Microsoft's own antivirus fails to secure Vista

Microsoft's own antivirus software, Live OneCare, is unable to fully protect Vista users against viruses; and one of McAfee's antivirus software packages also fails to protect users, according to independent research released on Friday.

Virus Bulletin, backed by a team of Oxfordshire-based security researchers, tested 15 antivirus software packages used by businesses and designed specifically for Vista, Microsoft's newest operating system, and released to businesses two months ago. The researchers tested whether each of the antivirus products would stop a set of viruses known to be currently circulating. In order to be awarded a pass, the software had to detect all the viruses with no false positives.

But out of the 15, four failed: Microsoft Live OneCare 1.5; McAfee VirusScan Enterprise version 8.1i; G DATA AntiVirusKit 2007 v17.0.6353; and Norman VirusControl v5.90. The other 11, including software from Computer Associates, Fortinet, F-Secure, Kaspersky, Sophos and Symantec, detected all the viruses with no false positives.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "In these days of hourly updates, it's always a surprise and a disappointment to see major products missing them [viruses]. Vista cannot fend off today's malware without help from security products. It certainly looks like people upgrading to the new platform are going to need additional security solutions."

Joe Telafici, vice president of operations for McAfee's Avert Labs, told ZDNet UK that, in his opinion, Virus Bulletin had not used its latest antivirus updates, causing the failure. He said McAfee would issue further results with the updated software.

Microsoft pledged to improve Live OneCare. A company spokesperson told ZDNet UK: "We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare."

On the subject of Vista, the Microsoft spokesperson added: "It's important to remember that no software is 100 percent secure. Microsoft is working to keep the number of security vulnerabilities that ship in our products to a minimum, through our Security Development Lifecycle process, and that work is paying off. The release of Windows Vista is the first Microsoft operating system to use the Security Development Lifecycle from start to finish and was tested more, prior to shipping, than any previous version of Windows."