Vulnerabilities / Threats
11/30/2012
12:09 PM
50%
50%

Microsoft Security Essentials Loses AV Certification

Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.

The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.

According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks -- including viruses, worms, and Trojan horses -- dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that's been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that's still below the 97% average for the industry.

In AV-Test's examination of version 4.0 and 4.1 of Security Essentials, running on a 32-bit Windows 7 system, the antivirus software earned a "protection rating" of just 1.5 out of 6 points. AV-Test said it tests products every two months, and that to be "AV-Test Certified" a product must achieve 11 out of 18 available points, which are granted based on a product's protection, repair, and usability capabilities.

In the AV-Test October 2012 study, out of 24 Windows 7 antivirus products assessed by AV-Test, only Microsoft's product failed to make the grade.

[ Security Essentials has work to do, but Microsoft's new OS bolsters enterprise security. Read more at Windows 8: A Win For Enterprise Security. ]

That downgrading follows a report released last month by independent testing firm NSS Labs, which found that antivirus tools' effectiveness at blocking known exploits varied by 58%. While the leading product in the NSS tests -- Kaspersky Internet Security 2012 -- stopped 92.2% of known threats, Microsoft Security Essentials blocked only about half of the known threats it encountered, putting it in ninth place on the list of most effective products, and in last place when it came to protecting Windows XP systems.

In North America, Microsoft controls 27% of the antivirus market, followed by Symantec (16%), Avast (11%), and AVG (10%), according to a September 2012 antivirus market-share report from research firm OPSWAT. Globally, the leading antivirus providers by market share are Avast (17.5%), Microsoft, (13.9%), Avira (12.1%), ESET (10.6%), and Symantec (10.2%).

Interestingly, Security Essentials remains endorsed by Virus Bulletin, which in August 2012 gave the software its VB100 certification, which it says means that the product "can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization," as well as "generate no false positives when scanning an extensive test set of clean samples." AV-Test also found that Security Essentials rated above the industry average when it came to not returning false positives when it did detect malware.

Originally released by Microsoft in 2009, Security Essentials is free for personal use or businesses with up to 10 PCs. Microsoft launched the service after consumers failed to purchase a similar premium security offering from Microsoft, dubbed Windows Live OneCare.

Antivirus and endpoint security suites are a cash cow for many security vendors. While consumers can avail themselves of a number of free -- and well-regarded -- options, the only choice for businesses seeking antivirus protection is to purchase corporate-level endpoint security software.

This isn't the first time Microsoft Security Essentials has lost its AV-Test seal of approval. In September 2010 the antivirus software failed to gain an AV-Test seal of approval. By December 2010, however, Microsoft overhauled Security Essentials, releasing version 2, which offered a better heuristic scanning engine, integration with Windows Firewall, and network traffic inspection for Windows Vista and 7 systems.

With Windows 8, Microsoft rebranded Security Essentials as Windows Defender -- which was previously the name of an anti-spyware security feature -- and added new capabilities. The security software is enabled by default for every Windows 8 installation but can be replaced with third-party antivirus software.

Building a more robust network vulnerability management program can help you identify security holes before an attacker does, as well as develop more secure systems and applications in the future. In the A Guide To Network Vulnerability Management report, we examine the products and practices that will get you there. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.