Independent tester: Security Essentials 'very good'
Microsoft's free suite nails 98% of samples, says AV-Test.org; Symantec touts own test
Computerworld - Microsoft's free Security Essentials antivirus software identified 98% of over half a million malware samples, an accuracy rating an independent testing company called "very good" today.
Germany-based AV-Test.org tested Security Essentials, the free software Microsoft shipped Tuesday, on Windows XP Service Pack 3 (SP3), Vista SP2 and the final code of Windows 7, against two different collections of malware, said Andreas Marx, one of the firm's two managers.
The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. "All samples were successfully detected and blocked during our on-demand and on-access tests," Marx said in an e-mail today.
The second test put Security Essentials up against a much larger set of malware. Of the 545,344 malware samples in that collection, Microsoft's software nailed 536,535, resulting in what Marx characterized as a "very good detection score" of 98.4%.
In a follow-up test of adware and spyware detection -- Security Essentials also includes anti-spyware scanning -- Microsoft's software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.
This is the second time that AV-Test.org has run Security Essentials through the mill; when Microsoft launched a limited preview in June, the group tested the beta. Then, the free software also breezed through the WildList, spotting every sample in the 3,200-plus set.
Security Essential's final version also successfully identified and deleted all 25 rootkits AV-Test.org threw against it, Marx said.
But there were some issues that Microsoft's program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don't rely on specific "fingerprint" signatures to match against a potential threat. Security Essentials lacks any such technology.
"We found no effective 'dynamic detection' features in place," Marx noted. "None of the samples were detected based on their suspicious behavior. However, other antivirus-only offerings don't include dynamic detection features, either. In most cases they are only available in the Internet security suite editions of the products."
Security Essentials was also unable to completely scrub a PC when it did detect malware. "In many cases, traces of infection were left behind," said Marx, ticking off several examples including empty "Run" entries in the Windows registry and modified "hosts" files. The program also failed to switch on the Windows firewall after a piece of malware had deliberately disabled it.
Not surprisingly, Symantec, which yesterday blasted Security Essentials as a "poor" product with "average detection rates," had a completely different testing take on the new rival.
Symantec's vice president of engineering, Jens Meggers, also disparaged the kind of testing that AV-Test.org and others conduct. "Things like the WildList don't show you the brand new stuff, the ones you need to detect on the first day they're out," Meggers told Computerworld on Tuesday.
According to tests commissioned by Symantec last month (PDF document), a not-quite-final version of Security Essentials did poorly when stacked against Norton AntiVirus 2009, the then-current version of Symantec's consumer antivirus program. In a test of 50 different Web-based threats hosted on malicious sites, Security Essentials detected or neutralized 37, while Norton identified 45.
Using a weighted scoring system, the U.K.-based lab that ran the tests for Symantec gave Security Essentials 44 points, and Norton 80 points.
In the blog post Tuesday that called Security Essentials a "rerun" of the now-defunct Windows Live OneCare, Symantec claimed victory. "The bottom line: Microsoft Security Essentials falls short of protecting against today's aggressive malware and zero-day threats," Symantec said.
However, Norton AntiVirus 2010 -- the current version of Symantec's program -- lists for $39.95, which is $39.95 more than the price tag on Security Essentials.
Security Essentials can be downloaded for Windows XP, Vista and Windows 7 from Microsoft's Web site. Users must confirm that they're running a legitimate copy of Microsoft's operating system before the security suite will install.
Microsoft Security Essentials
- 64-bit Windows safer, claims Microsoft
- Independent tester: Security Essentials 'very good'
- Microsoft blackballs pirates from getting free Security Essentials software
- Rivals mock Microsoft's free security software
- Microsoft confirms free security software ships Tuesday
- Microsoft to ship free security software soon
- Antivirus testing outfit: Microsoft Security Essentials makes the grade
- MS Security Essentials: Basic Protection
- First Look: Microsoft Security Essentials
- First Look: Microsoft Security Essentials beta offers free protection against malware
Read more about Endpoint Security in Computerworld's Endpoint Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Reducing the cost and complexity of endpoint management IBM now offers simpler, more affordable solutions for improving endpoint security, patch compliance, lifecycle management and power management within midsized organizations. Read this...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Endpoint Security White Papers | Webcasts