AV-Test Deems Windows Security Essentials "Very Good"

CWmike writes "Microsoft's new free security software, Windows Security Essentials, passed a preliminary antivirus exam with flying colors, said independent and trusted firm AV-Test, which tested Essentials, launched yesterday in beta, on Windows XP, Vista and Windows 7. It put it up against nearly 3,200 common viruses, bot Trojans and worms, said Andreas Marx, one of the firm's managers. The malware was culled from the most recent WildList, a list of threats actually actively attacking computers. 'All files were properly detected and treated by the product,' Marx said in an e-mail. 'That's good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.' It also tested well on false positives."

Re:Malware?

[molafson]

"AV-Test also examined the program's anti-rootkit skills and its ability to scrub a system of malware it finds with a limited number of samples and "found no reasons to complain," Marx said. "[Security Essentials] is able to remove found malware very well, but further tests against larger sets of samples are required before we can come to a final conclusion."

Re:I would hope...

[ichthus]

Yeah, but this is a bit like a car manufacturer providing locks for their doors after the fact.

Re:Beta not available for download

[NervousNerd]

Right here. [jcxp.net]

Re:I wonder how Symantec, Norton, et will react

[zonky]

There would only be grounds for such a claim if they bundled it with windows.

Re:Windows Defender?

[dave562]

If my memory serves correctly, Windows Defender is based around IE and protecting the computer from exploits that come in through the browser. Anti-virus software on the other hand scans the rest of the system. To come up with a theoretical example, if you are running Windows Defender and AV software, when you visit a website with malicious code on it, Windows Defender will recognize the code attempting to execute in the browser and block it. On the other hand, if you are only running AV by itself, the malicious code will execute in the browser, and MAYBE your anti-virus software will catch whatever trojans and other executables the website copies onto the local system (if you're lucky and have up to date definitions that can detect whatever they are trying to drop on the system).

The sad reality of the fact seems to be that in order to secure a typical Windows network in this day and age requires a multi-tiered approach. You need some sort of proxy/web filter software to block known malicious sites outright, and also to do some sort of packet inspection/exploit detection on the open connections. You then need some sort of software to protect the browser itself, like Windows Defender (if you are running IE). As a last line of defense, you need anti-virus software running on the local workstation. Also worth noting if you're hosting email in house and forwarding that email to Windows clients, you need AV on the email server, and some sort of anti-spam box in front of the email server.

Re:Microsoft Hate

[Blakey Rat]

A real shell?
Having to install cygwin is kinda a pain. No powershell does not count.

Way to craft your requirements in such a way that they're impossible to meet. What is a "real" shell? And what features does your "real" shell require that PowerShell doesn't have?

Let me guess, a "real" shell is defined as "a shell that Microsoft is not currently shipping."

Re:Windows Defender?

[ECCN]

Defender is Anti-Spyware only. Security Essentials is Anti-Virus & Anti-Spyware combined, so it effectively replaces Defender outright.

Re:Sounds positive

[Mista2]

But they still think the US and it's friends are the whole world:

From the download site:
Not available in your country or region

You appear to be in a country or region where the Microsoft Security Essentials Beta is unavailable.

This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).

Re:Malware?

[Jurily]

Mod parent up. The "several other [antivirus] scanners" won't detect new ones because they're tested against before release.

From a software engineering point of view, malware is state of the art.

Re:Anti-trust?

[jonbryce]

UAC in theory is just like sudo. There is nothing wrong with the idea of it, just the implementation.

Re:Malware?

[CrashNBrn]

I'd be pretty suprised if they're AV-tool doesn't handle "Malware" - considering Mark Russinovich of sysinternals works for Microsoft now, and was the one to discover Sony's Rootkit and provide the fix for it. Among the many other tools he has provided over the years and still updates regularly.
http://blogs.technet.com/markrussinovich/ [technet.com]

Re:Malware?

[trifish]

> It may help against old viruses spreading, but it is unlikely to help much against new ones.

You refer to heuristic scanning, or pro-active security. This means that the software is able to discover new unknown viruses based on their behavior or properties.

You might be surprised but MS Security Essentials has been found to have the best heuristics (60%) in retroactive tests (outdated definitions, therefore, unknown viruses) with by far the least number of false positives (which is crucial for good heuristics).

They even overtook the former leader, NOD32 (and often even in performance).

Source for heuristics (2009):
http://www.av-comparatives.org/images/stories/test/ondret/avc_report22.pdf [av-comparatives.org]