Forgot your password?
typodupeerror
Microsoft Security IT

Microsoft Security Essentials Loses AV-Test Certificate 185

Posted by samzenpus
from the is-there-extra-credit? dept.
helix2301 writes "Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didn't pass the test to achieve certification. Although that may not sound that impressive, Microsoft's program was the only one which didn't receive AV-Test's certificate. For comparison, the other free antivirus software, including Avast, AVG and Panda Cloud did."
This discussion has been archived. No new comments can be posted.

Microsoft Security Essentials Loses AV-Test Certificate

Comments Filter:
  • by Anonymous Coward on Thursday November 29, 2012 @08:44PM (#42136973)

    NOP

  • by multiben (1916126) on Thursday November 29, 2012 @08:50PM (#42137039)
    Seriously. Most anti-virus software is worse than getting a virus.
    • by Anonymous Coward on Thursday November 29, 2012 @08:55PM (#42137085)

      What is strange is MSE is the only one of those products listed I have ever seen effectively block any malware.

      • by Anonymous Coward on Thursday November 29, 2012 @09:13PM (#42137231)

        Last time I saw a test like this it was from a Symantec paid shill. Don't expect this to be any different.

        Probably Microsoft doesn't pay AV-Test

      • by Voyager529 (1363959) <voyager529@yahMENCKENoo.com minus author> on Thursday November 29, 2012 @11:44PM (#42138435)

        I know, it's anonymous coward and all...but I had an interesting issue along this vein...

        Two weeks ago, a client called us saying she got some FBI scareware that also tapped into her webcam. I went to investigate. No FBI scareware when I tried it, but I did see security essentials find stuff, and take some time to remove each item...during which it invariably found more.

        So, I tried the usual tools - Fixboot/Fixmbr, Combofix, TDSSKiller, ADWMBR, Malwarebytes, and my trusty ESET NOD32 recovery disc. None of that seemed to stop it. So I tried a repair XP install. I learned that the 'repair' install doesn't do nearly as much as I'd like it to, but whatevs, it was gone. ESET said it was clean, TDSSKiller said it was clean, Combofix said it was clean, and MBAM said it was clean. Security Essentials wouldn't shut up.

        I googled a bit and found out that this client had caught one of the strains from the xpaj family. It does EVERYTHING - MBR rewrite, device driver, etc. Seriously among the nastiest virus infections I've ever come across. Further googling revealed that Kaspersky had an explicitly dedicated removal tool just for xpaj. it took about half an hour to run, and found literally thousands of files infected with it. It must have been file headers or something because they were all ultimately cleaned...but this thing fooled EVERYONE but Security Essentials.

        Now granted MSE didn't completely take care of the issue, and clearly it also didn't stop it from running amuck...but it did find something nothing else I tried did...so I'm not thoroughly convinced that writing it off wholesale isn't entirely warranted either.

        • by fast turtle (1118037) on Friday November 30, 2012 @01:36AM (#42138923) Journal

          If it's a bad trojan/virus, MSE works quite well in getting rid of it. Keep in mind that MSE is basically Windows Defender on Steroids so it works quite well for some things.

          I've been using it on a Win7-64 install for the last 2 years and it's been pretty damn decent as it simply stays out of the way. If I'm going to visit an dogdy place online, I'll use Palemoon (based on firefox) with noscript. Pretty effective in blocking crap I don't want while allowing me to at least get an idea if I want to finish loading a site.

          • by wvmarle (1070040)

            How do you know beforehand that you're visiting a dodgy site? Keeping in mind that it is frequently the ads that serve the malware, and you never know where the ads are going to come from (this assuming you don't have ABP).

            And if you know beforehand a site is dodgy, why would you want to visit it to begin with?

        • by wvmarle (1070040)

          Key of your story: use as many AV tools as you can find, the more you use the more chance at least one of them will find out something is wrong with your system.

          Just curious: you said you found a removal tool from Kaspersky. Didn't their scanner find the specific malware?

          • by mcgrew (92797) *

            Key of your story: use as many AV tools as you can find

            Do NOT install more than one at a time. If you have two AV programs running at the same time, they'll fight, each thinking the other is a virus. One guy I know thought putting both McAfee and Norton on his computer would keep him safe, he came to me thinking he had a virus because it was so slow. All I had to do to fix it was uninstall both AVs and install FreeAVG and it was good as new. He was especially happy that he no longer had to pay for virus def

      • And MSE doesnt bog down your system. MSE is a fine program.

      • by jamesh (87723)

        What is strange is MSE is the only one of those products listed I have ever seen effectively block any malware.

        and for me, also not be worse installing it than actually getting a virus.

      • by temcat (873475)

        Recently MSE failed to save me from a piece of ransomware that was somehow autostarted from a Livejournal friend feed page. It did detect it and tried to stop but failed. I had to reinstall.

    • by engun (1234934)
      Spot on. It's better to be occasionally infected by a virus, and to format and reinstall your system, than to suffer daily slowdowns and annoyances with a real-time anti-virus program. I've long since decided to make this trade off to maintain my sanity, and I haven't regretted that decision at all.

      I've not been infected in years, with no realtime anti-virus, and that's by following a few simple ground rules.

      1. Do not run junk software from unknown sources. If you must, then run an AV scan manually to
  • Wow (Score:2, Informative)

    by Anonymous Coward

    People rely on AVs against 0-day threats?

    • Not really (Score:4, Insightful)

      by Sycraft-fu (314770) on Friday November 30, 2012 @03:17AM (#42139221)

      This isn't a very worthwhile mass market test. 0-day detection is an interesting stat, and not worthless, as is proactive testing (AV Comparitives does that, takes a 6 month old AV scanner and sees how it does against current threats) but it isn't really a concern for most people. Computer viruses spread, well, like viruses. Not a lot of people get exposed on day 0. So as long as your virus scanner is updated reasonably frequently, it does a reasonably good job with threats you are actually likely to face.

  • by olsonish (2526782) <olsonish@gmail.FREEBSDcom minus bsd> on Thursday November 29, 2012 @09:14PM (#42137251) Homepage
    I can't even remember the last time I got a virus within 24 hours of it being revealed as existing. Once upon a time I recall seeing a Monkey A virus back in the 90's. If I recall, AV software wasn't even what revealed it, it was something I found on my own trying to fix someone else's busted box. I'll be keeping MSE installed. I've found many of the free AV programs to be cumbersome and slow, and quite frankly annoying about 'protecting my system' and 'staying updated'. Stay out of shady places and avoid file sharing except when necessary and it won't be a problem. Kind of like not raw dogging dirty hookers freely, common sense behavior if you don't want to catch the Cannasyphiliaids virus.
    • by godel_56 (1287256)

      I'll be keeping MSE installed. I've found many of the free AV programs to be cumbersome and slow, and quite frankly annoying about 'protecting my system' and 'staying updated'. Stay out of shady places and avoid file sharing except when necessary and it won't be a problem. Kind of like not raw dogging dirty hookers freely, common sense behavior if you don't want to catch the Cannasyphiliaids virus.

      Kaspersky has saved me from three drive-by downloads, and two of them were from legitimate charity sites which didn't have decent security in place. So much for file sharing, dodgy places and dirty hookers.

      Nowhere on the web can be considered completely safe

      • by mianne (965568)

        I credit my firewall, noscript, flashblock, MSE, SpyBot S&D, the HOSTS file from mvps.org, and my own common sense to keep my system protected from virii, trojans, and drive-by downloads. The worst I've ever had to clean up on my own system were a couple tracking cookies.

        I believe I have far greater odds of having a tire blow-out on the highway than a virus on my computer, yet I don't spend 30 minutes every morning inspecting my tires.

  • by Eskarel (565631) on Thursday November 29, 2012 @09:29PM (#42137363)

    The main reason I use MSE is that it does an adequate job and unlike every one of the competitors free or otherwise, installing it isn't worse than getting infected with Malware. Last time I used either AVG or Avast it was like infecting my PC on purpose. I'll pass up some protection against zero days(which is spotty at best anyway) in exchange for not installing crap.

    • by illestov (945762)

      The main reason I use MSE is that it does an adequate job and unlike every one of the competitors free or otherwise, installing it isn't worse than getting infected with Malware. Last time I used either AVG or Avast it was like infecting my PC on purpose. I'll pass up some protection against zero days(which is spotty at best anyway) in exchange for not installing crap.

      agreed, although my reason for using MSE is that it never finds anything and never bugs me with stupid popups telling me how it found a super deadly trojan , about once every few days, reminding me of its absolute importance.

    • by inflex (123318)

      Indeed. Most systems that come in here with N360, McAfee, even AVG now (try removing that sucker, it's really persistent unless everything is perfect!) are a mess in terms of performance and hijacking the browser search fields and forcibly reinstating excessive services and apps in the startup.

      Clear it all away and install MSE, sure the client possibly will get infected in the future but I've found regardless of what they have had installed they invariably get infected, may as well go with the AV system th

    • MSE is really and truly free. Or, perhaps more accurately the cost of it is included with a license of Windows. They don't want any more money for it, they don't try to upsell you, it does its job and that's that.

      The others? They want you to buy the full version, so they have various ways of pestering you, some quite annoying. Heck AVG got to the point where even the paid version was highly annoying (I used to buy AVG, I buy ESET Smart Security now).

      As such MSE is really the only free AV I recommend because

  • Usability: Vipre? (Score:4, Insightful)

    by whoever57 (658626) on Thursday November 29, 2012 @09:30PM (#42137377) Journal

    We have a number of PCs from a one manufacturer on which Vipre cannot update itself. This has happened with more than one release. It is necessary to not only uninstall, but do a clean-up after uninstalling and then re-install the new version. After doing this on one machine, and then having a later release also fail to install, I won't bother with Vipre again.

    On that basis, Vipre should lose points for usability.

    Oh, and it also asks unprivileged (non-administrator) users to run the update. What's the point in that?

    • by fostware (551290)

      That would be because GFI bought them out, added useless code ("it's been GFIed") and got all metro-sexual with the interface.

      I'll be looking for a different AV vendor come renewal time...

    • My company uses Vipre. But it regularly (every day or two) locked up my computer so tightly that I had to do a hard power-off to regain use of my computer. The same behavior was experienced by several other developers. Vipre support didn't have a clue what was going on. Finally, the company relented and let us (just our department) switch to MSIE. There is no way, in my book, that Vipre gets a higher score than MSIE!

      • by gagol (583737)
        I guess you mean MSE instead of MSIE, because trading a defective anti-virus with an unsecure browser really dont make sense!
  • by Ectospheno (724239) on Thursday November 29, 2012 @09:31PM (#42137391)
    A good ad blocker in your browser will be more effective in the long run than any AV software you install. Couple that with the common sense to not download and run every piece of crap you see on the internet and your computer will be fine. Every instance of an infection I've seen involved the person breaking one of those two simple rules.
  • Many of the vectors of malware these days is through java/flash exploits, I always disable the java plugin in my browser and have flash click to play. I do have MSE on my computers and MalwareBytes for a monthly search and haven't run into any issues in many years. MSE has the least bloat/memory footprint AND the lowest false positive rating http://www.av-comparatives.org/images/docs/avc_fdt_201209_en.pdf [av-comparatives.org] puts it at 0, if you're getting hit by 0 day malware you're just not pirating software/being cautious e
    • by Nyder (754090)

      I found common sense isn't very common.

    • According to the same site, MSE also misses lots of samples, which I've experienced myself as well: http://www.av-comparatives.org/images/docs/avc_fdt_201209_en.pdf [av-comparatives.org]

      • Replying to myself, that's actually even the exact same PDF, and only now I notice that OP has a high UID and only one comment.

        Also note that the AV comparatives uses the following scoring system:

        • Tested
        • Standard *
        • Advanced **
        • Advanced+

        They rate Security Essentials with Standard (together with AVG and PC Tools), whereas

        • AVIRA
        • Trend Micro
        • F-Secure
        • Kaspersky
        • BitDefender
        • BullGuard
        • Fortinet
        • eScan
        • McAfee
        • Avast

        ALL score Advanced +, 3 stars.

  • by Anonymous Coward

    Anyone who knows anything about the internals of an antivirus research team know what a Joke AV-Test is.

    the tests for years have been based on static collections of huge buckets of gathered samples.

    The guys running the test have no actual malware analysis experience themselves .. its just a game all the big vendors are playing .. and really some of the the ones that seem to squeeze into top spot among the bigger players are small / tiny products that have no where near the same capabilities as the more matu

  • All three antivirus checkers lose 3 points in just three months? also, "Yes, Windows Defender is enabled automatically when no other antivirus is present, but its technology comes from the Microsoft products that failed the recent tests. Don't rely on it. Install a better antivirus right away." sounds like an ad by one of its competitors
  • by Charliemopps (1157495) on Thursday November 29, 2012 @10:52PM (#42138039)

    I dunno about this article. I've used just about everything out there... I used Kaspersky for a very long time, and in my opinion was the best for a long while. I very rarely got an infection. But when I switched to MS Security Essentials I was DONE with virus. I haven't had a single computer in my house (and I have 5) get infected since I started using it. And just so you know I'm not a Microsoft shill, fuck Microsoft, they suck, I pirate their god damned OS... fuck em. Anyways, Security essentials works great. I rutinely still scan with other AV if I'm having any sort of issue just to be sure, but nothing. I really think it comes down to useability. It just works well and integrates with windows well.

    The article talks alot about 0-day exploits and such... but really, how many of us are going to get hit with one of those? I mean yes, I'd rather be protected, but at the expense of some of the draconian tactics some other packages lock your computer up in? Install Bit Deffender and then try installing some open source, macroing utility or something and the damned thing goes nuts.

    • by evilviper (135110)

      Your anecdotal experience isn't helpful at all.

      A company I recently worked for has hundreds of Windows PCs, and happened to use Microsoft's protection exclusively... the verdict of those there longer than me, was that it does well on extremely esoteric exploits, but completely misses swathes of common viruses. In my opinion, it's a steaming pile of worthless.

      It was an interesting experience though, because I happened to be there when an obvious bit of malware was spreading unchecked through the network.

    • by gbjbaanb (229885)

      you're right - and the best bit is you don't need to even like MS to like this product as it was purchased by MS (who could choose the best). It used to be Forefront (by Sybari) and it was "teh win" of AV products, and had a pricetag to match.

      so, yes, I run it and I'm happy to do so - it ain't no shitty crap a Microsoft development team put together, it was developed by professionals :)

  • I use the commercial Kaspersky which always comes out near the top, if not always best in AV tests, but why has no-one mentioned Noscript? I suspect it has saved me from all sorts of nastiness that my AV program never even got a chance to see.
  • Oh no that could never be, could it?

  • by slashmydots (2189826) on Friday November 30, 2012 @12:31AM (#42138671)
    I'll save you the trouble reading. They're idiots. The winner out of all of them was bitdefender? That slows down your system like a damn boat anchor. I've had customers bring in a computer to my shop claiming it had a horrible problem and the only problem was that it had bitdefender. As soon as it was gone, responsive times dropped 10x lower. It's unbelievable how bad that product is. For them to not consider system performance in any way means they obviously have no idea what they're doing. The same goes for Kaspersky. Their new 2013 version is a nightmare for system performance. Norton Internet Security was third so yep, that's how responsible THESE idiots are.
    • by treeves (963993)

      I just uninstalled Symantec Endpoint Protection from my work laptop because it was so slow I was hardly able to get things done. Soluto informed me that the Symantec software was the likely culprit. I uninstalled it and things have sped up considerably. I know I won't get in trouble because our company's not that serious about security. I was going to reinstall MSE again, but now I'm reconsidering...

  • by detain (687995) on Friday November 30, 2012 @01:21AM (#42138859) Homepage
    Yes MSSE is not the best anti-virus software out there, but it is one of the only ones i feel safe that it will never ask me to install other promotional products, it will never try to load weird webpages or install spyware. It has no upgrades to a better paid for version that it frequently bugs you to upgrade to. It is probably the last offensive, least obtrusive, least annoying anti-virus software out there. Coupled with being behind a firewall and intelligence enough not to open binaries from questionable sources it works well enough.
  • I've had a few customers with trojans, from like 2009 and MS Sec. Essentials doesn't detect them with a quick scan. Only after a full scan did it see them.
    These machines always had MSE running and up to date.

    It's unfortunate that so many software companies write software such that it requires admin access or we could avoid so much of these infections.

    • by tgd (2822)

      I've had a few customers with trojans, from like 2009 and MS Sec. Essentials doesn't detect them with a quick scan. Only after a full scan did it see them.
      These machines always had MSE running and up to date.

      It's unfortunate that so many software companies write software such that it requires admin access or we could avoid so much of these infections.

      Sounds like you need better software. I can't remember the last time I ran anything that needed admin rights, with the single exception of Visual Studio when I was doing something that required escalated privileges (loading drivers, etc).

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...