control (1)

murphtall (1979734) | about 2 years ago | (#42621925)

Security software is like birth control, no one form is 100% effective; therefore always use two. Unless you mean abstinence. And that's no fun
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?