On mySimon: You Can Have It All
BNET Business Network:
BNET
TechRepublic
ZDNet

October 1st, 2009

MS Security Essentials test shows 98% detection rate for 545k malware samples

Posted by Dancho Danchev @ 10:20 am

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Microsoft, Passwords, Rootkits, Spyware and Adware, Viruses and Worms, Windows Vista

Tags: Freeware, Antivirus, Malware, Microsoft Corp., Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

According to recent tests conducted by AV-Test.org aiming to measure the performance of Microsoft’s Security Essentials, the freeware application achieved 98% detection rate for 545k malware samples including viruses, bots, trojan horses, backdoors and Internet worms, also achieving 90.95% detection rate for 14,222 adware/spyware samples it was tested against.

However, AV-Test.org didn’t find any effective “dynamic detection” features (HIPS/behavior blocking) in place, and therefore samples with malicious behavior were not detected due to the application’s reliance on malware signatures only.

Testing MS’s Security Essentials is one thing, benchmarking it against other market propositions is entirely another. What both of these practices have in common, is the potential to leave the end user with a false feeling of security (Does free antivirus offer a false feeling of security?) by ignoring the fact that antivirus software is only a part of their defense in-depth security strategy (Secunia: popular security suites failing to block exploits; Secunia: Average insecure program per PC rate remains high).

Naturally, the final release for Microsoft’s Security Essentials is already sparking debate on its performance characteristics when benchmarked against commercial products offered by competing vendors. For instance, Symantec, dismissed the application as a “a stripped down version of the OneCare product Microsoft pulled from retail shelves“ in July, and most recently commented that it offers “reduced defenses” :

“From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime. Unique malware and social engineering tricks fly under the radar of traditional signature-based technology alone—which is what is employed by free security tools such as Microsoft’s”

And whereas different comparative reviews (Norton Antivirus 2009 Versus Microsoft Security Essentials: A Comparative Anti-Malware test; Anti-Virus Comparative August 2009) show different results, protecting from known threats only, in times when cybercriminals are efficiently tricking signatures based malware scanners (Modern banker malware undermines two-factor authentication), can cause more harm than good by attempting to simply build awareness on Internet security threats by offering a freeware antivirus scanner to millions of end users.

What do you think? TalkBack.

Dancho DanchevDancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.

Email Dancho Danchev

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 78 Talkback(s)
I am confused
Microsoft Security Essentials is NOT just Anti-Virus, it also has Anti-Malware aka Windows Defender, so were they just testing the Anit-Virus for malware detection, or did they test both Ant-Virus and... (Read the rest)
Posted by: BroGnorik Posted on: 11/07/09 You are currently: a Guest | | Terms of Use
I have to defend Microsoft on this...  olePigeon | 10/01/09
I agree  NStalnecker | 10/01/09
So Im not the only one then.  Viva la crank dodo | 10/01/09
Hey....  daMan25 | 10/01/09
RE 0002739532  DiamondT | 10/01/09
I have a question for you...  mrlinux | 10/02/09
He didn't say...  RTortorelli@... | 10/02/09
Not directly...  mrlinux | 10/05/09
That's the same question I ask when...  PlayFair | 10/03/09
very little time ?  dev-null | 10/02/09
Very little time  skudera@... | 10/02/09
Norton SOS  guymaregood@... | 10/03/09
Anti-viruses do have a security role  nilotpal_c | 10/01/09
Simply put:  NStalnecker | 10/01/09
Symantec just negated any future complaints  NonZealot | 10/01/09
I'm no fan of bundling in general  Viva la crank dodo | 10/01/09
I have to disagree.  ye | 10/01/09
Perhaps I was unclear  Viva la crank dodo | 10/01/09
Completely agree...  jasonp@... | 10/01/09
well  nanotm | 10/05/09
Ah...makes more sense with that clarification. nt  ye | 10/01/09
Unfortunately...  mrlinux | 10/02/09
No Performance Hit - Vipre  PMC-CON | 10/08/09
RE: MS Security Essentials test shows 98% detection rate for 545k malware samples  Loverock Davidson | 10/01/09
So you only read the first sentence and not the article?  Viva la crank dodo | 10/01/09
Yes (NT)  Loverock Davidson | 10/01/09
You really don't even know what shame feels like, do you?It'  Metronome49 | 10/05/09
Heuristics is a hit and miss anyway  kvkalidindi | 10/01/09
Case in point  Evan70 | 10/01/09
RE: Symantec just negated any future complaints  guptasameer@... | 10/01/09
Good news?  Richard Flude | 10/01/09
You could do better?  ye | 10/01/09
Yep...  jasonp@... | 10/01/09
Can you provide a reference? nt  ye | 10/01/09
Sure...  jasonp@... | 10/01/09
Thanks. However it doesn't look like the data set is the same.  ye | 10/01/09
Updated post with additional links...  jasonp@... | 10/01/09
Your OS uses a single line of defense?  NonZealot | 10/01/09
Only one OS has a malware sample size of 545k  Richard Flude | 10/01/09
Here are some of mine...  mechBgon | 10/01/09
Very useful list  s_southern | 10/02/09
Now here's a wise man.  ye | 10/02/09
Good Advice  PMC-CON | 10/08/09
Other than MSE and wireless NAT router, all built into OS  NonZealot | 10/02/09
Software firewalls are practically useless...  olePigeon | 10/05/09
Software firewalls are definitely useful against network worms  mechBgon | 10/05/09
You do realise that...  Sleeper Service | 10/02/09
Thanks, I'll stick with G Data...  jasonp@... | 10/01/09
Then keep throwing your money away  trance2tec | 10/01/09
Not too bright are you?  jasonp@... | 10/01/09
This is why Tech departments are separate from the marketing department.  PlayFair | 10/03/09
Avast's track record isn't that fantastic  mechBgon | 10/01/09
Non-admin user account...  jasonp@... | 10/02/09
So where are the comparisons to other products?  No_Ax_to_Grind | 10/01/09
And to other OSes;-) (nt)  Richard Flude | 10/01/09
Please don't feed this troll (nt)  honeymonster | 10/01/09
Sorry, you need OSes with 1.2 billion users to play  Qbt | 10/01/09
Check out www.av-comparatives.org for comparisons...  DevJonny | 10/02/09
PC Tools Threatfire perfect MSE companion  trance2tec | 10/01/09
I have downloaded and install ThreatFire with MSE.  Grayson Peddie | 10/01/09
Awesome  trance2tec | 10/02/09
Kernel Patch Protection in Windows Vista/7 x64  Grayson Peddie | 10/02/09
Not sure what is more amazing...  LiquidLearner | 10/01/09
Privacy Concerns  Oorang | 10/02/09
There's more to it than simple detection  chrome_slinky@... | 10/02/09
The detection rate of all custom viruses for all AV software is?  georgeou | 10/02/09
Which is where behavioral detection would step in  mechBgon | 10/02/09
MSE updates 3 x a day. How long do you think a "custom" virus will survive?  Qbt | 10/02/09
No amount of signature updates will protect you fully  Snarfiorix | 10/03/09
i agree but  nanotm | 10/05/09
RE: MS Security Essentials test shows 98% detection rate for 545k malware samples  elliottxp | 10/04/09
I like Microsoft Security Essential  ktsu10 | 10/05/09
RE: MS Security Essentials test shows 98% detection rate for 545k malware samples  Matt71421 | 10/07/09
98% detection == 10K samples missed.  darkonc | 10/08/09
It's not that hard, really  mechBgon | 10/08/09
RE: MS Security Essentials test shows 98% detection rate for 545k malware samples  TAPhilo | 11/06/09
RE: MS Security Essentials test shows 98% detection rate for 545k malware s  daiwhyte | 11/06/09
I am confused  BroGnorik | 11/07/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline