Microsoft OneCare Last in Antivirus Tests

Juha-Matti Laurio writes "PC World has a story reporting that Microsoft's Windows Live OneCare came in dead last out of a group of 17 antivirus programs tested against hundreds of thousands of pieces of malware. The report of an Austrian antivirus researcher was released at the AV Comparatives Web site this week. Several free AV products were included in the test as well." While the top dog was able to find 99.5% of the malicious code, OneCare clocked in at 82.4%. Of course, there's no metric for the severity of the malware in the 17% gap.

It'll get better over time

[Rosco P. Coltrane (209368)]

The OneCare team has access to the Windows source code, that's got to give them an edge.

Re:It'll get better over time

[Gothmolly (148874)]

How many times have we heard this from Microsoft? Why do people still reward this sort of behavior with continued purchases? If its going to kind of suck out of the box, and get better over time, and you can get support, why not use RedHat Linux or Solaris ?

Re:

[rblancarte (213492)]

Are you serious? I mean, I am no Microsoft or Windows lover, but Linux is no alternative to Windows for Joe and Jane Average Computer user. Using my parents as a gauge (because I consider them pretty average computer users), having them using Linux as an OS would make zero sense. They are much more familiar with Windows products. They don't have to jump through hoops to send out documents that would be compatible with everyone else they communicate with (or to read the documents they get). They underst

Re:It'll get better over time

[Johann Lau (1040920)]

So what you're actually saying is that nothing is an alternative to Windows for Joe and Jane Average Computer user, not just Linux. Which makes me wonder: how did people start using Windows? Weren't they too used to not using Windows to "relearn"? How did people learn to use cellphones, or to use number pads instead of dials before that? People don't stick with what they know, they stick with what everyone else uses and/or tells them to use. There is a difference.

Re:

[falsified (638041)]

Realistically, for home use, AND for most users (myself included) there WASN'T anything before Windows anyway. Yeah, MacOS, but if I remember correctly the first Macs weren't exactly priced for the casual user. DOS was dominant and Windows ran on top of it. It was a GUI a person could ease into while still duking it out on the more familiar command line.

As OS tasks shift to the Web (and I think that will happen), we'll see a shift to the more stable Linux OS because the casual user won't have to figure out

Re:It'll get better over time

[suman28 (558822)]

You are doing nothing but put your parents "in a box". I repair computers around my neighbourhood and when people tell me they lost their Windows CD or it didn't come with CDs or whatever, I tell them they can spend an extra 150 for their "Genuine" copy of Windows or use Linux. I cannot tell you how many people choose Linux. I tell them to give it a try, since most of them are not using it for anything more than Web browsing and photo viewing. If they don't like it (and some don't), they come back to me and spend an extra 150 or whatever. I have a few Average Computer users that use Linux and are quite satisfied. Thank you.

Re:It'll get better over time

[mastershake_phd (1050150)]

If it is an OEM type of machine (like from Dell) the key is on the side of the box. There is no need to spend $150 on a new OS, just find the CD elsewhere. I am sure someone doing PC repairs has a Windows XP CD lying around or knows where to find one.
 
Yes, but certain keys work with certain CDs. They unfortunately arent interchangeable. One PC I have wouldnt reboot after using the auto-upgrade feature to download SP2. So I got a SP2 CD, but it didnt like my old (legal) CD key. So I found a working key on the web, now I got that damn Windows Genuine Advantage thing popping up.

What are you supposed to do?

Re:

[nakkenakuttaja (978938)]

My father is 76 years old and has only used computer for the last 5 years or so. His first PC had Windows 98, but last year I updated his computer with new motherboard, harddisc etc. + I installed Kubuntu on it. He has been very satisfied with it using Linux. I don't think Linux is more difficult to use than Windows. OK, my father probably would not be able to install Kubuntu, but he probably he could not install Windows either.

Re:

[Ucklak (755284)]

Because Best Buy, Fry's, Circuit City, Dell, and any other retailer that matters don't have a demo unit setup nor do they advertise that is is sold.

Don't give me this BS that Dell offers Linux because if it isn't here [dell.com], it doesn't exist.

I'm about as anti-MS as one can get but I also reailze their importance in the marketplace.
MS is obviously crippling 3rd party malware protection yet their own package fails to make the mark even though they have the advantage.

I've consistently said that MS has crappy program

Re:

[Turn-X Alphonse (789240)]

I run Linux on my main box but I still have a windows box for my games. If Linux ran games (I don't count Cedega, I refuse to support them due their policy on OSS stuff) then I would give up the Windows box, but until I can get my guild wars fix Windows is needed.

Re:

[jorghis (1000092)]

Everyone keeps saying this and I dont understand the logic behind it.

Even if it were true that they had access to windows source, how would this help them? Everyone has claimed that it does, but noone has explained how.

Re:

[multipart/mixed (163409)]

They will continue to design new viruses at a faster rate than Norton, McAfee and Grisoft combined!

Of course, the assumption here is that Microsoft's virus will be able to block the viruses they write. Sorta basic for a Virus Company, but we all know how good MS is at closing the loop..

Old Viruses

[Subbynet (905560)]

I have always had a problem with these "stats".

If Microsoft know 50% (for example) of viruses are so old and won't run on 2000/XP, and they then decide not to search for them during AV tests... Does that mean the AV missed it - or quite rightly the code is so old that MS no longer considered a threat?

Re:Old Viruses

[by Anonymous Coward]

Just because a virus won't run doesn't mean it should be dismissed. Any machine can still be a vector of transmission for viruses that will infect others. Think about the AV products for Linux or Mac. Most of them clean Windows viruses out of files/emails so that they won't infect other machines, not because they want to protect themselves.

Re:

[Subbynet (905560)]

True...

But this is Microsoft, with a product made for Windows XP / Vista. Tell me why they should care about Macs and Linux?

There is that old saying - always look after yourself, and its one I adhere to with regards to Anti-Virus... Just because it was checked at the mail server does not mean I won't check it again.

So using that premise, why should OneCare look or care about Viruses which won't run on the platform?

Re:Old Viruses

[Llywelyn (531070)]

Its not that they should care about Macs or Linux, but one would think they would care about older versions of Windows.

The reasons are the same that Mac antivirus programs strip out windows viruses, and viruses from as far back as OS 6. Just because it cannot infect this system, does not mean it is not a threat in general.

Besides, what evidence do you have that what they missed were older viruses? While I admit this is a valid hypothesis, I see no evidence for it one way or another.

Re:

[alx5000 (896642)]

Sorry to hit you again with the GP's point, but why should they care about older versions of Windows? Doesn't that undermine the get-your-new-shiny-omg-pretty-colors-OS-same-as-b e fore-but-with-round-corners philosophy?

We hear every day about MS dropping support from old OS's (something I would stand for, as long as those systems weren't as fucking widely used as W2K is); infecting them and not Vista/XP/Whatever makes the latter look more secure (and as Windows users go, they only way to move).

Feel free to

Re:

[linhux (104645)]

They do remove some old viruses from these tests. The report mentions that they no longer count DOS viruses.

Encouraging companies to overemphasize tests

[jorghis (1000092)]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test. I'm not trying to single MS out here, video card manufacturers do this sort of thing all the time, hell it may be that the top performers on this test did it too.

Incidentally, why all the MS hate? Why focus on the company on the bottom, if it was any other company the headline would have been "Norton at top of antivirus heap in tests". The companies at the top are much bigger in this area and their software more widely deployed so I would think their performance would be more relevent regardless of who scored where.

Re:Encouraging companies to overemphasize tests

[TrappedByMyself (861094)]

Incidentally, why all the MS hate?

1) Pretty much all these viruses/malware target Microsoft's own software

2) Microsoft has more resources than all the other companies combined.

3) People are going with Microsoft's solution assuming that it is the best one

So basically, Microsoft's half-assed software made antivirus software a requirement in the first place. Instead of using their vast resources to fix the underlying problems, they build more half-assed software as part of their big money grab.

Re:

[vertinox (846076)]

1) Relevent to OneCare how? Its completely different software, its not like OneCare is targeted. Shouldnt we evaluate these individual products on their merits?

Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to

Re:

[jorghis (1000092)]

1) Umm... Because Microsoft makes the operating system which allows the virus problems in the first place. Just because they make a different product doesn't mean that that particular software team is completely isolated from the rest of Microsoft (well to be fair the MS Entourage team was apparently banned from looking at the code that Outlook uses to talk with Exchange servers but I digress).

Several other people have responded to me that they think the team working on OneCare has an advantage because the

Re:

[Mateo_LeFou (859634)]

"The companies at the top are much bigger in this area and their software more widely deployed..."

For now.

Re:

[mysticgoat (582871)]

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Thats the danger with tests like this. Companies like MS see them and instead of thinking "how can we use this data to make our product better?" they are focused on just making it look better for the test.

That's a problem with an aspect of the Microsoft corporate culture, not with the test.

The problem is a vicious meme that destroys the ability to properly think through engineering problems by replacing one of the solid postulates of design theory with a faulty postulate. It can be summarized as "Design For The Showroom (Not For The Work)". Unfortunately, this is an infectious and virulent meme; it is absorbed through the eyes of susceptible readers and passed on through their keyboard fingerings.

Many

Re:

[jorghis (1000092)]

"Because Microsoft is easily 10x bigger than all the other companies combined, and Microsoft creates the OS, so their results could stand to be a little better."

People keep making these two arguments and I just dont thiknk they make sense.

1)"Microsoft is easily 10x bigger than all the other companies combined"

MS may be bigger than all they other companies across all their business groups but it isnt like all that money goes into one product. Do you really believe that they are funding OneCare with

Re:

[jorghis (1000092)]

"You don't agree that being the creators of the source-code would give you at least a slight advantage?"

No, I dont. Say for the sake of argument that your claim that OneCare developers have windows source in front of them is true. Explain to me how it would help.

How about some constructive news?

[by Anonymous Coward]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

A good news story would be about who came in *first* in these tests. You know, information that actually might be useful to people. But that wouldnt get nearly as many page hits, I suspect.

Re:

[ip_freely_2000 (577249)]

Too bad you entered this as AC. I would have given you +1 Insightful.

I guess it's easier for people to take a cheap shot than actually help them improve their systems. Slashdot is so sadly predictable.

Re:

[stewbacca (1033764)]

Considering how much hype Microsoft has created to improve their image as being extraordinarily lame in security, I think the last place finish IS the story. Whoopy doo, a bunch of boring utility programs going head to head, mostly doing the same things equally well....except Microsoft, the multi-billion dollar corporation that controls the OS.

This is just another indictment of the corporate culture of Microsoft...money first, customers somewhere near the bottom. Microsoft includes a bunch of half-asse

Re:

[jorghis (1000092)]

"The sad thing is OneCare is just another "check-the-block" feature, and average Joe won't know how awful it is or even care. They'll see it has security software bundled in and think that's all they need."

I responded to one of your posts above. Maybe the problem you are having is just that you dont understand the situation. OneCare is not bundled with windows as you are claiming in this post.

Frankly, based on your comments I would think that the average Joe's judgement of how "awful" a product is would b

Re:

[JebusIsLord (566856)]

I installed OneCare myself during the beta period, and was impressed with how well it integrated into Windowsm and didn't try to sell me anything else once in there (Are you listening, McAfee??) Resource usage was also much better than Norton.

I'm disappointed that it performed so poorly. However, I'm not running it anymore anyhow, since I switched to Vista 64-bit and OneCare doesn't work on 64-bit platforms :|

Re:

[jorghis (1000092)]

I'm not denying it because I am not a huge fan of OneCare. It will likely get better over time, its a new product. But right now I certainly wouldnt buy it. MS has some good products, I use the ones I like, I use alternatives when I dont, I am not a zealot on either side. But I often come across as an MS fanboy here because I respond when I see arguments against them that I think are flawed, such as yours.

Re:How about some constructive news?

[MSG (12810)]

The only people who give a crap about OneCare coming in "last" are idiots who have nothing better to do than bitch and moan and laugh at Microsoft.

I disagree. Certainly, it is important to note which package came in at the top, as advice on what users should use. However, since OneCare is Microsoft's own service, and may be more accessible and better marketed to PC users, I would argue that it is in fact more important to note how badly it scored so that users know what not to use.

If all of the products being evaluated were equally marketed and accessible, then I would back your argument. However, because I don't believe that to be the situation, I disagree.

No love for open source, ClamAV

[HTMLSpinnr (531389)]

There's no mention of ClamAV's performance in these tests. Granted, it probably isn't designed to be as "complete" as some of the other packages noted, it'd be interesting to see how it fares for those of us who use it on mail gateways and servers.

Besides, it'd have to be better than Microsoft's OneCare!

It actually wasn't "good enough"

[RootWind (993172)]

The software has to detect 85% or more to be considered for the on-demand test. MS OneCare was only included for the first time most likely due to the reputation of the former RAV. OneCare will be dropped from the test if they don't improve to 85%.

Re:No love for open source, ClamAV

[Southpaw018 (793465)]

To back up what RootWind said, here's the official reply (on ClamWin, which is pretty much a Win32 compile + gui for ClamAV):

ClamWin better than Norton? No, you can not look at number of signatures to know who detects more. If you look on how ClamAV performs in independent tests (e.g. AV-Test.de) you see that it score around 49%, while Norton 99% (I would get very similar results). ClamAV is good to use e.g. at mail servers, but I would not suggets to use for other places, as there are better options available.

link [av-comparatives.org]

How about tests on older versions?

[schwit1 (797399)]

I'm curious if older AV versions with current signatures are less capable.

I use McAfee v7.1 because the overhead compared to the newer versions is much lower.

Re:

[Jarnis (266190)]

It depends.

If you just use them to scan executables/emails before opening anything, for that an older one with up to date signatures should do fine.

But the old engines tend to lack defenses against 0wnage of the system via different holes. Major reason why new AV clients are so heavy on the system is because they actively try to stop any 'nasty' stuff from happening to the system - even against unknown threats using heuristics.

Older AV software also does not usually do anything against spyware and other cra

OneCares Results

[by Anonymous Coward]

Here are the tests and the results for one care.

Windows viruses 95,02%
Macro viruses 99,30%
Script viruses/malware 67,55%
Worms 89,21%
Backdoors 82,18%
Trojans 78,71%
other malware 58,38%
OtherOS viruses/malware 55,02%

And a bit more

Detection of over 222000 dialers excellent
Detection of over 130000 PUP's mediocre
Detection of over 230000 DOS viruses very high
Detection of polymorphic viruses 4 of 12

High scores for Norton

[Beryllium Sphere(tm) (193358)]

Norton showed up near the top in several categories. Other large studies have shown the same thing.

The highly consistent feedback from people in the trenches has been along the lines of "I removed the viruses, then to make sure the machine ran OK I removed Norton Antivirus, then I installed Kaspersky and all has been well".

Anyone got a hypothesis to account for the difference?

Re:High scores for Norton

[Aladrin (926209)]

You mean something like: "Kaspersky has a higher % on that chart, AND it doesn't screw up the system?"

Norton, when it goes bad, is a nightmare to remove. And that's your only option, as you can't just fix the installation once it gets that bad. If you've already gone through the pain to remove it, why not just recommend the better solution and be done with it?

Personally, I like AVG, but that chart doesn't say great things about it. I'm disappointed in its performance. I'm seriously considering seeking a better solution.

Re:

[Lord_Sintra (923866)]

Yeah, I have serious trouble getting rid of Norton. It crashed half way through the uninstall, an them became impossible to delete. I had to go into Linux and manually remove it. Kaspersky seems better, but occasionally takes up 98%CPU, for no reason I can see.

Re:

[GIL_Dude (850471)]

I agree that norton can be a pig both while running and to uninstall. But symantec does have a utility on their web site that will rip it out for you if the uninstall is jacked up. It makes it pretty easy if you just try the uninstall and it fails - go straight to their utility and Norton will be gone.

Kaspersky for Free

[bogie (31020)]

Kaspersky has always been rated highly and for those of you that don't know AOL, yes that AOL, has repackaged it for Free. I've personally been using it for a while and can whole heartedly recommend it without any hesitation.

http://www.activevirusshield.com/antivirus/freeav/ index.adp [activevirusshield.com]?

Not suprising

[Monoman (8745)]

Companies that venture beyond their core skill set rarely get things right the first couple of times. Sometimes they never get it right but they don't care because it is all about making more money and/or keeping control.

Companies like MS, Cisco, IBM, et. al. typically don't want to coexist with complementary companies. It just goes against their greedy nature. They usually try to buy them or drive them out of business through competition.

There must be a theory that states this is good for consumers but we

Does not matter if it is not the best!

[codepunk (167897)]

It does not matter in the least if anything they bundle is not the best. They own the platform and can bundle whatever they wish to eliminate the competition.

ermmmm...

[IT 073571 (1069570)]

It does not really matter whether the microsoft came in last because their product is still adequate enough to be used. We should not rely too much on the antivirus anyway. Sure they detect malware and stuff, but by the time that happens it just a little too late in term of security concern. If a user really concerns about security, then the first step to be taken should be getting to know the networks and systems vulnerabilities and how to prevent hackers and malware related from taking advantage of the

Re:

[El_Muerte_TDS (592157)]

If your businessplan relies on the failure of an other party you have no right to complain when said party finally manages to reduce their failures.

Re:

[Bert64 (520050)]

But MS are not fixing the actual problem, they are just selling their own bandaid addon like other companies have been doing for years, only theirs is inferior to the ones already available.
This can only be bad for the consumer... MS now have a conflict of interest between improving the security of windows, or leaving it poor to encourage sales of onecare... Their product will also end up widely used despite the lack of quality, it will sell just like every other MS product simply because it gets pushed alo

Re:

[RLaager (200280)]

I think it's the first point where you're off... Microsoft gets slammed for having a buggy OS and insecurity software that make virus propegation easy. Adding anti-virus software has never been a good solution... it's just a band-aid.