Independent tester: Security Essentials 'very good'
Microsoft's free suite nails 98% of samples, says AV-Test.org; Symantec touts own test
Computerworld - Microsoft's free Security Essentials antivirus software identified 98% of over half a million malware samples, an accuracy rating an independent testing company called "very good" today.
Germany-based AV-Test.org tested Security Essentials, the free software Microsoft shipped Tuesday, on Windows XP Service Pack 3 (SP3), Vista SP2 and the final code of Windows 7, against two different collections of malware, said Andreas Marx, one of the firm's two managers.
The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. "All samples were successfully detected and blocked during our on-demand and on-access tests," Marx said in an e-mail today.
The second test put Security Essentials up against a much larger set of malware. Of the 545,344 malware samples in that collection, Microsoft's software nailed 536,535, resulting in what Marx characterized as a "very good detection score" of 98.4%.
In a follow-up test of adware and spyware detection -- Security Essentials also includes anti-spyware scanning -- Microsoft's software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.
This is the second time that AV-Test.org has run Security Essentials through the mill; when Microsoft launched a limited preview in June, the group tested the beta. Then, the free software also breezed through the WildList, spotting every sample in the 3,200-plus set.
Security Essential's final version also successfully identified and deleted all 25 rootkits AV-Test.org threw against it, Marx said.
But there were some issues that Microsoft's program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don't rely on specific "fingerprint" signatures to match against a potential threat. Security Essentials lacks any such technology.
"We found no effective 'dynamic detection' features in place," Marx noted. "None of the samples were detected based on their suspicious behavior. However, other antivirus-only offerings don't include dynamic detection features, either. In most cases they are only available in the Internet security suite editions of the products."
Security Essentials was also unable to completely scrub a PC when it did detect malware. "In many cases, traces of infection were left behind," said Marx, ticking off several examples including empty "Run" entries in the Windows registry and modified "hosts" files. The program also failed to switch on the Windows firewall after a piece of malware had deliberately disabled it.
Not surprisingly, Symantec, which yesterday blasted Security Essentials as a "poor" product with "average detection rates," had a completely different testing take on the new rival.
Symantec's vice president of engineering, Jens Meggers, also disparaged the kind of testing that AV-Test.org and others conduct. "Things like the WildList don't show you the brand new stuff, the ones you need to detect on the first day they're out," Meggers told Computerworld on Tuesday.
According to tests commissioned by Symantec last month (PDF document), a not-quite-final version of Security Essentials did poorly when stacked against Norton AntiVirus 2009, the then-current version of Symantec's consumer antivirus program. In a test of 50 different Web-based threats hosted on malicious sites, Security Essentials detected or neutralized 37, while Norton identified 45.
Using a weighted scoring system, the U.K.-based lab that ran the tests for Symantec gave Security Essentials 44 points, and Norton 80 points.
In the blog post Tuesday that called Security Essentials a "rerun" of the now-defunct Windows Live OneCare, Symantec claimed victory. "The bottom line: Microsoft Security Essentials falls short of protecting against today's aggressive malware and zero-day threats," Symantec said.
However, Norton AntiVirus 2010 -- the current version of Symantec's program -- lists for $39.95, which is $39.95 more than the price tag on Security Essentials.
Security Essentials can be downloaded for Windows XP, Vista and Windows 7 from Microsoft's Web site. Users must confirm that they're running a legitimate copy of Microsoft's operating system before the security suite will install.
Microsoft Security Essentials
- 64-bit Windows safer, claims Microsoft
- Independent tester: Security Essentials 'very good'
- Microsoft blackballs pirates from getting free Security Essentials software
- Rivals mock Microsoft's free security software
- Microsoft confirms free security software ships Tuesday
- Microsoft to ship free security software soon
- Antivirus testing outfit: Microsoft Security Essentials makes the grade
- MS Security Essentials: Basic Protection
- First Look: Microsoft Security Essentials
- First Look: Microsoft Security Essentials beta offers free protection against malware
Read more about Security Hardware and Software in Computerworld's Security Hardware and Software Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- DLP Solutions and Strategies Reviewed
- According to the 2011 Verizon Data Breach Report, 96% of data compromises were avoidable and 86% were discovered by someone other than the...
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Security Hardware and Software White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Security Hardware and Software Webcasts
