Microsoft's Vista AV Fails Certification

An anonymous reader writes "Microsoft's much-hyped anti-virus solution, Live OneCare and three other Vista AV products failed to achieve the Virus Bulletin's VB100 certification. The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. All failed to pass a series of tests that are required to display the VB100 badge. 'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."

Re:excuses...

[ThinkFr33ly]

Actually, the details on implementing anti-virus for Vista, and other low level filters, have been available for well over a year. Some documentation has been avilable for more than 2 years.

That's how companies like Kaspersky and AVG came out with fully Vista compliant versions of their software months ago. Software which works extremely well, by the way. (Kaspersky passed this test. It says so right in the article.)

Great Sales Pitch

[Zonnald]

Tried to follow the links to the report to see what the fuss was about. First I was told I had to register for Free. I did that then clicked on the report - only to be told I had to subscribe. Not going to happen.

For obvious reasons I will leave it to the reader to decide if they want to go and have a look, no links will be provided.

Re:Hate to say it

[Creepy Crawler]

---I hate to say it, but Microsoft were right for once in their earlier VISTA policy of locking down the practice of hooking into the kernel.

Locking down along with no source code is simply security by obscurity. There WILL be bugs found, and those bugs will have kernel rights. Do you think that is good? Guess what, I dont.

Vista will only reassure that bug releasers should not publish bugs, but rather sit on them. BTW, how do you clean out a kernel-infected Windows machine?

---It's that feature in XP that allows malware to flourish.

Is there an executable preventer on Linux? Nosiree, there's nothing preventing a user from affecting his own dataspace. What do you think is bad: Trashing the whole system, or trashing your ~ ? A system can be reinstalled, but most people dont back up their data.

Now, why dont Linux malwares work? They do, if the user lets them. It's just that much harder to make a program run from a browser window or from bad servers on various ports. Linux machines are usually more locked down to prevent evil stuff on the outside.

Re:Nothing to do with Vista

[figleaf]

Did you notice that report was created a company which sells its own anti-virus product?

Better Solution

[MikeDataLink]

I think the better solution is to get noobs to be better educated on how to avoid spyware and viruses, etc in the first place.

This website has a great video I think all noobs should be required to watch BEFORE owning a computer.
http://www.my-pc-help.com/video/v10017.htm [my-pc-help.com]

An ounce of prevention is always better than the cure.

This is just one review...

[Aryeh Goretsky]

Hello,

I shared my thoughts on this over here [neowin.net] on Neowin.Net's forums, so I really don't just want to do a cut-and-paste job and post what I wrote in verbatim here.

This is one of the first of a series of comparisons to include Microsoft Windows Live OneCare that Virus Bulletin [virusbtn.com] Magazine has been doing for many years. While I suspect it is more frustrating than embarrassing at this point for the team responsible for Microsoft's Windows Live OneCare, this is really Microsoft's first attempt at providing their own comprehensive anti-malware solution—MSAV [wikipedia.org], the product which shipped with DOS does not count, it was licensed from Central Point Software (who was later acquired by Symantec) who, in turn, had licensed the software from Carmel Software—and it is going to take some time and lots of signature release cycles in order to get their detection rate fine-tuned.

I don't expect this first Virus Bulletin product comparison to be the last, and the question really isn't how Microsoft did this time: It is how their product does over the next year or two that matters. If it gets worse or stays the same, they are just another competitor in the space (albeit the one with the deepest products). If, however, their detection rate improves, it is going to make it just that much more difficult for their competitors to compete against them.

As a disclaimer of sorts, I should mention that happen I work for one of the computer security companies that Microsoft competes against with this products, so this dicussion is far from academic for me. Frankly, though, I'm not expecting Microsoft's entry into this space to have any effect on my employer—we are good at what we do and have a very loyal customer base. Also, we tend to compete against other, similarly-sized companies in the field. What I do worry about, though, is how some of my friends and colleagues at the largest companies are going to handle Microsoft's entrance as they are going to be competing head-to-head against Microsoft for marketshare.


Regards,

Aryeh Goretsky

Strange...

[Critical_]

Has anyone bothered to do some fact/typo checking before posting this stuff?

Microsoft's offering was one of four suites which failed to detect all malware. The others were G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise 8.1i and Norman Virus Control 5.90.

See, I run McAfee VirusScan Enterprise on Desktops and Servers here without problems. The latest version in the 8.0 line is 8.0i patch 15 [mcafeehelp.com]. The Vista-compatible version is 8.5i [mcafeehelp.com] which also works on Windows XP. There is no version 8.1i that I know of. Obviously this doesn't change the message that McAfee didn't earn the seal but I've never had problems with the VirusScan Enterprise line. To be frank, I've never encountered a single infection or uncontrolled virus problem on our network.

Plus, who honestly uses just *one* virus scanner on the perimeter of their Microsoft Server-system based network? I certainly don't. For example, Exchange 2003 server on the perimeter runs software from GFI which has three separate virus scanning engines. This coupled with application executable hash-based protection offered in BlackICE takes care of the rest of the problems at the desktop/server level. It's the price we pay for using MS software.

Re:*What* VirusControl?

[DeeZee]

Norman was founded in 1984, well before Peter Norton made an antivirus utility.

Thanks for playing, though!

Re:Umm..

[Anonymous Coward]

Virus Bulletin is a major newsletter in the anti-virus/malware/spyware/etc industry. They publish disections of new "threats", various studies, and reviews of the latest products. It's not really a resource for the general population because subscriptions are expensive and many of the articles are quite technical (source code, executable disassembly, "kernel hacking", etc). It's more of a trade publication where people in the industry can keep track of the latest trends and what new technologies are coming around. You should care about what they think because they are one of the de facto authorities on these kinds of things. It is distributed in PDF form so it is probably floating around somewhere out there. If you can get a copy and read some of the technical articles you'll get a better idea of what they are all about.

Re:A very good excuse...

[BlackRookSix]

Wrong. I was in an AV company for a while, and this is like the Oscars to them. Everything rides on their reputation, and this rating (along with The Pundits Choice Awards: Garner reports) can make or break a small company trying to break into corporate clients. Their sales people now face a HUGE uphill battle that they may never surmount, even if they make the VB100 next test phase.

Re:A very good excuse...

[Apathist]

You're spot on with how important it is to their reputation, but the fact is that the VB100 award had become something of a rubber stamp, due to the way it was being tested (ie. all the AV vendors knew in advance exactly what they were being tested against).

What is important about this particular round of VB100 tests is that this was the first round of tests after they changed the way the test was done (to make it more representative of what AV protection needs to actually be out in the wild, and hence more difficult to just coast through). This new testing methodology came unannounced, and caught everyone by surprise... which is why other major vendors missed it, including McAfee.

Re:microsoft

[value_added]

Well, how many people run AV on their linux/BSD boxes?

Huh?

For starters, lots of people. [clamav.net]

How else to protect Windows systems?

Re:I wonder how a Free anti-virus program would do

[aztracker1]

There is no resident/active file scanning with ClamAV, at least not from the clamav/clamwin developers afaik.

...and here's the rest of the story!

[purpleraison]

I felt that this article was more geared towards highlighting which products were effective, as opposed to providing anything of substance about Microsoft's flagship antivirus product; thus the title is a bit misleading. For those who don't feel like navigating to the site, and registering so they may view the list, here it is: Alwil avast! Professional Edition 4.7- pass CA Anti-Virus 8.2.013 - pass CA eTrust Integrated Threat Management Suite r.8.1 - pass CAT Quick Heal AntiVirus Plus 2007 version 9.00 - pass ESET NOD32 antivirus system 2.7 - pass Fortinet FortiClient 3.0.379 - pass F-Secure Anti-Virus for Vista 2007 - pass Grisoft AVG 7.5.433 - pass Kaspersky Anti-Virus 6.0.2.546 - pass Sophos Anti-Virus 6.5.1 - pass Symantec AntiVirus 10.2.0.276 - pass Microsoft Windows Live OneCare 1.5 - FAIL McAfee VirusScan Enterprise version 8.1i - FAIL G DATA AntiVirusKit 2007 v. 17.0.6353 - FAIL Norman Virus Control v.5.90 - FAIL As you can see, there is much more to this article than meets the eye. Also interesting to note, is that Grisoft has one product that passes, and another that fails. Something that ties in closely with the fact that these tests are done monthly and are not intended to bash companies (which is respectable), but rather point out which are effective in detecting viruses. On a personal note: I found AVG to be a very effective antivirus program on Vista systems I have had to deploy -- and for personal use it is free :)

Re:Best AntiVirus Still....

[meridian]

F-Secure is in there because it uses the Kaspersky engine and another one as well for twice the resources.
F-Secure - highest detection rate, 4x the resources of nod32
Kaspersky - highest detection rate bar F-Secure, less chance of false positives but, 2x resources of nod32
nod32 - Pretty damn good and fast

Most vendors seem to sit somewhere between Kaspersky and F-Secure for resources from many reviews I spent time reading about 12 months ago, and below nod32 for scanning ability from what I have read. Haven't seen any Vista based reviews but I am sure it hasn't changed too much.

And of the three only F-Secure supports NAC. I have used the F-Secure demo and I wouldn't buy it myself. If I needed enterprise with NAC support I'd look at either Panda, Trend or Sophos (McAfee if the others weren't decent for enterprise solutions) (sorry shameless Cisco plug :)

For home I would use nod32 if I had a Windows box of my own

Mum uses AVG cause ITS FREE :) I did delete her windows once and put debian on but she reinstalled windows herself heh

Re:I wonder how a Free anti-virus program would do

[xiong.chiamiov]

There is winpooch, which can be hooked up with clamwin to provide real-time av protection.