Vulnerabilities / Threats
11/30/2012
12:09 PM
50%
50%

Microsoft Security Essentials Loses AV Certification

Independent German AV-Test firm pulls seal of approval for Microsoft's free antivirus software, saying it detected only 64% of zero-day threats on Windows 7.

The independent German lab behind AV-Test, which tests the effectiveness of endpoint security products, has pulled its seal of approval for Microsoft Security Essentials.

According to AV-Test, from September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks -- including viruses, worms, and Trojan horses -- dropped from 69% to 64%, compared with an industry average of 89%. For detecting malware that's been discovered in the past few months, Security Essentials fared better, with a 90% detection rate, but that's still below the 97% average for the industry.

In AV-Test's examination of version 4.0 and 4.1 of Security Essentials, running on a 32-bit Windows 7 system, the antivirus software earned a "protection rating" of just 1.5 out of 6 points. AV-Test said it tests products every two months, and that to be "AV-Test Certified" a product must achieve 11 out of 18 available points, which are granted based on a product's protection, repair, and usability capabilities.

In the AV-Test October 2012 study, out of 24 Windows 7 antivirus products assessed by AV-Test, only Microsoft's product failed to make the grade.

[ Security Essentials has work to do, but Microsoft's new OS bolsters enterprise security. Read more at Windows 8: A Win For Enterprise Security. ]

That downgrading follows a report released last month by independent testing firm NSS Labs, which found that antivirus tools' effectiveness at blocking known exploits varied by 58%. While the leading product in the NSS tests -- Kaspersky Internet Security 2012 -- stopped 92.2% of known threats, Microsoft Security Essentials blocked only about half of the known threats it encountered, putting it in ninth place on the list of most effective products, and in last place when it came to protecting Windows XP systems.

In North America, Microsoft controls 27% of the antivirus market, followed by Symantec (16%), Avast (11%), and AVG (10%), according to a September 2012 antivirus market-share report from research firm OPSWAT. Globally, the leading antivirus providers by market share are Avast (17.5%), Microsoft, (13.9%), Avira (12.1%), ESET (10.6%), and Symantec (10.2%).

Interestingly, Security Essentials remains endorsed by Virus Bulletin, which in August 2012 gave the software its VB100 certification, which it says means that the product "can detect 100% of malware samples listed as 'In the Wild' by the WildList Organization," as well as "generate no false positives when scanning an extensive test set of clean samples." AV-Test also found that Security Essentials rated above the industry average when it came to not returning false positives when it did detect malware.

Originally released by Microsoft in 2009, Security Essentials is free for personal use or businesses with up to 10 PCs. Microsoft launched the service after consumers failed to purchase a similar premium security offering from Microsoft, dubbed Windows Live OneCare.

Antivirus and endpoint security suites are a cash cow for many security vendors. While consumers can avail themselves of a number of free -- and well-regarded -- options, the only choice for businesses seeking antivirus protection is to purchase corporate-level endpoint security software.

This isn't the first time Microsoft Security Essentials has lost its AV-Test seal of approval. In September 2010 the antivirus software failed to gain an AV-Test seal of approval. By December 2010, however, Microsoft overhauled Security Essentials, releasing version 2, which offered a better heuristic scanning engine, integration with Windows Firewall, and network traffic inspection for Windows Vista and 7 systems.

With Windows 8, Microsoft rebranded Security Essentials as Windows Defender -- which was previously the name of an anti-spyware security feature -- and added new capabilities. The security software is enabled by default for every Windows 8 installation but can be replaced with third-party antivirus software.

Building a more robust network vulnerability management program can help you identify security holes before an attacker does, as well as develop more secure systems and applications in the future. In the A Guide To Network Vulnerability Management report, we examine the products and practices that will get you there. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.