Vulnerabilities / Threats
11/30/2012
12:09 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Security Essentials Loses AV Certification

Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.

The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.

According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks -- including viruses, worms, and Trojan horses -- dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that's been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that's still below the 97% average for the industry.

In AV-Test's examination of version 4.0 and 4.1 of Security Essentials, running on a 32-bit Windows 7 system, the antivirus software earned a "protection rating" of just 1.5 out of 6 points. AV-Test said it tests products every two months, and that to be "AV-Test Certified" a product must achieve 11 out of 18 available points, which are granted based on a product's protection, repair, and usability capabilities.

In the AV-Test October 2012 study, out of 24 Windows 7 antivirus products assessed by AV-Test, only Microsoft's product failed to make the grade.

[ Security Essentials has work to do, but Microsoft's new OS bolsters enterprise security. Read more at Windows 8: A Win For Enterprise Security. ]

That downgrading follows a report released last month by independent testing firm NSS Labs, which found that antivirus tools' effectiveness at blocking known exploits varied by 58%. While the leading product in the NSS tests -- Kaspersky Internet Security 2012 -- stopped 92.2% of known threats, Microsoft Security Essentials blocked only about half of the known threats it encountered, putting it in ninth place on the list of most effective products, and in last place when it came to protecting Windows XP systems.

In North America, Microsoft controls 27% of the antivirus market, followed by Symantec (16%), Avast (11%), and AVG (10%), according to a September 2012 antivirus market-share report from research firm OPSWAT. Globally, the leading antivirus providers by market share are Avast (17.5%), Microsoft, (13.9%), Avira (12.1%), ESET (10.6%), and Symantec (10.2%).

Interestingly, Security Essentials remains endorsed by Virus Bulletin, which in August 2012 gave the software its VB100 certification, which it says means that the product "can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization," as well as "generate no false positives when scanning an extensive test set of clean samples." AV-Test also found that Security Essentials rated above the industry average when it came to not returning false positives when it did detect malware.

Originally released by Microsoft in 2009, Security Essentials is free for personal use or businesses with up to 10 PCs. Microsoft launched the service after consumers failed to purchase a similar premium security offering from Microsoft, dubbed Windows Live OneCare.

Antivirus and endpoint security suites are a cash cow for many security vendors. While consumers can avail themselves of a number of free -- and well-regarded -- options, the only choice for businesses seeking antivirus protection is to purchase corporate-level endpoint security software.

This isn't the first time Microsoft Security Essentials has lost its AV-Test seal of approval. In September 2010 the antivirus software failed to gain an AV-Test seal of approval. By December 2010, however, Microsoft overhauled Security Essentials, releasing version 2, which offered a better heuristic scanning engine, integration with Windows Firewall, and network traffic inspection for Windows Vista and 7 systems.

With Windows 8, Microsoft rebranded Security Essentials as Windows Defender -- which was previously the name of an anti-spyware security feature -- and added new capabilities. The security software is enabled by default for every Windows 8 installation but can be replaced with third-party antivirus software.

Building a more robust network vulnerability management program can help you identify security holes before an attacker does, as well as develop more secure systems and applications in the future. In the A Guide To Network Vulnerability Management report, we examine the products and practices that will get you there. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3621
Published: 2014-10-02
The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

CVE-2014-6242
Published: 2014-10-02
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged usi...

CVE-2014-6414
Published: 2014-10-02
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.