[anniebrion]

Quote:

Microsoft Security Essentials, Redmond’s free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7.

Source: http://www.theregister.co.uk/2012/11...certification/

[Magic Cottage]

Don't think I'll be running for the hills screaming just yet. I often wonder whether these things are just a bit of scaremongering in the hope we will reach for our wallets and buy an expensive anti-virus package.

[TheBigM]

It should be noted that figure is for zero-day threats not all malware. Most malware that people run across is not going to be zero-day. Plus other things matter - comprehensive nature of signature database, ability to protect against malware that is found etc.

Safe habits including using a no-plugin browser like IE10 metro, only using software from the Microsoft store etc wil help to mitigate threats of malware. Plus Windows 8 has further security improvements from that in Windows 7 e.g. secure boot helping to protect against rootkits.

[The Rat]

Quote:

That low detection rate has cost it the AV-TEST Institute’s seal of approval, a certification it hands out to products that meet 11 of 18 criteria it assess

Pure science in action. WTF.

Dave

[LION8TIGER]

That company is only giving MSE a score of 1.5 out of 6 for protection, way lower than the rest it has tested. I've never tried it but that would put me off even though in annie's link some other testers are giving it good marks.

http://www.av-test.org/en/tests/home...7/sepoct-2012/

[The Rat]

Quote:

Originally Posted by LION8TIGER

That company is only giving MSE a score of 1.5 out of 6 for protection, way lower than the rest it has tested. I've never tried it but that would put me off even though in annie's link some other testers are giving it good marks.

http://www.av-test.org/en/tests/home...7/sepoct-2012/

Look behind the headline figures - the results are complete junk. The 64% figure - which somehow brings the "protection ability" to 1.5 out of 6.0 (25%) - is derived from a sample of just 102. Some of the tests are determined on samples as low as 27. This shite wouldn't get a second look-in on a peer-review process.

Dave

[LION8TIGER]

Yes the 102 for Zero day attacks seems a small number but they have used the same number for all the other AV they tested. Why did MSE do so badly in an 'equal' test against the others ? I can't see either why the bad Zero day result should drop it to 1.5 out of 6.

Quote:

This shite wouldn't get a second look-in on a peer-review process.

You are no doubt right Dave but if I was using MSE it would be scaring the shite out of me now but then again I don't know shite .

[The Rat]

Quote:

Originally Posted by LION8TIGER

Yes the 102 for Zero day attacks seems a small number but they have used the same number for all the other AV they tested. Why did MSE do so badly in an 'equal' test against the others ? I can't see either why the bad Zero day result should drop it to 1.5 out of 6.

The problem is it is being presented as statistically significant when it is not - a sample of 102 is too small. Pick another set of 102 and the variation in your findings would be notable, hence the test (and its conclusions) are junk.

Quote:

Originally Posted by LION8TIGER

You are no doubt right Dave but if I was using MSE it would be scaring the shite out of me now but then again I don't know shite .

That is the problem, these things are presented in sensationalist ways to alarm people. The fact that your susceptibility to a zero-day exploit is predicated on the existence of the exploit vector and a know route to exploiting it - somewhat of a rarity - means you have little to be scared about, yet the conclusions from this study suggest you are just "25% protected". Shite is the censored word.

Dave

[alanwarwic]

I had stopped commenting here, but I do need to make you aware that an updated operating system is theoretically protected from everything but zero day malware.

Zero day malware uses new holes that have not being prevented/fixed by Microsoft.
Thus a sample of 104 is very high, How many new holes are there really?

The other thing to note is that I do not think anything has changed, apart from av-test changing its 'pass rate'. Historically zero day malware always had low detection rates across the board.
So av-test has at last updated it's pass rates to acknowledge high detection rates elsewhere.

Why the pass rules were left woefully dated is the only mystery to me.

[The Rat]

Quote:

Originally Posted by alanwarwic

I had stopped commenting here, but I do need to make you aware that an updated operating system is theoretically protected from everything but zero day malware.

Zero day malware uses new holes that have not being prevented/fixed by Microsoft.
Thus a sample of 104 is very high, How many new holes are there really?

A sample size of 102 is not statistically significant in a malware population of 100,000s, as is the true population size, to draw a conclusion on a particular AV packages' ability to protect (protection is a broad concept with many facets). Your last point hits on the crux of it - how many zero-day holes are there to be able to say MSE gives "25% protection"?

Dave

[d'@ve]

This is a question rather than a statement, but is it not true that av software isn't just about O/S "hole" protection? There are plenty of ways for malware to get onto computers other than through O/S holes, and they should all be detected by the AV components of the security software, right?

Do these tests tell us anything at all about the intrinsic security level of the O/S itself?

[John259]

It's a good idea to do a scan with MalwareBytes once a week as an additional safeguard on top of whatever other protection software you use.

[alanwarwic]

Quote:

Originally Posted by TheBigM

Most malware that people run across is not going to be zero-day.

And so they normally have a double defence.

Zero day is often zero defence. And as often as not in the case of MSE.
Even over rated common sense may be of no use whatsoever.

[The Rat]

Quote:

Originally Posted by d'@ve

This is a question rather than a statement, but is it not true that av software isn't just about O/S "hole" protection? There are plenty of ways for malware to get onto computers other than through O/S holes, and they should all be detected by the AV components of the security software, right?

The most common way these-days is through social engineering - no OS can protect the user from him/herself. In these cases AV software is a reactive measure.

Quote:

Originally Posted by d'@ve

Do these tests tell us anything at all about the intrinsic security level of the O/S itself?

No, see above. Not least there are other factors which are not equal, for example prevalence of a particular family or version of an OS.

Dave