Risk
4/9/2013
11:02 AM
50%
50%

Microsoft Windows 8 Security Software Lacks Teeth

Microsoft's free corporate and consumer endpoint security software needs more malware-stopping power, finds independent German firm AV-Test.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Not all Windows 8 endpoint security tools are created equal.

That's one takeaway from a recent study of Windows 8 antivirus products conducted by the independent German lab behind AV-Test, which reviews the effectiveness of endpoint security products.

The firm found that out of nine corporate endpoint security products tested earlier this year, Microsoft's System Center Endpoint Protection security software was the low scorer. Although Microsoft's software was certified by AV-Test for corporate use, it also served as the testing firm's baseline, meaning AV-Test recommends businesses avoid using any software that didn't score at least to that level.

[ Find out why the Ukraine is one of the riskiest places in the world to use a computer. Read Alleged Carberp Botnet Ringleader Busted. ]

"During January and February 2013 we continuously evaluated nine endpoint protection products using settings as provided by the vendor," said AV-Test's study. "We always used the most current publicly available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."

The Microsoft software performed the worst on all tested corporate products on the "protection" front, earning just 1.5 out of 6 possible points. That was based on the software stopping 80% of zero-day attacks, compared with an industry average of 95%. The software did far better at spotting 98% of "widespread and prevalent malware discovered in the past four weeks," although it was still below the industry average of 100%.

For comparison's sake, F-Secure's Client Security 10 and Kaspersky's Endpoint Security 10.1 both led the protection charts with 6.0 scores, followed by Fortinet's FortiClient 5.0 (5.5), Symantec's Endpoint Protection 12.1 (5.0), Webroot's SecureAnywhere Endpoint Protection 8.0 (5.0), Sophos' Endpoint Security and Control 10.2 (5.0), McAfee's VirusScan Enterprise with EPO 8.8 (5.0) and Trend Micro's Office Scan 10.6 (4.5).

Microsoft's System Center Endpoint Protection did, however, perform relatively well in the two other categories assessed by AV-Test: performance (5.0) and usability (6.0).

On the consumer front, meanwhile, Microsoft's Windows Defender 4 -- known as Microsoft Security Essentials (MSE) with previous versions of Windows -- was also certified for use by AV-Test, but likewise placed last in the protection rankings, making Microsoft's offering again the baseline for the comparison test of 26 different consumer antivirus products. The software scored well in both performance (3.5) and usability (6.0), though.

The Microsoft endpoint security product test results represented an improvement for the company's software, which previously failed to pass muster with AV-Test. In November 2012, the testing firm pulled its seal of approval for Microsoft Security Essentials when the product's zero-day attack blocking rate dropped to 64%, compared with an industry average of 89%, and its detection rate for malware that's a few months old dropped to 90%, compared with an industry average of 97%.

Another positive aspect of Microsoft's Windows 8 security software -- known as Microsoft Security Essentials (MSE) in previous version of Windows -- is that's it's free. In Windows 8, furthermore, the software does come enabled by default for all users, unless other endpoint security software has been installed by an OEM, or user install their own endpoint security software. In other words, although Microsoft's free security software might not top the corporate or consumer protection charts, AV-Test CEO Andreas Marx has said that it's literally better than nothing.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.