Vulnerabilities / Threats
11/30/2012
12:09 PM
50%
50%

Microsoft Security Essentials Loses AV Certification

Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.

The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.

According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks -- including viruses, worms, and Trojan horses -- dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that's been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that's still below the 97% average for the industry.

In AV-Test's examination of version 4.0 and 4.1 of Security Essentials, running on a 32-bit Windows 7 system, the antivirus software earned a "protection rating" of just 1.5 out of 6 points. AV-Test said it tests products every two months, and that to be "AV-Test Certified" a product must achieve 11 out of 18 available points, which are granted based on a product's protection, repair, and usability capabilities.

In the AV-Test October 2012 study, out of 24 Windows 7 antivirus products assessed by AV-Test, only Microsoft's product failed to make the grade.

[ Security Essentials has work to do, but Microsoft's new OS bolsters enterprise security. Read more at Windows 8: A Win For Enterprise Security. ]

That downgrading follows a report released last month by independent testing firm NSS Labs, which found that antivirus tools' effectiveness at blocking known exploits varied by 58%. While the leading product in the NSS tests -- Kaspersky Internet Security 2012 -- stopped 92.2% of known threats, Microsoft Security Essentials blocked only about half of the known threats it encountered, putting it in ninth place on the list of most effective products, and in last place when it came to protecting Windows XP systems.

In North America, Microsoft controls 27% of the antivirus market, followed by Symantec (16%), Avast (11%), and AVG (10%), according to a September 2012 antivirus market-share report from research firm OPSWAT. Globally, the leading antivirus providers by market share are Avast (17.5%), Microsoft, (13.9%), Avira (12.1%), ESET (10.6%), and Symantec (10.2%).

Interestingly, Security Essentials remains endorsed by Virus Bulletin, which in August 2012 gave the software its VB100 certification, which it says means that the product "can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization," as well as "generate no false positives when scanning an extensive test set of clean samples." AV-Test also found that Security Essentials rated above the industry average when it came to not returning false positives when it did detect malware.

Originally released by Microsoft in 2009, Security Essentials is free for personal use or businesses with up to 10 PCs. Microsoft launched the service after consumers failed to purchase a similar premium security offering from Microsoft, dubbed Windows Live OneCare.

Antivirus and endpoint security suites are a cash cow for many security vendors. While consumers can avail themselves of a number of free -- and well-regarded -- options, the only choice for businesses seeking antivirus protection is to purchase corporate-level endpoint security software.

This isn't the first time Microsoft Security Essentials has lost its AV-Test seal of approval. In September 2010 the antivirus software failed to gain an AV-Test seal of approval. By December 2010, however, Microsoft overhauled Security Essentials, releasing version 2, which offered a better heuristic scanning engine, integration with Windows Firewall, and network traffic inspection for Windows Vista and 7 systems.

With Windows 8, Microsoft rebranded Security Essentials as Windows Defender -- which was previously the name of an anti-spyware security feature -- and added new capabilities. The security software is enabled by default for every Windows 8 installation but can be replaced with third-party antivirus software.

Building a more robust network vulnerability management program can help you identify security holes before an attacker does, as well as develop more secure systems and applications in the future. In the A Guide To Network Vulnerability Management report, we examine the products and practices that will get you there. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

CVE-2015-0802
Published: 2015-04-01
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a p...

CVE-2015-0803
Published: 2015-04-01
The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) ...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.