Microsoft's Vista AV Fails Certification 161
An anonymous reader writes "Microsoft's much-hyped anti-virus solution, Live OneCare and three other Vista AV products failed to achieve the Virus Bulletin's VB100 certification. The other products are McAfee's VirusScan Enterprise, G DATA's AntiVirusKit 2007, and Norman's VirusControl. All failed to pass a series of tests that are required to display the VB100 badge. 'With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now,' said John Hawes, technical consultant at Virus Bulletin."
excuses... (Score:5, Interesting)
That would be a good excuse for most security vendors...
Re: (Score:2)
Re:excuses... (Score:5, Informative)
That's how companies like Kaspersky and AVG came out with fully Vista compliant versions of their software months ago. Software which works extremely well, by the way. (Kaspersky passed this test. It says so right in the article.)
Re: (Score:2)
Hello Symantec... (Score:1, Flamebait)
Re: (Score:1)
That's exactly what I'm afraid of.
Symantec is a pile of shit, frankly. I was actually hoping that Microsoft's AV would at least force Symantec and McAffee to get their shit together and make an antivirus that doesn't suck.
AV that's as much as a system hog as the notorious Norton is a pain in the ass, especially on Windows Vista. :|
Re:Hello Symantec... (Score:5, Insightful)
I'm not sure such a thing is even possible anymore. The usefulness of AV software has always been pretty questionable, and they never seem to have gotten over the threat model of months or years-old viruses being passed from floppy to floppy. Most threats are one-off now, like social engineering spam, one-day long trojan horse attacks, adware, and exploiting OS vulnerabilities to run spam zombies. As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
Re:Hello Symantec... (Score:4, Insightful)
As far as I can tell, my resource-hogging, system-destabilizing virus scanner does effectively nothing against any of those and there's no reason to believe it can be changed to do so.
ABSOLUTELY. I gave up on AV programs some time ago. A good firewall, firewall-like execution protection such as Process Guard, not using the most popular email programs or web browsers, and severely restricting web-based application execution (i.e., boycott ActiveX and hamstring Java and Javascript) are far more effective techniques for tripping up a virus as such attacks will almost always try to 1) exploit networking applications most common to the OS, 2) try to run some kind of executable that you haven't run before, and/or 3) attempt some kind of network operation in order to propagate itself. Trying to recognize virus signatures is a lousy use of CPU resources, and has not been seen to be very effective.
AV software companies are addicted to the subscription model that signature-based AV provides, and consequently are in a serious conflict-of-interest with regards to best security practices. Symantec in particular seems to be short of ideas for an alternative business model, and have opted instead to whine like a six-year-old who's mommy won't let them buy candy at the checkstand.
bad logic (Score:1, Flamebait)
Re: (Score:2, Interesting)
In an unrelated topic: I don't think the statement is baseless. IIRC, Gates responds to "OSX had it first" with "yeah, but we got delayed in order to secure the product first" (paraphrased, of course). Shouldn't we then expect a higher level of security then?
I wonder how a Free anti-virus program would do (Score:4, Interesting)
Maybe the ClamAV [clamav.net] people ought to submit their program for testing.
Re:I wonder how a Free anti-virus program would do (Score:4, Informative)
Re: (Score:2, Informative)
A very good excuse... (Score:5, Interesting)
Exactly right (Score:3, Insightful)
In that market, anti-virus sales are all about glossy packaging on shelves and fancy flash advertisments.
If their AV fails and windows gets a virus, its Windows problem, not the AV problem.
Microsoft are in a loose/loose market, but they stand to make money off joe-sixpack so they don't care.
Re: (Score:2)
I would add a lot of fear-mongering to the mix. Sowing panic is a powerful marketing tool.
Re:A very good excuse... (Score:4, Funny)
Re: (Score:2)
But maybe your low /. ID gives you a distorted perspective on this sort of thing. ;)
What! Not a sex toy? (Score:2)
Re: (Score:3, Informative)
Re: (Score:2, Informative)
What is important about this particular round of VB100 tests is that this was the first round of tests after they changed the way the test was done (to make it more representative of what AV protection needs to actually be out in the wild, and hence mo
Re: (Score:3, Insightful)
I think it is a bit disingenuous to say that the reason some of the tested programs failed to receive a VB100 award had anything to do with changes to the test procedures used by Virus Bulletin Magazine. The tests consist of ItW (In The Wild), macro, polymorphic, file infector virus "zoos," with ItW and macro tests being repeated for both scheduled on-demand scanning and on-access (file I/O wedge) scanning, plus a set of clean files which are used to test for false positives. You can vie
Re: (Score:2)
Nothing to do with Vista (Score:5, Interesting)
If you read the entire article, you'll notice a little blurb at the end that several vendors passed the test, one of which was Kaspersky [kaspersky.com]. Another excellent vendor for Vista is AVG [grisoft.com].
Kaspersky consistantly beats [cybernetnews.com] all the other major anti-virus vendors, but I guess the story wouldn't be quite as Slashdot-worthy if it ready "Kaspersky Anti-Virus on Vista Works Great!".
Re: (Score:3)
Neowin has more details on the report.
Apprently only 0.01% of the viruses were not detected by these "failed" product.
Re: (Score:3, Insightful)
Re:Nothing to do with Vista (Score:5, Informative)
Re:Nothing to do with Vista (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Hate to say it (Score:1)
Re: (Score:3, Informative)
Locking down along with no source code is simply security by obscurity. There WILL be bugs found, and those bugs will have kernel rights. Do you think that is good? Guess what, I dont.
Vista will only reassure that bug releasers should not publish bugs, but rather sit on them. BTW, how do you clean out a kernel-infected Windows machine?
---It's that feature in XP that al
Re: (Score:1)
Re: (Score:1)
That means we have even less access to their system. This applies to tinkerers AND system trashers.
I wonder what "premium content" spyware could do?
Re:Hate to say it (Score:5, Insightful)
If we talking about trashing the system instead of trashing ~, you would be right in the case of a single user system.
However, we are talking about trashing everything, against trashing just ~. Obviously just ~ is better.
In the case of a multi-user system, trashing one users ~ is much better than trashing everything. Most home PCs are multi users. Office PCs are invariably single user, but they should get backed up.
It is much easier to back up a single user's directory than an entire system.
Finally, limited access to the system makes it harder for viruses to propagate. How is it going to run again after a log out? Most people do not regularly run executables from their own directories: the executables they do run will not be infected. Certainly something like bash_profile or an autostart directory, but cleaning these up should be trivial. Am I missing anything here?
Re: (Score:2)
If all my data were in ~, then I would consider trashing it to be just as bad as trashing everything
What about the time you spend cleaning up or reinstalling? I take a backup every few days so all I would have to copy everything back.
Outside of server space, when was the last time you saw a multi-user system with separate logins?
I am sitting at one.
The reason more people do not do it is because Windows has only recently become usable that way - so the average user does not know it is possible. Some
Re: (Score:2)
The wrapper script around the GUI menu definitions is probably the most dangerous. Maybe we need a way of locking them down?
The crontab and at queues approach might also work, depending on how common it is for ordinary users to be allowed to use cron (I see no reason why they should be default). AFAIK the default varies with distro.
As for PATH, my PATH does not contain any user writable directories.
Now that I think of it another approach might be to use the sessi
Re: (Score:2)
Locking down along with no source code is simply security by obscurity.
Untrue. It reduces the surface area for attack by reducing the amount of code typically running at privileged levels.
There WILL be bugs found, and those bugs will have kernel rights. Do you think that is good? Guess what, I dont.
Bugs and bad practices are two wholly separate issues.
Re: (Score:2)
Yes there is, it's called "grsecurity". There's a kernel patch, quite widely integrated in some distributions (gentoo hardened-sources package say). One of the options is disabling execution completely from non-root-owned directories. So it basical
Re: (Score:2)
Re: (Score:2)
grsecurity allows defining a group that can bypass this requirement (say, the normal user account for the admin) or the reverse (making only the users belonging to the group be limited). It's also a lot more fine-grained. For instance, making
Re: (Score:1)
I've only tried it once, and did a pretty bad job. Windows ACL's are only moderately better.
OH NO, NO VB100??!? (Score:5, Funny)
Re: (Score:1, Funny)
Re: (Score:2)
Great Sales Pitch (Score:3, Informative)
For obvious reasons I will leave it to the reader to decide if they want to go and have a look, no links will be provided.
Mark the article tile as FUD and sensationalism. (Score:1, Interesting)
Live OneCare, Mcafee are not specific Vista -- You can install them on XP too.
And 99.99% detection rate is nothing to be sneered at.
Remind me.... (Score:1, Troll)
Re:Remind me.... (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Interesting)
*What* VirusControl? (Score:5, Insightful)
Now, if you're excuse me, I need to get back to setting up my Linkskey router...
Re:*What* VirusControl? (Score:5, Informative)
Thanks for playing, though!
NORMAN... (Score:2)
Wait a minute (Score:1)
What Bill Thought (Score:2)
Bill: You mean make all our security programmers wear straight-jackets and prescribed large doses of anti-psychotic drugs.
Steve: I guess so.
Bill: OK, get right on it.
No excuse, like no excuse... (Score:5, Funny)
Security vendors. They're all alike. They say they come to help...to save us from all things dark, but in their black hearts, they all want the same thing. They all want to RULE the earth!
Better Solution (Score:2, Informative)
This website has a great video I think all noobs should be required to watch BEFORE owning a computer.
http://www.my-pc-help.com/video/v10017.htm [my-pc-help.com]
An ounce of prevention is always better than the cure.
Actually, cure is now worth more (Score:3, Funny)
Re: (Score:1)
Yeah, but Windows was so un-secured and so prone to attack that even semi-competent users can wreck there systems. I doubt that Microsoft consists of such utter dullards that Vista will be *easier* to crack than XP, but even if it's a good deal harder, it will still be broken enough for spyware to get out and for botnets to persist.
Also, there's the occasional "aww fuck, did I
Re: (Score:1)
Education Won't Work (Score:2)
This is just one review... (Score:5, Informative)
I shared my thoughts on this over here [neowin.net] on Neowin.Net's forums, so I really don't just want to do a cut-and-paste job and post what I wrote in verbatim here.
This is one of the first of a series of comparisons to include Microsoft Windows Live OneCare that Virus Bulletin [virusbtn.com] Magazine has been doing for many years. While I suspect it is more frustrating than embarrassing at this point for the team responsible for Microsoft's Windows Live OneCare, this is really Microsoft's first attempt at providing their own comprehensive anti-malware solution—MSAV [wikipedia.org], the product which shipped with DOS does not count, it was licensed from Central Point Software (who was later acquired by Symantec) who, in turn, had licensed the software from Carmel Software—and it is going to take some time and lots of signature release cycles in order to get their detection rate fine-tuned.
I don't expect this first Virus Bulletin product comparison to be the last, and the question really isn't how Microsoft did this time: It is how their product does over the next year or two that matters. If it gets worse or stays the same, they are just another competitor in the space (albeit the one with the deepest products). If, however, their detection rate improves, it is going to make it just that much more difficult for their competitors to compete against them.
As a disclaimer of sorts, I should mention that happen I work for one of the computer security companies that Microsoft competes against with this products, so this dicussion is far from academic for me. Frankly, though, I'm not expecting Microsoft's entry into this space to have any effect on my employer—we are good at what we do and have a very loyal customer base. Also, we tend to compete against other, similarly-sized companies in the field. What I do worry about, though, is how some of my friends and colleagues at the largest companies are going to handle Microsoft's entrance as they are going to be competing head-to-head against Microsoft for marketshare.
Regards,
Aryeh Goretsky
living on borrowed time? (Score:2)
did also....poof gone
Foxpro had a loyal following and great engineers....poof gone
DR Dos had a loyal following and great engineers....poof gone
Word Perfect had a loyal following and great engineers...poof gone
You probably have a loyal following and great engineers....yea you guessed it, poof gone
Big whoop.. (Score:1)
Strange... (Score:5, Informative)
Microsoft's offering was one of four suites which failed to detect all malware. The others were G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise 8.1i and Norman Virus Control 5.90.
See, I run McAfee VirusScan Enterprise on Desktops and Servers here without problems. The latest version in the 8.0 line is 8.0i patch 15 [mcafeehelp.com]. The Vista-compatible version is 8.5i [mcafeehelp.com] which also works on Windows XP. There is no version 8.1i that I know of. Obviously this doesn't change the message that McAfee didn't earn the seal but I've never had problems with the VirusScan Enterprise line. To be frank, I've never encountered a single infection or uncontrolled virus problem on our network.
Plus, who honestly uses just *one* virus scanner on the perimeter of their Microsoft Server-system based network? I certainly don't. For example, Exchange 2003 server on the perimeter runs software from GFI which has three separate virus scanning engines. This coupled with application executable hash-based protection offered in BlackICE takes care of the rest of the problems at the desktop/server level. It's the price we pay for using MS software.
Re: (Score:2, Interesting)
Re: (Score:2)
I just checked the review (have Virus Bulletin subscription at work) and it is indeed McAfee VirusScan Enterprise 8.5i that was reviewed.
Regards,
Aryeh Goretsky
Sensationalism at its finest (Score:1, Insightful)
Re: (Score:2, Insightful)
If we extrapolate the data does this mean that of the known 100,000+ pieces of malware targeting windows we're only in danger of 9,000+ pieces.
If so what a relief;-)
Math (Score:2)
Re: (Score:2)
So you're okay with having all of your Vista machines get fucked up 0.01% of the time?
That's a legitimate question, by the way. There are good reasons to answer 'yes' to it, but we need to be clear that relying on that service implies an acceptance of risk that is greater than that of some of its competitors.
Re: (Score:2)
Ack! Car analogy! Run away! 8^)
Okay, seriously. The comparison is invalid. Virus infection represents total compromise of a running system, and it's not just my car - it's every car that my company operates, all at once. And in answer to your question: No, I do not think that total failure of a last line of defense once every ten thousand unique attempts is an acceptable risk. Not when I have other options available that o
Re: (Score:2)
Precisely. That's also why not many private houses have lightning rods, but most commercial buildings do. 8^)
Re: (Score:3, Funny)
Vista is irrelevant to this "award" (Score:1)
Terrible Tagging (Score:3, Insightful)
Best AntiVirus Still.... (Score:1)
Re: (Score:2)
And fantastic support. The initial release for Vista kept crashing my computer on login, then on boot. Not even safe mode worked.
ESET took around a week and a half, but tracked down the problem, and released a new version that fixed it. And I'm not a corp customer with hundreds of licenses, that's damn good service in my book.
Re: (Score:2)
Re: (Score:3, Informative)
F-Secure - highest detection rate, 4x the resources of nod32
Kaspersky - highest detection rate bar F-Secure, less chance of false positives but, 2x resources of nod32
nod32 - Pretty damn good and fast
Most vendors seem to sit somewhere between Kaspersky and F-Secure for resources from many reviews I spent time reading about 12 months ago, and below nod32 for scanning ability from what I have read. Haven't
Re: (Score:2)
New tag (Score:2, Funny)
F-Secure (Score:2)
I don't know how many times I had to do virus cleanup on an F-secure PC because it couldn't delete the file, or it would happily let the virus run in the background, or not detect it at all. and that if it's running, since it wouldn't run in safe mode and half the time get corrupted by the virus.
AVG (Score:2, Interesting)
Did I mention they have a free version? For 9x/XP/Vista AND Linux?
Yeah.
M$ not the only one with crappy virus protection (Score:2)
Re: (Score:2)
Re:microsoft (Score:5, Funny)
Re:microsoft (Score:4, Insightful)
Now, since Vista is securebydesign, it too no longer needs any anti-viruses!
Re: (Score:3, Informative)
Huh?
For starters, lots of people. [clamav.net]
How else to protect Windows systems?
Re: (Score:2)
Unfortunately my laziness got in the way. The Windows machines as a result are currently filled with crap.
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
It says Norman not Norton.
Re: (Score:2)
Hell, I'll just give it to you: if you RTFA right at the end it says "Anti-virus software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec successfully achieved VB100 certification."
Re: (Score:2)
Re: (Score:2)
Another thing that the needs to be considered is how prevalent are the viruses that sneaked by, chances are the ones that got through the AV software are ones that are pretty rare and haven't been seen too much in the wild yet. So the actual chances of anybod
Re: (Score:2)
A 99.91% success rate isn't exactly horrible.
Hmm, seems pretty bad to me. That means it misses a significant number of know viruses. Why would it miss known viruses? I mean everyone knows about them, surely they tested their solution against all known viruses as well as some new ones just made in the lab, right? I'd accept a 80% failure rate for unknown viruses, they're hard. A .09% failure rate for known viruses though, I have a hard time understanding.