Network News

X My Profile
View More Activity

Stress Testing Microsoft's Free Anti-virus Offering

Microsoft's free new anti-virus product is earning decent marks in preliminary tests, putting it roughly on par with many other stand-alone anti-virus products available today.

A number of readers seem keen to try out Microsoft Security Essentials (MSE), but are eager to hear how the program stacks up against other free anti-virus tools in terms of detecting and removing malware. While the results of early testing may not provide that side-by-side comparison, they do offer a glimpse of how effective MSE may be in blocking and tackling some of the most common threats currently in circulation.

The MSE performance analysis comes from av-test.org, a group that routinely publishes the results of anti-virus stress tests. AV-Test ran MSE against 3,732 samples of malware that are currently infecting PCs around the world, and found that the program blocked all of them, both when the samples were opened or accessed and when the malware was manually scanned.

Using Windows XP as a testbed, AV-Test also dunked MSE into a hostile environment of more than 545,000 current computer worms, viruses, backdoors, bots and Trojan horses, and found that it was able to detect more than 98 percent of those samples. Pitted against threats labeled adware and spyware, MSE earned a detection score of just over 90 percent.

AV-Test's Andreas Marx said the group's testing found MSE had no effective "dynamic detection" against a handful of very recently released malware samples. Still, Marx said, other anti-virus-only offerings don't appear to offer much in the way of dynamic detection either.

"In most cases they are only available in the Internet Security Suites editions of the products," Marx said.

Marx said testing showed that MSE's scanning speed was about average, but that the product excelled at detecting and removing "rootkits," stealthy software designed to burrow deep into the operating system in a bid to hide the presence of malicious files.

AV-Test also found that the product effectively removed malware threats, but often times left behind certain inactive components of the threat (e.g. some inactive executable files, empty "Run" entries in the Registry, the Windows firewall remains disabled, the "hosts" file remains modified).

Windows users should bear in mind that no matter how well an anti-virus product performs in the most rigorous of tests, no anti-virus product can secure the system against reckless or high-risk security behavior. By "reckless," I'm talking about installing software of dubious origin, downloading executable programs from peer-to-peer file-sharing networks, and clicking on attachments in unsolicited e-mail.

Update, Oct. 1, 9:43 a.m. ET: Here's a shocker: Anti-virus industry giant Symantec Corp. continues its free-av-ain't-up-to-snuff claim, with a blog entry that labels MSE "little more than a bad rerun of Microsoft's infamous history of offering consumers incomplete and ineffective protection. Read more here.

By Brian Krebs  |  September 30, 2009; 9:51 AM ET
 | Tags: microsoft free av, microsoft security essentials  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft's Free Anti-virus Tool Now Available
Next: Hackers Breach Payroll Giant, Target Customers

Comments

Hi Brian,

The MSE link is incorrect. It missing the .com in microsoft.

Cheers

Posted by: desiconsultant | September 30, 2009 1:57 PM | Report abuse

@desi -- fixed. thanks for the heads up

Posted by: BTKrebs | September 30, 2009 1:58 PM | Report abuse

==============
==============
Brian, I wanted to see the results myself in greater detail, but av-test.org link doesn't provide any mention of MSE, or for that matter, the results of any antivirus tests.

Where can I see the results?

Thanx,

--faye kane, homeless brain
Read more of my smartmouth opinions at http://tinyurl.com/fayescave

Posted by: Knee_Cheese_Zarathustra | September 30, 2009 3:03 PM | Report abuse

Mr. Krebs:

The average home PC user (let alone all the small business owners who think their immune from infection because they aren't one of the big guys) is the reason why something like Conficker becomes a big news story.

Advising or reinforcing the notion that something is better than nothing, in this case a free AV solution from the same company that sells the OS that unsheathed is a security nightmare, is like telling a recovering alcoholic that having just one drink won't hurt anybody.

NONE of the free AV solutions offer advanced heuristics technology of any kind. Thus, in today's world of rapidly spreading emerging threats and rootkits, MS's Security Essentials may as well be called "SecureLESS Essentials". In other words, 'free' AV programs such as SE, AVG, Clam, etc . . . are novelties at best, that give ignorant home users an EXTREMELY false sense of security.

Free AV programs may not cost anything upfront to download and install, but the argument can be made that ultimately those programs cost the users and everyone else lost productivity and real money toward the bottom line.

Posted by: BigLeagues | October 1, 2009 10:28 AM | Report abuse

@Bigleagues -- okay, I'll bite: Which AV company do you represent?

So by your line of argument, people who use free AV are part of the reason the Conficker worm is still so prevalent?

I talk to victims of cybercrime almost on a daily basis now. Almost every day, I find the victims I'm speaking with were running up-to-date versions of commercial AV solutions from the big few, including Symantec, Trend, McAfee. AV didn't save them. Why? Because a) the users had admin rights when they shouldn't have, and b) they installed something they shouldn't have (in some cases, the malware installed b/c the victims DIDN'T have rights to install software and got whacked when a link they visited exploited outdated browser add-ons. Where was Big AV then?

Seriously, advising people who wouldn't otherwise pay for AV to avoid free AV solutions seems a bit irresponsible, no?

Posted by: Brian Krebs | October 1, 2009 11:23 AM | Report abuse

I would like to see how Windows Defender with Security Essentials as a "suite" I would suspect very well. Not sure how much of the "Giant" group that remains, but that was a pretty good programming group that Microsoft picked up 6 or 7 years back and converted into "Windows Defender"

Brian, when you read through to the end of Bigleagues comment to get to "cost....everyone else lost productivity and real money toward the bottom line," he's clearly referring to his own bottom line.

Having used a layered defense for years, I would be willing to try the Microsoft free combo. I'm sure the corporate edition really scares the heck out of the AV industry.

However, I still won't trust Microsoft, or Google for that matter, with my browser. Firefox might be a bit of a hassle to load up with add-ins, like NoScript, BetterPrivacy, Ghostery, etc., but it forces me to understand a bit more about how web content works and how pervasive the threats are.

I keep thinking I should get a Mac, but for all the advantages I haven't bought into their "ecosystem" yet. The way Microsoft burned Vista Ultimate users on the Windows 7 pricing, I'm ready to.

Posted by: ohiomc | October 1, 2009 12:23 PM | Report abuse

Mr. BigLeagues should follow his own advice, "give ignorant home users an EXTREMELY false sense of security". Looks like you have a false sense of security believing a paid AV solution will protect your computer better than a free solution. What a load of BS!!! No, I mean NO AV solution has a 100% detection rating and it does not matter if it has a heuristics engine running. I have seen time and time again stealth Remote Access Trojans (RATs) go undetected by every single AV solution out there paid or free. They can pass virustotal scans with no problem and cost little to nothing to buy off the Internet.

Posted by: neversaylie | October 1, 2009 12:23 PM | Report abuse

Having read this and other articles with interest, and also the anti-MSE blog from Symantec, I wonder if anyone else has had trouble finding information on the "independent testing lab" Dennis Technology Lab. Google (6th result on the list) and Bing (to Microsoft's credit, first result) turned up the membership list of the Anti-Malware Testing Standards Organization, where the entry for Dennis Technology is a link to Dennis Communications, publisher of, among others, the men's magazines "Maxim" and "Monkey." If Dennis Technology is part of Dennis Communications, it is well hidden on their web site. Otherwise, Dennis Technology is invisible on the web (aside from numerous hits on the Symantec blog post), and there is no address, link, or contact information on their report posted by Symantec. Methinks Symantec doth protest too much, providing a test report that the ordinary reader cannot confirm through the testing lab itself. It might also help if they tested the actual product rather than an outdated Beta.

As an AVG user, I have had no problems on my heavily used home system, but I also strictly follow safe computing practices, and use the fine Mailwasher program to preview all e-mail before it is ever downloaded to my system. It looks like MSE is certainly worth a try.

Posted by: khweb | October 2, 2009 6:44 PM | Report abuse

Free Computer Protection products work very well especially if they are used in a Layered Defense. I don't advocate putting your PC Security trust in the hands of one vendor or one product, paid or free.

Nice review of MSE and for everyone that knocks it my thought is it never hurts to have another Free solution people can use. If it's really effective at removing Rootkits that feature alone makes it worthwhile.

http://biggeekdaddy.com/protection.html

Posted by: BigGeekDaddy | October 3, 2009 10:05 AM | Report abuse

What is it that allows Microsoft users to continue to be such fools and tools, accepting the fact they need additional software to remove malware that a real operating system would never have let go to ground in the first place? What is it that keeps these people from growing gray cells? That keeps them duped by this nonsense?

Posted by: Rixstep | October 4, 2009 8:28 AM | Report abuse

@Rixstep -

Windows does far more than any other OS to block and remove malware. Windows Defender is quite adept at this, and is kept up-to-date by the built-in Windows Update service. Combined with features like Safety Filter in IE 8, this significantly raises the bar in terms of the difficulty of getting a user to install malware.

On competing OS offerings there is no such protection (Snow Leopard adds an incredibly rudimentary "block list" for about four or five malware executables but that's it).

IMHO, Symantec kept bloating their products until the point where even new computers buckle under the strain of their shoddy, redundant, scare-mongering "suites." Their software weighed down an entire ecosystem and gave Windows PCs a bad name (in my personal experience the vast majority of normal users' frustration with Vista's "endless prompting" turn out to really be complaining about ridiculous Norton / Symantec prompts that the user can't possibly understand). Now they're just whining because they know there's a vastly superior product at an unbeatable price that actually does its job the way customers want (protecting your PC without affecting performance or showing confusing dialogs).

Posted by: bhpaddock | October 5, 2009 2:23 PM | Report abuse

Brian,

Is Dennis Technology Lab legitimate? It hardly seems credible, as mentioned above by khweb.

Posted by: bgmnt | October 7, 2009 7:16 AM | Report abuse

Interestingly enough, I own Norton 2009 and just got an e-mail from Symantec offering me an upgrade to 2010 for free! Seems like they feel the Microsoft app will give them a run for their money!

Posted by: cph917 | October 8, 2009 12:41 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company