AV-Test Deems Windows Security Essentials "Very Good" 318
CWmike writes "Microsoft's new free security software, Windows Security Essentials, passed a preliminary antivirus exam with flying colors, said independent and trusted firm AV-Test, which tested Essentials, launched yesterday in beta, on Windows XP, Vista and Windows 7. It put it up against nearly 3,200 common viruses, bot Trojans and worms, said Andreas Marx, one of the firm's managers. The malware was culled from the most recent WildList, a list of threats actually actively attacking computers. 'All files were properly detected and treated by the product,' Marx said in an e-mail. 'That's good, as several other [antivirus] scanners are still not able to detect and kill all of these critters yet.' It also tested well on false positives."
Malware? (Score:5, Insightful)
Probably Pretty Good (Score:5, Insightful)
With all that talent, resources, and internal knowledge they should have a slam dunk. Unfortunately I have a lot of distrust built up from over the years about what MS sticks under the hood. It will take many years of good reviews and endorsements before I feed comfortable that the MS AV does not give any special passes to iffy software from a MS partner, or that the MS firewall will correctly block things from going out when configured to if the originator is an MS component.
MS still has superb programmers (Score:5, Insightful)
It's always been this way. Microsoft rests on their laurels until an upstart company starts making money at their expense. Between Mac, Linux, and the insane proliferation of general crapware, MS has a real image problem on their hands. Luckily for Microsoft, the best and the brightest can be wooed by the kind of money they're able to throw around. When they throw their top programmers at a job, the results are stunning, just witness the turnaround from early Vista to the current beta of Windows 7.
Sadly, the end result will be bad for consumers. Other security companies will be badly hurt by the release of this freebie, and MS will go back to sleep, leaving the security marketplace to stagnate like the pre-Firefox browser market stagnated.
Iffy software (Score:1, Insightful)
Unfortunately I have a lot of distrust built up from over the years about what MS sticks under the hood. It will take many years of good reviews and endorsements before I feed comfortable that the MS AV does not give any special passes to iffy software from a MS partner, or that the MS firewall will correctly block things from going out when configured to if the originator is an MS component.
directed self-interest (Score:3, Insightful)
A computer consultant advocating Windows is like a doctor prescribing cigarettes. It creates a lot of extra work.
Re:The question is (Score:3, Insightful)
Because people will download and install anything? Even OSX was hit recently with people pirating the iwork suite.
Re:Anti-trust? (Score:3, Insightful)
Be that as it may, his statement of comparing the relative usability of windows during time periods before and after MS made a windows component change is no less valid. Additionally, his statement supposes that similar integration (assuming it is done properly) will likewise make windows usability improve.
So, AC, your very obvious implication that he is astroturfing despite relating nothing but easily confirmed facts is a waste of everyone's time involved. If you want to take a swing at MS' credibility, by all means do so. There are plenty of avenues you could approach and would get no argument from me. GP's simple comment, however, is not one of them.
Incidentally, did you ever [i]try[/i] dealing with windows during the era of 3rd party tcp/ip stacks? It was unpleasant, to say the least.
I would add another example of integration that I think has improved the windows experience: the Vista (and Win7) search tool compared to XP's and earlier. Not as drastic as the implementation of the tcp/ip stack, I'll admit, but nonetheless quite the improvement. An indexing service that works and does so without a fuss and a simple WinKey followed by typing what I want has dramatically increased the speed with which I access what I want in many cases.
Integration is not all bad, you see. Provided it's done right. I expect the AV vendors who have built their subscription model on equally useless bloatware will not be happy about this. Good riddance, I say. As to you, MS, please don't screw this up.
Re:It makes sense (Score:3, Insightful)
Ok, I have to quibble with the ASP.NET comment. Bash Microsoft all you want but get your facts straight.
ASP.NET is not primarily an HTML/Javascript wrapper. Its purpose is much more ambitious than that. I would argue that the greatest strength of ASP.NET is providing an easy method for a web developer to utilize the .NET framework. Yes, its complex but so are the enterprise-class applications I build with it. Some of us build things more complicated than a blog publishing platform. And thus we need more robust tools.
As to your argument that it was a man-hour intensive project: so what? Microsoft, for all of their chair-throwing, Internet Explorer-inflicting ways, does know how to create top-tier dev tools. And that does tend to take time and a lot of qualified people.
Re:Anti-trust? (Score:4, Insightful)
TCP/IP should be in the OS - it is a resource management issue and is a hardware issue. If only a handful of apps used it, maybe third-party would be acceptable. But you don't want a third-party stack crashing the OS, so write it yourself and include it.
On the other hand, Anti-virus products shouldn't even be needed. MS should be able to write software with fewer holes in it. They have piles of static analysis tools, piles of research, and piles of other stuff. They just don't want to take the time and fix things (including testing), so they put wrappers like UAC around things instead of fixing it.
I've seen lots of bug reports ignored by MS just because it doesn't look like it's exploitable, only to have some crafty fool figure out how to exploit it. I can cause a stack overflow in Oracle 10.x drivers by sending a VALID openquery through a linked server. Runtime catches the error, but then it causes a crash in the error reporting because the stack is trashed. Currently it's a null refrence, but how hard would it be to turn a stack overflow into a server root hack? Not all that hard. But they won't fix it because the problem is in a third party module, and if that one is fixed the MS error disappears. I'm just saying these vulnerabilities are all over the place, especially since they have so much third-party code.
One person or company making the problem, and the solution to the problem, does not look good. Especially since MS only publically fixes holes they publically admit to. There might be piles of security problems no one else knows about, but MS AV might know to watch for suspicious behaviour that only MS knows about.
Giant virus outbreak because it's too expensive to patch a particular problem, or can't get it out fast enough, and only Windows SE customers are protected so everyone ditches Symantec and other AV and goes to Windows. It's not that far-fetched, and they might even do it that way by accident. When it's possible to have that kind of advantage and wipe out your competition in a single event like that, especially if it's unintentional, that's a problem.
Just saying, the mafia used to take protection money, but you were being protected from the mafia. Problem and solution should be from different sources. Therefore your analogy is invalid, same as if my hair were a bird.
Re:Anti-trust? (Score:5, Insightful)
I imagine it will be a vary hard case to make since really all they are trying to do is fix their broken OS.
How is releasing anti-virus software fixing their "broken OS?" Are you implying that a non-broken OS is completely immune to viruses and malware or are you just spewing typical anti-Microsoft vitriol?
Oh ok... Thought so.
Re:Maybe, but... (Score:2, Insightful)
It seems wrong for an OS vendor/maker to do this (Score:5, Insightful)
Microsoft should not be making antivirus software. It should be fixing its vulnerabilities.
The OS has many fundamental problems, some of which cannot be resolved without redesigning the core internals which would render all older software incompatible any newer version of the OS. This sort of problem was identified long ago, but it was decided that the cost of change would be too great, the burden on third party software vendors too heavy and ultimately, it would be too slow to adopt and migrate for all users. And the longer they wait for this eventuality, the more expensive and prohibitive it becomes to make such important changes.
If this sounds like the U.S. moving from Imperial measurements to the globally accepted Metric system, you wouldn't be alone in this observation.
Microsoft still cannot fix the "stupid user" problem but there are many things they could fix if they had the balls to do it. And they could take a page out of Deep Freeze's playbook and create a system where the user must first unlock the system before they can install anything. But perhaps the similarity to the adoption of the metric system doesn't stop here. Perhaps there will come a point at which everyone will move on to another system leaving the "imperial" one behind... well I can dream can't I?
Re:MS still has superb programmers (Score:5, Insightful)
There are many AV suites already released for free - Avira, AVG, Comodo, etc. Avira is much more popular than paid AV suites around here.
Re:Maybe, but... (Score:5, Insightful)
Too bad apache proves you wrong.
This is an old, tired and false argument. If any OS had the holes windows does it would get exploited like mad.
Only protection against files? (Score:3, Insightful)
'All files were properly detected and treated by the product,'
Aren't there other attacks besides file-based ?? This sounds rather silly!
Stephan
Re:Maybe, but... (Score:2, Insightful)
Re:Malware? (Score:5, Insightful)
Re:The question is (Score:1, Insightful)
In other words, MS is protecting users from their own ignorance and/or stupidity.
Re:directed self-interest (Score:5, Insightful)
Any computer consultant worth his salt won't get drawn into silly squabbles over OS/platform/software/language/etc., and will recommend the *best* solution for the client. Don't ever let bigotry blind you...
I describe myself as a dyed-in-the-wool Unix proponent (24 years now), but I run Windows on my desktop machines, and have recommended Windows on many occasions, including some large-scale Fortune 20 deployments, where it made more sense. (For servers, I avoid Windows unless the app environment really needs it or runs markedly better there, but there are still a good number of those situations. Given my druthers, I design new systems around open source technologies, mostly because of the lifecycle cost savings. Auditing all those licenses is a non-trivial cost and PITA, not to mention acquiring them in the first place - and avoiding licensed software makes leveraging cloud computing *much* easier...)
Windows certainly has its faults, and I'm a big critic, but it also has its place, and for a good number of things (even some server-based things), Windows is the best choice - sometimes by a good margin.
Re:Anti-trust? (Score:3, Insightful)
On the other hand, Anti-virus products shouldn't even be needed. MS should be able to write software with fewer holes in it. They have piles of static analysis tools, piles of research, and piles of other stuff. They just don't want to take the time and fix things (including testing), so they put wrappers like UAC around things instead of fixing it.
Microsoft software is already more secure than most vendors. Recent major viruses have either:
1) Spread via social engineering. (The kind of thing UAC is supposed to help with, contrary to what you seem to think it's for.)
2) Spread via non-Microsoft software. For example, I got a lovely copy of the Vundo virus courtesy of Sun's Java VM. Sun and Adobe software have been major spreaders recently.
What would you suggest Microsoft do about either of those issues that they aren't already doing? Make it impossible to run Sun or Adobe software? Yeah, right.
Re:Anti-trust? (Score:5, Insightful)
really all they are trying to do is fix their broken OS.
It isn't one OS.
Every OS is "broken" in the sense that there are always avenues of attack.
It can't be otherwise so long as mere humans have the final say on which programs can be installed and which programs can be run.
To call something "Malware" is fundamentally a value judgment.
I think the geek would be the first to howl if he could only install the apps approved and certified-safe by Redmond, Cupertino, or his favorite Linux distro.
Re:Sounds positive (Score:3, Insightful)
I tried to open that file but it didn't work. My norton is working to protect me from malicious files very well thankyou.
If norton was doing its job, it would not allow you to open norton since it is also malicious.
Re:Maybe, but... (Score:4, Insightful)
"Oh wow 1 flaw, BFD."
Well, you have to add them all up you see..
system performance? (Score:3, Insightful)
Has anyone tried this out yet to see what the performance hit is?
Re:I wonder how Symantec, Norton, et will react (Score:3, Insightful)
Re:Yes they can (Score:1, Insightful)
Yes, Microsoft CAN convince people they can put out a quality product. If fact, they have convinced many, many people. Anyone running Windows7 beta or RC1 is convinced they can do it if they want to. I work in the Linux environment all day, but when I sit down in front of my personal machine, I don't want to "make it work" I want to have it work. Windows 7 does.
Re:I wonder how Symantec, Norton, et will react (Score:3, Insightful)
Microsoft has raised the bar. To continue to have people buy their product, their competitors will need to further differentiate themselves from Microsoft's now free offering.
That means doing it better, providing features the customers want (that MS doesn't deliver), innovating.
e.g. Enhancements and capabilities that are beyond Microsoft's expertise, or that MS isn't interested in delivering.
Probably mostly for enterprises, security management capabilities. There are elements of security to manage on your network OTHER than scanning and trying to block known infections.
And 'group policy' is not perfect, or necessarily ideal, for endpoint security management. The security vendors might be able to come up with more powerful solutions.
What about unknown threats? What about security patches in OS and third-party product....
Where's the popup from system security software warning the user that there's a known exploit for a bug in their current version of program Xyzabcd PDF viewer, being actively exploited??
Why rely on being able to detect a virus in a new untrustworthy .EXE a user downloaded, why not also sandbox all untrusted .EXEs, unless the user is authorized to install software, and manually taking a 'privilege elevation' action ?
Nornot/Symantec aren't the be-all, end-all of system security. There are also antimalware/security apps like Spybot S'n D, Adaware, Malwarebytes, and commercial ones.. eEye Blink, PrevX, SUPERAntiSpyware.com, Avira.
Which aren't $100-year subscriptions and provide their own advantages.
The higher the market share of the MS AV product, the less you should trust it (malware will specifically aim to be undetectable, or to evade the detection of and disable that specific product).
It's a lot easier for badware authors to 'evade' an antimalware product, if there's only one they really need to worry about.
Re:Microsoft Hate (Score:4, Insightful)
As opposed to a "real" office suite being defined as one that is compatible with Microsoft Office?
Re:Anti-trust? (Score:3, Insightful)
I suggest looking after more than a single Microsoft based system preferably with several in the hands of inexperienced computer users and you will begin to see why so many here are critical of things like the lax attitude of Microsoft to security. It helps if you have other half-decent systems to compare it to.
Re:Maybe, but... (Score:5, Insightful)
It has had much more patches over the year and I'm not conviced that an actively developped open source project like this is more vulnerable because more holes are found. That might be a sign that it's easier to locate in apache than IIS but does not mean they are non existent and unknown to the wrong people in IIS.
To sum it up: you don't care about any numbers I might show you, you just firmly believe that Apache is more secure, simply because it's OSS.
So, is there any point to discuss it further, then?
Re:I wonder how Symantec, Norton, et will react (Score:1, Insightful)
This isn't plugging security holes. Its producing a product which will be direct competition to other products that have been around for ages. If they then choose to bundle the MS one with windows, that will basically undercut all other products out of the market. I'm pretty sure thats illegal by most antitrust laws but they'll weave their way out of it somehow.
The issue is not about how secure everything is. You're looking at it from the point of view of whats best for the people and the common good. But using their existing monopoly to promote their own product is not fair to all other players in the industry. It is then no longer a level playing field.
People argue that they should be able to do whatever they want with their own product. But they overlook the fact that MS is a monopoly and that comes with responsibility. There are extra laws specifically for monopolies and they are there for a reason. If MS make the best product then they will not need to bundle it with windows for it to succeed. In a fair marketplace, it should just exist alongside all other existing products. Whether the best option is to bundle multiple trial versions with windows so that the pc is protected right away - I dont know, but that would make the most sense to me.
Re:Anti-trust? (Score:1, Insightful)
You're an idiot. Can you read what you wrote? They stole BSD code? Wow! I know microsoft can do some pretty amazingly ridiculous things but you're saying they took BSD code and put it in their product, which is perfectly acceptable according to the BSD license, and saying it is stealing? I'm not Microsoft fan but really stop drinking the koolaid. Making statements like that will only make you look more ridiculous and less respected amongst your level headed tech peers.
Re:Anti-trust? (Score:1, Insightful)
on modern desktop distributions (BSDs as well) there is gksudo and ksudo. It's true that certain applications need to have graphical sudo do need to be configured beforehand (i.e a shortcut for gksudo wireshark) but desktop environments are pretty integrated enough and many applications are designed to ask the user to raise their privilege level when doing something system wide. I believe that's actually a better way of doing things and personally typing in your password to do something seems to be more involved for the user than clicking yes and may help them think twice before running purplemonkey.exe.
Re:Sounds positive (Score:3, Insightful)
This beta is available only to customers in the United States, Israel (English only), People's Republic of China (Simplified Chinese only) and Brazil (Brazilian Portuguese only).
Isn't that list of countries the ones bot-spamming the most crap out of their PCs?
Perhaps its more targetted than conspiracy?
Re:I wonder how Symantec, Norton, et will react (Score:3, Insightful)