Risk
4/9/2013
11:02 AM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Windows 8 Security Software Lacks Teeth

Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Not all Windows 8 endpoint security tools are created equal.

That's one takeaway from a recent study of Windows 8 antivirus products conducted by the independent German lab behind AV-Test, which reviews the effectiveness of endpoint security products.

The firm found that out of nine corporate endpoint security products tested earlier this year, Microsoft's System Center Endpoint Protection security software was the low scorer. Although Microsoft's software was certified by AV-Test for corporate use, it also served as the testing firm's baseline, meaning AV-Test recommends businesses avoid using any software that didn't score at least to that level.

[ Find out why the Ukraine is one of the riskiest places in the world to use a computer. Read Alleged Carberp Botnet Ringleader Busted. ]

"During January and February 2013 we continuously evaluated nine endpoint protection products using settings as provided by the vendor," said AV-Test's study. "We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."

The Microsoft software performed the worst on all tested corporate products on the "protection" front, earning just 1.5 out of 6 possible points. That was based on the software stopping 80% of zero-day attacks, compared with an industry average of 95%. The software did far better at spotting 98% of "widespread and prevalent malware discovered in the past four weeks," although it was still below the industry average of 100%.

For comparison's sake, F-Secure's Client Security 10 and Kaspersky's Endpoint Security 10.1 both led the protection charts with 6.0 scores, followed by Fortinet's FortiClient 5.0 (5.5), Symantec's Endpoint Protection 12.1 (5.0), Webroot's SecureAnywhere Endpoint Protection 8.0 (5.0), Sophos' Endpoint Security and Control 10.2 (5.0), McAfee's VirusScan Enterprise with EPO 8.8 (5.0) and Trend Micro's Office Scan 10.6 (4.5).

Microsoft's System Center Endpoint Protection did, however, perform relatively well in the two other categories assessed by AV-Test: performance (5.0) and usability (6.0).

On the consumer front, meanwhile, Microsoft's Windows Defender 4 -- known as Microsoft Security Essentials (MSE) with previous versions of Windows -- was also certified for use by AV-Test, but likewise placed last in the protection rankings, making Microsoft's offering again the baseline for the comparison test of 26 different consumer antivirus products. The software scored well in both performance (3.5) and usability (6.0), though.

The Microsoft endpoint security product test results represented an improvement for the company's software, which previously failed to pass muster with AV-Test. In November 2012, the testing firm pulled its seal of approval for Microsoft Security Essentials when the product's zero-day attack blocking rate dropped to 64%, compared with an industry average of 89%, and its detection rate for malware that's a few months old dropped to 90%, compared with an industry average of 97%.

Another positive aspect of Microsoft's Windows 8 security software -- known as Microsoft Security Essentials (MSE) in previous version of Windows -- is that's it's free. In Windows 8, furthermore, the software does come enabled by default for all users, unless other endpoint security software has been installed by an OEM, or user install their own endpoint security software. In other words, although Microsoft's free security software might not top the corporate or consumer protection charts, AV-Test CEO Andreas Marx has said that it's literally better than nothing.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.