Risk
4/9/2013
11:02 AM
50%
50%

Microsoft Windows 8 Security Software Lacks Teeth

Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Not all Windows 8 endpoint security tools are created equal.

That's one takeaway from a recent study of Windows 8 antivirus products conducted by the independent German lab behind AV-Test, which reviews the effectiveness of endpoint security products.

The firm found that out of nine corporate endpoint security products tested earlier this year, Microsoft's System Center Endpoint Protection security software was the low scorer. Although Microsoft's software was certified by AV-Test for corporate use, it also served as the testing firm's baseline, meaning AV-Test recommends businesses avoid using any software that didn't score at least to that level.

[ Find out why the Ukraine is one of the riskiest places in the world to use a computer. Read Alleged Carberp Botnet Ringleader Busted. ]

"During January and February 2013 we continuously evaluated nine endpoint protection products using settings as provided by the vendor," said AV-Test's study. "We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."

The Microsoft software performed the worst on all tested corporate products on the "protection" front, earning just 1.5 out of 6 possible points. That was based on the software stopping 80% of zero-day attacks, compared with an industry average of 95%. The software did far better at spotting 98% of "widespread and prevalent malware discovered in the past four weeks," although it was still below the industry average of 100%.

For comparison's sake, F-Secure's Client Security 10 and Kaspersky's Endpoint Security 10.1 both led the protection charts with 6.0 scores, followed by Fortinet's FortiClient 5.0 (5.5), Symantec's Endpoint Protection 12.1 (5.0), Webroot's SecureAnywhere Endpoint Protection 8.0 (5.0), Sophos' Endpoint Security and Control 10.2 (5.0), McAfee's VirusScan Enterprise with EPO 8.8 (5.0) and Trend Micro's Office Scan 10.6 (4.5).

Microsoft's System Center Endpoint Protection did, however, perform relatively well in the two other categories assessed by AV-Test: performance (5.0) and usability (6.0).

On the consumer front, meanwhile, Microsoft's Windows Defender 4 -- known as Microsoft Security Essentials (MSE) with previous versions of Windows -- was also certified for use by AV-Test, but likewise placed last in the protection rankings, making Microsoft's offering again the baseline for the comparison test of 26 different consumer antivirus products. The software scored well in both performance (3.5) and usability (6.0), though.

The Microsoft endpoint security product test results represented an improvement for the company's software, which previously failed to pass muster with AV-Test. In November 2012, the testing firm pulled its seal of approval for Microsoft Security Essentials when the product's zero-day attack blocking rate dropped to 64%, compared with an industry average of 89%, and its detection rate for malware that's a few months old dropped to 90%, compared with an industry average of 97%.

Another positive aspect of Microsoft's Windows 8 security software -- known as Microsoft Security Essentials (MSE) in previous version of Windows -- is that's it's free. In Windows 8, furthermore, the software does come enabled by default for all users, unless other endpoint security software has been installed by an OEM, or user install their own endpoint security software. In other words, although Microsoft's free security software might not top the corporate or consumer protection charts, AV-Test CEO Andreas Marx has said that it's literally better than nothing.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report