back to article Microsoft Security Essentials loses AV-TEST certification

Microsoft Security Essentials, Redmond’s free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7. That low detection rate has cost it the AV-TEST Institute’s seal of approval, a certification it hands out to products that meet 11 of 18 …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Criteria

    "11 of 18 criteria it assess"

    Sounds kind of loose specification. Could someone point me to a summary of the criteria

    1. LarsG

      Re: Criteria

      One test says one thing and another test says something else.

      Maybe look to see who says what and then look at who they are affiliated to......

  2. jnievele

    Zero-days?

    Nitpick: Isn't a zero-day a threat that is so new NOBODY detects it yet?

    1. Dr. Vesselin Bontchev
      Boffin

      Re: Zero-days?

      No. A zero-day threat is a threat not KNOWN to the produces of defenses. Just because they haven't seen it yet doesn't necessarily mean that they cannot detect and block it. Many security packages contain not only a known-malware scanner but also a range of generic tools that can detect not-yet-known threats. Such tools include heuristic analyzers, behavior blockers, integrity checkers, and so on.

      Yes, I am aware that the unwashed masses still think that anti-virus products just look for scan strings (short sequences of bytes from the known malicious programs) but in reality we stopped relying exclusively on that method more than two decades ago. Nowadays the better products use scan strings only to trigger their other, more sophisticated malware detection and identification algorithms.

      1. eulampios

        Do you mean

        that AV's can also act as MAC (mandatory access control) tools? Like apparmor, SELinux, TrustedBSD? Given the fact that most of AVs are closed (including this one) and no one knows what algorithms they are using, not transparently configurable as the actual MAC tools and , finally, the frequent "My AV is slowing down my PC!!!" users' complaints, AV's MAC's implementation is poor indeed. Moreover, MAC's implementation of apparmor is an extension of the POSIX permissions system present on the *nix OS's that is still rudimentary on Windows.

        1. Dr. Vesselin Bontchev
          Boffin

          Re: Do you mean

          Of course not. AV packages are just applications. MACs have to be enforced by the OS (preferably - with hardware support), or they are useless. In addition, MACs enforce confidentiality, while malware tends to be an integrity problem. While a typical MAC system is very robust for protecting higher-classified information from being leaked to lower-ranked users, the integrity problems that the lower-ranked users have tend to move (i.e., infect) the higher-ranked ones even faster than on a typical DAC (discretionary access control) system, where the disaster happens only after the virus manages to infect a high-ranked user.

          No, I was talking about much simpler things. Behavior blocking ("why does Excel.exe suddenly want to open cmd.exe for writing?!"), integrity checking ("why the heck did the master boot record change?!"), heuristic analysis (dynamic like in "let's run this program in a sandbox and see if it does anything naughty" or static like "does the structure of this executable file suggest that it is obfuscated and tries to do something naughty when executed?").

          I am not sure what you meant with your remark about open source. The only open source AV I know of is pure crap and is clearly made by people who don't have the slightest clue how to design a proper AV product. Or if you meant that I don't really know how AV products work, since I haven't seen their source, then I suggest that you google my name. Trust me, I *have* seen them from the inside and *know* how they work.

          1. eulampios

            Re: Do you mean

            Ok, thanks, got it.

            Behavior blocking ("why does Excel.exe suddenly want to open cmd.exe for writing?!")

            And this is what apparmor does (and SELinux). For Apparmor, in a profile you can allow and disallow execution of certain, or all but certain things. Say, you can block java or everything except java. You can block whichever plugin (inside of firefox) was not being used, so called a "learning mode" ...

            My point was that the bare principle of AV is flawed. They are designed, not in the best way, to sew up a huge gap deliberately and/or incompetently left by the OS. There is no point of taking pills if a person (OS) is voluntarily stripping him/herself of the basic immune mechanisms of the body.

  3. Big O

    It seems that AVG managed to get that certification. I'm still not going back there though *shudder*

  4. Anonymous Coward
    Windows

    Given that:

    Its free, its not resource hungry, its like any other AV product, it's a defense not an airtight seal of security.

    There are always alternatives waiting to take your money off you....Feel free to use them...

    1. Irongut

      Re: Given that:

      Given that Avast, AVG and Avira are all free, are not resource hungry and actually stop viruses (you know the purpose of av software) you'd be an idiot to use MSSE. But feel free to be an idiot...

      1. ChrisCabbage

        Re: Given that:

        Erm, MSSE is also free.

        1. Agarax
          FAIL

          Re: Given that:

          @ChrisCabbage It may be free but it's crap.

          Go download Avast (Free) or AVG (Free). I've found that Avira has a pretty good detection rate, and I splurged for the paid copy without the popups.

      2. Anonymous Coward
        Mushroom

        Re: Given that: @ Irongut

        There really was no need to resort to insults.

        After all, if i'd wanted to listen to an arsehole, i'd fart...

    2. Zaphod.Beeblebrox
      Thumb Down

      Re: Given that:

      Given that of the last dozen or so Windows machines I've disinfected for frinds & family, all but one were running up-to-date copies of MSE, and that several of them were back for the second (or more) round of cleaning, I've no confidence in MSE at all. I started replacing MSE with Avast about a year or so ago and have yet to have one of those machines need cleaning. I'm not saying Avast is invincible, and if it stops doing the job I'll replace it straightaway, but right now it has proven to be much more reliable than MSE.

  5. toadwarrior

    Everyone pretty much agrees MSE isn't up to the job but the MS fanboys keep pushing it as the best. I'm ok with that. The more windows infections the more people will avoid MS.

    1. dotdavid
      Black Helicopters

      John McAfee, is that you?

      1. Anonymous Coward
        Anonymous Coward

        John McAfee, is that you?

        I heard on Alex Jones, he hasn't had anything to do with McAfee software for 20 years.

      2. Anonymous Coward
        Anonymous Coward

        re: John McAfee, is that you?

        "Jesus, you got crystals in here 2 inches, 3 inches long. This is pure glass. You're a damn artist! This is art, Mr. White!"

    2. Anonymous Coward
      Anonymous Coward

      I've not heard anyone, with the exception of the Linux Loving, MS hating cabal (with whom you must be familiar) say much of note bad about MSE. Personally I think it's much better than AVG, the previous incumbent on my machines.

      I also, have to ask - If you're such a fan of Linux, why do you feel the need to slag MS products off all the time?

      1. frymaster

        It's not perfect

        I've had MSE miss a virus on a friend's PC before - thankfully a "let this program have firewall access?" prompt came up, alerting him.

        We submitted the file to one of these online sites, and only 2 of the virus scanners caught it, so I'm not claiming MSE to be amazingly shit either, but that it can miss things is undeniable

      2. Anonymous Coward
        Anonymous Coward

        I've not heard anyone (..) say much of note bad about MSE

        Well, duh. At some point you just give up stating the obvious..

      3. Anonymous Coward
        Linux

        Linux Fan here

        But its an imperfect world, and one has to deal with those slag-offable products.

        There's only two MS products I've ever enthused about. Excel because ...well, it's brilliant!

        And MSE ...because it seemed to be the only antivirus software I could use on an 7-yr-old (XP) laptop with hardly an memmory and still be able to do anything else on the machine. I was impressed. I hope I can go on using it.

        Snarky comment: as the magnet of most of the world's mal/virus/nasty ware, you'd think MS would be the world's experts in dealing with it. Why aren't they?

  6. Anonymous Coward
    Anonymous Coward

    lost seal/ranking september 2010

    wasn't this the time the windows virus writers started work on flame/stuxnet/duqu variants?

    no coincidence then?

    no AV product will keep the bad guys out 100% of the time AND keep data 100% secure on the machine with 0% leakage whilst still connected to the internet

    1. Tom 13
      Flame

      Re: keep the bad guys out 100% of the time

      RTFA!

      We're talking 89% NOT 100%.

  7. Refugee from Windows

    What do you expect for free?

    Given that most of the attack vectors seem to be through software nothing to do with M$, it's what I'd expect. Also, as a lot of the "paid for" products seem to hold you to ransom after the initial subscription* runs out and deeply embed themselves in so they are hard to root out, it's enough to drive you elsewhere.

    *Year 1 is a special deal, we'll tighten the screws for next year!

    1. Chad H.

      Re: What do you expect for free?

      Given the number of no-name free scanners with a better detection rate, I expect a better detection rate from a name like "Microsoft".

    2. Tom 13

      Re: What do you expect for free?

      Shouldn't a bunch of professionals working on the software even as little as 8 x 5 with all European holidays off be able to produce something better than a gaggle of amateur tinkerers?

  8. Pat 11

    what's the best alternative

    I'm looking for free and low resource hit.

    1. Anonymous Coward
      Anonymous Coward

      Re: what's the best alternative

      I found that paying for Kaspersky was the better approach. And I have a Mac, but I prefer evidence over religion.. Kaspersky has been fairly consistent with their quality (measured over many years suffering Windows), and it doesn't lock up machines like other products do. OTOH, I will never in my life buy anything touched by Symantec again.

      Personal opinion, of course, and YMMV..

    2. Irongut

      Re: what's the best alternative

      Avast. I've been using it for years and never had an infection and the only false positives I've had have been software I've written myself. The current version does bug you a bit about upgrading to the paid version but just click no thanks.

      Alternatively AVG and Avira are also free and have good detection rates.

    3. jason 7
      Facepalm

      Re: what's the best alternative

      Kaspersky makes me laugh when it asks ordinary folks -

      "ALERT Kaspersky has detected that EXPLORER.EXE is trying to run! Which totally arbitrary and made up security group would you like Kaspersky to assign it to so that it may run appropriately?"

      Ermm...........................

    4. Daniel Warner

      Comodo

      Try Comodo AV. They do just av or a full suite for free. It throws up a few more messages than some but it does a great job of stopping stuff.

  9. Anonymous Coward
    Anonymous Coward

    As others have said - it's free, it's not resource-hungry and, importantly, it uninstalls cleanly. I've tried many AV packages over the years and many are worse than actually having malware on your PC.

    The first line of defence against malware is common sense - the only "malware" I've ever had on a PC in over 20 years is EICAR. Coupled with common sense, MSE will do just fine.

    1. Anonymous Coward
      Anonymous Coward

      Alternatively, you have had malware on your machines, but the software you used to detect malware, well, didn't.

  10. nwlad
    Happy

    MSE Just works for me...

    I've been using MSE since it was launched on three netbooks, two laptops and two tower systems at home and never had any issues with malware etc. this on Vista and W7 systems

    As someone else commented - it is free, east to install/uninstall and not at all resource hungry unlike previous horrors that I have used in the pasts such as AVG, Norton and MacAfee....

    Just use common sense and use other features available in email and browsers as well.. for example.

    1. Tom 13

      Re: MSE Just works for me...

      You know there are a lot of Mac users who've said the same thing about running their systems without AV.

      They at least have the advantage of running on an OS that was built with the possibility of having to enforce security considerations in normal use. And a far better track record of not getting infected.

  11. Davie Dee

    id Sooner use MSE than the bloat ridden, designed to piss off anyone with the smallest sense of what they are doing, costly pile of shite that is Norton and McAfee.

    I used Nod32 for a while and it is very good, Nod is also very light, BUT MSE is Free, and I don't do things that are plainly stupid to allow my PC to become infected, yes there is always a chance, but there is always a chance with ANY AV software. you Simply cant argue with something that's better then nothing thats FREE in every sense and very light on the system. Id sooner the whole world used that then people not using anything or installing mcafee 4 years ago and never bothering to renew it because "well I have AV so why do it need to buy it again...

  12. jason 7

    Strange that I'm seeing a lot of these reports slamming MSE...

    ....just as it's now incorporated as standard in Windows 8, removing the need to bother with the likes of AVG/McAfee/Norton/Kaspersky etc.

    Is it a few folks are very worried they could be out of a job in a short while?

    If you use MSE and are concerned then install EMET3.0 which is specifically designed to fight Zero day stuff.

    I run it at max settings for all my machines and it works fine.

    http://www.microsoft.com/en-us/download/details.aspx?id=29851

  13. Anonymous Coward
    Anonymous Coward

    "JUST USE COMMON SENSE."

    "I NEVER GET VIRUSES."

    This stuff cracks me up. So much modern malware is designed to be undetectable, unless someone is monetizing and trying to get a quick buck by loading your machine with scareware. The amount of times I've heard "I use common sense", and then found spyeye or similar lurking around in the background...

    As for active defences, Nod32 is a pretty good tool for corporate environments.

    For home use, I recommend just disabling javascript and java on your browser. Run MBAM regularly from a USB pendrive. Ensure your firewall is functional, and keep up to date with patches. Avoid installing Java if you can, and don't use Adobe products. Preferably, do all this in a virtual machine inside your host machine.

    1. jason 7
      Facepalm

      MBAM?

      I have dropped that from my suite of scanners for cleaning up HDDs.

      For around a year now its been virtually useless at detecting anything. I really don't know why folks still recommend it. Even when it was vaguely useful it still wouldn't detect everything on first pass and needed another pass at least to get rid of the rest. Though mop ups with the likes of Combofix were still needed.

      Oh you did run at least two passes with MBAM?

      I smile when I read folks writing "Oh I just ran MBAM and that seemed to sort it!"

      Like hell it has.

  14. Anonymous Coward
    Anonymous Coward

    Hmm..

    MSE, from the people that brought you Windows.

    Windows, from the people that brought you EDLIN

    From a track record perspective I can see little that would cause me to believe the use of MSE would result in a lower risk of exposure..

  15. djack

    Get the commercial ones for free anyways..

    Many (most?) online banking and CC services offer free AV and related software for free.

    Barclays gives out licenses to Kasperky's suite and MBNA dole out McAfee (I think). I wouldn't be surprised if the other banks have similar schemes.

    1. hplasm
      Meh

      Re: Get the commercial ones for free anyways..

      The banks may dole them out for free, but I bet they don't use them internally.

      1. Dr_N
        FAIL

        Re: Get the commercial ones for free anyways..

        "Free" or just included in your bank charges....?

      2. Agarax
        WTF?

        Re: Get the commercial ones for free anyways..

        @hplasm Why wouldn't they?

        Virtually every corporate network out there uses antivirus because nearly everyone uses Windows. Everyone out there uses Windows because the de facto standard for every productivity application written in the last 20 years has been Windows, and rewriting all the programs would cost more than the various headaches Windows causes.

        Not saying that it's right or even wise, it's just the way the world is.

    2. Anonymous Coward
      Thumb Down

      Re: Get the commercial ones for free anyways..

      Yes, its called "Rapport" and it's dire!!!!

  16. Bradley Hardleigh-Hadderchance
    Boffin

    To those looking for alternatives.

    Sure most of you are way more tech savvy than me, but I mess about a lot with this stuff and fix computers for friends and family. So this is for the noobs who are reading, who have the time and inclination to set up even a fairly old machine with mostly free software. I'm being Windows specific here.

    What I'm running at the moment on a fairly old machine, because it takes very little resources, and a multi-layered approach and is free and not too difficult to use, is Comodo Internet Security. If I can use it then you tech-heads won't have any troubles. Along with the anti-virus, you get a hips and a firewall and a sandbox. You can use it straight out the box/install by setting it to 'Proactive security' in the taskbar icon at the bottom, just right click and select 'configuration'.

    See here for instructions and advice:

    http://www.techsupportalert.com/content/how-install-comodo-firewall.htm

    It really is worth taking the hour or two to read everything there and pretty soon you will have your CIS set up and running like a champ. Once this is done to your liking you can save your config file and then select as before at will, and even use it on other (similar) systems.

    The anti-virus isn't bad. It can give some false positives, but I have it set for full heuristic, so to be expected. The HIPS, called Defense+ needs a few changes to get the best out of it, but it works fine out of the box/install as I mentioned. The firewall works a charm too. So it is an all in one integrated package on an old machine with hardly any resource hit for this kind of thing. Maybe I would get better av protection with avast or avira, but the hassle of setting them up is not worth it, they are resource hogs as well compared to what I have now. On new machines they are fine, but on older ones you can tell the difference in a big way. So everything is compatible with a nice easy to read GUI.

    I would then chuck on Malwarebytes for a once weekly/every few days scan. And include Hitman Pro in there too.

    Malwarebytes is free and fully functional for on-demand scanning. I have the pro version, but just use it on demand.

    Hitman Pro is free as well in a similar vein, but if you do find any nasties you will have to activate it and this then starts a 30 day grace period, after which you will have to buy if you want it to still clean. You can still scan with it though, so if your system is clean, wait until you get another nasty... saves a few days that's all.

    Another program that some laugh at but has its uses and is free is SAS. SuperAntiSpyware. It really comes to life when you are disinfecting a system that is riddled with crap, but on a clean machine it tends just to pick up tracking cookies and the odd trojan downloader. It is very fast though, which is why I mentioned it. It has picked up things that others have missed, also. Possibly its best feature though is the ability to set your home page only from SAS. This prevents browser hi-jacking. It only supports Internet Explorer, but that is the lowest level of your internet configuration as I understand it. One machine, the person only used FF, but he was still getting hi-jacked because the malware was changing his home page all the time. It's a small feature, but very useful. And make sure to turn off 'Use Proxy Server' or whatever it is in the config of Internet Explorer. This closes down another option for being taken over. Obviously if you don't need to use that feature, as I would assume most don't.

    Another option is SpyBot Search and Destroy, but just use the 'Immunization' function, because on the whole it is quite slow and with poor detection rates. Update and Immunize once a month. Then forget about it.

    And if you really want to go for it, install PrevX. It has excellent rootkit detection and is free for just scanning. It is super fast and has the benefit of being compatible with your other av. You can run PrevX and Comodo no problems. You might want to put in some exclusions in the config files obviously, but I have never had a problem. PrevX really is a great little second opinion real time scanner. But you can use it on demand or from the shell. Talking of rootkits, make sure you have a copy of Kaspersky TDSS killer. It's free too.

    There you go. You're now all tooled up. It hasn't cost you anything and you can run it on a 10 year old laptop without too much penalty.

    Now all you need to do is get a good hosts file and run it from HostsXpert and chuck in Homer, after you changed your DNS to Norton DNS or OpenDNS, or even Comodo's DNS. Btw, you get the option to use that when you set CIS up.

    But try not to install GeekBuddy. It is a major resource hog that slows your machine way down. I'm not sure if it installs by default these days, but no problem - add/remove programs gets rid of it. Double check with Autoruns to make sure. Or use the Comodo version - Killswitch, another very hand utility to have around.

    That's about it.

    As for MSSE, it's a decent enough scanner, is free and lightweight to a certain degree. It's better than nothing and when I tend to use it is for technophobes that just want an av on their machine that they can totally forget about and pretend it is not there. EMET is good for system hardening too in this regard because once installed it can be pretty much forgotten. Of course you just set it to a basic level otherwise it is going to cause all kinds of problems that are hard to track down. But even set to the most basic level, I find it works just fine and will protect you against the 0 day exploits that were referenced in this article. Av doesn't really do that - it can help, but no Av is going to pick up more than what MSSE did, not by much anyway.

    I'm not one of those people that say, Oh I don't need an Av. I could do without it, sure, but it is another level to your protection as long as it does not interfere with other things. But I'm certainly not one of these people that puts all their eggs in the mythical ANTI-VIRUS-SOLUTION basket either. You need HIPS, Firewall of course and Sandboxing.

    God, don't set me off on sandboxing or virtual machines... a mere noob myself in this department, I find that I know more about it than 'some' people that 'know' about computers. But those that say "I don't use AV - Don't need it", tend to be people who are running Sandboxie or VirtualBox or both. But even they can get bitten if they get too complacent.

    Sorry for the long post, it was for a noob that was interested. I've learned so much from others on this site, that it's nice to put something back sometimes (other than my overly verbose deranged rants ;-)).

    Cheers.

  17. Anonymous Coward
    Linux

    Detecting malware?

    Never mind detecting malware, how about, by default, not running software from unknown sources. Specifically not running code by opening an email attachment or clicking on a URL ...

This topic is closed for new posts.

Other stories you might like