MS Security Essentials test shows 98% detection rate for 545k malware samples

MS Security Essentials test shows 98% detection rate for 545k malware samples

Summary: According to recent tests conducted by AV-Test.org aiming to measure the performance of Microsoft's Security Essentials, the freeware application achieved 98% detection rate for 545k malware samples including viruses, bots, trojan horses, backdoors and Internet worms, also achieving 90.

SHARE:
81

According to recent tests conducted by AV-Test.org aiming to measure the performance of Microsoft's Security Essentials, the freeware application achieved 98% detection rate for 545k malware samples including viruses, bots, trojan horses, backdoors and Internet worms, also achieving 90.95% detection rate for 14,222 adware/spyware samples it was tested against.

However, AV-Test.org didn't find any effective "dynamic detection" features (HIPS/behavior blocking) in place, and therefore samples with malicious behavior were not detected due to the application's reliance on malware signatures only.

Testing MS's Security Essentials is one thing, benchmarking it against other market propositions is entirely another. What both of these practices have in common, is the potential to leave the end user with a false feeling of security (Does free antivirus offer a false feeling of security?) by ignoring the fact that antivirus software is only a part of their defense in-depth security strategy (Secunia: popular security suites failing to block exploits; Secunia: Average insecure program per PC rate remains high).

Naturally, the final release for Microsoft's Security Essentials is already sparking debate on its performance characteristics when benchmarked against commercial products offered by competing vendors. For instance, Symantec, dismissed the application as a “a stripped down version of the OneCare product Microsoft pulled from retail shelves“ in July, and most recently commented that it offers "reduced defenses" :

"From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime. Unique malware and social engineering tricks fly under the radar of traditional signature-based technology alone—which is what is employed by free security tools such as Microsoft's"

And whereas different comparative reviews (Norton Antivirus 2009 Versus Microsoft Security Essentials: A Comparative Anti-Malware test; Anti-Virus Comparative August 2009) show different results, protecting from known threats only, in times when cybercriminals are efficiently tricking signatures based malware scanners (Modern banker malware undermines two-factor authentication), can cause more harm than good by attempting to simply build awareness on Internet security threats by offering a freeware antivirus scanner to millions of end users.

What do you think? TalkBack.

Topics: Malware, Microsoft, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

81 comments
Log in or register to join the discussion
  • I have to defend Microsoft on this...

    I have to defend Microsoft on this because Symantec is probably the
    [i]last[/i] company to be complaining.

    I can't tell you how many computers I've "fixed" simply by removing
    any and all Symantec/Norton products from a computer, then
    installing Avast or AVG.

    Symantec makes some of the worst software out there. I can't stand
    their products.

    I also find it amusing that the Uninstall never works for Norton
    anything. You always have to go to Symantec's website and download
    their specialized "Removal Tool" just to get rid of the bloody thing.
    olePigeon
    • I agree

      That is why I always keep a copy of it on a jump drive.
      The one and only, Cylon Centurion
    • So Im not the only one then.

      nt
      Viva la crank dodo
      • Symantec/Norton products

        No you are not the only one. The very first thing I do with any computer is to get rid of anything Symantec/Norton. They have made my life so misserable to the extent that I will not use their products even if they have to pay me to use it. They just make terrible products, and it buggles my mind how they seem to get away with it.
        ekun01@...
    • Hey....

      I know all about that. Moved to Mcafee enterprise, which I like alot, and many of the symantec installs had to be manually removed through the registry. Didn't know there was a removal tool, but oh well won't have to deal with symantec ever again. I think this is a good tool for those that don't want to buy AV or refuse to buy it and not get protected. I do like Avast and AVG, but AVG doesn't have a real time monitor.
      OhTheHumanity
    • RE 0002739532

      Dittos to all this. Symantec is crapware.

      But another point is that any real serious
      threat MS is going to send a definition out.
      Plus I don't want all the other CPU and memory
      and HD intensive activity on my system.
      First off I have never had any virus ever
      period.
      Secondly if I did I think MS Essentials would
      get it off.
      If not then it is time for a format and
      reinstall which takes very little time with any
      normal modern PC etc. Windows 7 and this will
      work for me.
      DiamondT
      • I have a question for you...

        If you do not run a virus scanner then how do you know you do not ??? Todays malware is designed to be stealthy and not alert the computer owner to it's presence.
        mrlinux
        • He didn't say...

          He didn't say he doesn't run a virus scanner, he said, "I have never had any [b]virus[/b]." In any case, people who don't run an always-active virus scanner may run occasional manual scans to verify their system is clean.
          Spatha
          • Not directly...

            But I may have read to much into this statement

            "Plus I don't want all the other CPU and memory
            and HD intensive activity on my system."
            mrlinux
        • That's the same question I ask when...

          I work on a Mac that is slower than it should be.

          I asked my employer that question this past week. His response was that it's not a virus. Then he asked me how many Macs have I deal with that had viruses...

          I guess he didn't see how circular that reasoning is.

          Thankfully, someone let me know that I could check things out with the activity monitor.
          PlayFair
      • very little time ?

        "If not then it is time for a format and reinstall which takes very little time with any normal modern PC"

        kindly explain how to format and reinstall windows and 100 or so applications in very little time......
        dev-null
        • Very little time

          It takes very little time if you take the time to use an image backup program to image your entire hard drive to a usb hard drive or network backup. Most have a usb hard drive now and this is a simple procedure and should be done by everyone to save hours of searching for driver disks, program install disks, and updating everything once re installed. There are plenty of free options like Cobian and Backula, and numerous commercial programs,

          I use Norton Ghost, forget the Symantec bashing, it works all the time, every time. It is used by major computer manufactures for their system restore function also. Dell is the first to come to mind.

          Not to do this is to doom yourself to hours and hours of headache when the need arises to reformat; believe me, it will come!
          skudera@...
    • Norton SOS

      I agree Norton's apps make your system STUCK ON STUPID SOS
      guymaregood@...
  • Anti-viruses do have a security role

    While the first steps should be i)to run as a standard user, ii) keep a strong administrator password, iii)use a system by which the standard user uses only certain prespecified programs (like parental controls in Vista), iv) never to use the password except for security and bug fix upgrades and absolutely necessary work, signature based threats do add a further layer. It is probably the least important step, but it does help in protecting against trojans, when the user somehow forgets step iv) above (accept it, even the best of us make mistakes). I would also like to add that anti-viruses nowadays are not just signature based, and even though heuristics is not very well developed (hell, I do not suppose they ever will be) all anti-viruses have some amount of pro-active protection.
    nilotpal_c
  • Simply put:

    User knowledge is the front-line defense against malware.

    NOT an AV product, where cyber criminals and other "evil-doers" are constantly trying to out wit security experts.


    The one and only, Cylon Centurion
  • Symantec just negated any future complaints

    [i]For instance, Symantec, dismissed the application as a "a stripped down version of the OneCare product Microsoft pulled from retail shelves" in July[/i]

    So MSE doesn't compete with your product? Excellent, we'll expect to hear nothing about you running to the DoJ or the EU about this matter then.
    NonZealot
    • I'm no fan of bundling in general

      but when it comes to security it is never a bad thing.
      Viva la crank dodo
      • I have to disagree.

        [i]I'm no fan of bundling in general but when it comes to security it is never a bad thing.[/i]

        At least when it comes to the state of current A/V implementations. They try to be all things to everyone and as such cause more problems than they solve (decreased performance, applications which fail to work, incompatibilities, etc).

        MSE doesn't do that. It is an A/V scanner and that's it. Thus it appears to have avoided the performance hit and I suspect it won't create nearly the problems other packages have.

        It might be one I won't hesitate to put on my friends systems.
        ye
        • Perhaps I was unclear

          I meant that bundling security by the OS vendor is a good thing. Although I would not be opposed to AV's being bundled in its absence for most non-tech users. I just remove them and put Avast.

          I am happy MS has released this AV and will not mind at all if it includes it in the OS since the importance of basic security (in my own opinion) supersedes the interest of security. I agree that many of the solutions cause the problem you speak of though I have found Avast to be more reliable than Symantec and McAfee and it rarely causes any performance issues for the most part.
          Viva la crank dodo
          • Completely agree...

            I have used Avast in the past and still recommend it to friends and family who ask me to point them towards a free AV solution for personal use. For my work machines, I use G Data. I have found that it is a bit less intrusive and a bit more resource friendly than Avast. Symantec and McAfee will probably never find a place on any machine I own. Enterprise tools seems to be the only reason Symantec has managed to stay afloat this long. How McAfee has managed to stick around this long is a mystery to all.
            jasonp@...