Digital Spy

Search Digital Spy
 

DS Forums

 
 

Microsoft Security Essentials loses AV-TEST certification


Reply
Thread Tools Search this Thread
Old 30-11-2012, 10:37
anniebrion
Inactive Member
 
Join Date: Sep 2005
Posts: 16,389

Microsoft Security Essentials, Redmondís free antivirus tool for home users and business with up to ten PCs, can detect just 64 per cent of zero-day threats when running under Windows 7.
Source: http://www.theregister.co.uk/2012/11...certification/
anniebrion is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 30-11-2012, 10:58
Magic Cottage
Forum Member
 
Join Date: Nov 2004
Posts: 2,584
Don't think I'll be running for the hills screaming just yet. I often wonder whether these things are just a bit of scaremongering in the hope we will reach for our wallets and buy an expensive anti-virus package.
Magic Cottage is offline   Reply With Quote
Old 30-11-2012, 11:34
TheBigM
Forum Member
 
Join Date: Aug 2004
Location: moon
Posts: 12,716
It should be noted that figure is for zero-day threats not all malware. Most malware that people run across is not going to be zero-day. Plus other things matter - comprehensive nature of signature database, ability to protect against malware that is found etc.

Safe habits including using a no-plugin browser like IE10 metro, only using software from the Microsoft store etc wil help to mitigate threats of malware. Plus Windows 8 has further security improvements from that in Windows 7 e.g. secure boot helping to protect against rootkits.
TheBigM is offline   Reply With Quote
Old 30-11-2012, 21:16
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
That low detection rate has cost it the AV-TEST Instituteís seal of approval, a certification it hands out to products that meet 11 of 18 criteria it assess
Pure science in action. WTF.

Dave
The Rat is offline   Reply With Quote
Old 30-11-2012, 21:48
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,502
That company is only giving MSE a score of 1.5 out of 6 for protection, way lower than the rest it has tested. I've never tried it but that would put me off even though in annie's link some other testers are giving it good marks.

http://www.av-test.org/en/tests/home...7/sepoct-2012/
LION8TIGER is offline   Reply With Quote
Old 30-11-2012, 22:16
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
That company is only giving MSE a score of 1.5 out of 6 for protection, way lower than the rest it has tested. I've never tried it but that would put me off even though in annie's link some other testers are giving it good marks.

http://www.av-test.org/en/tests/home...7/sepoct-2012/
Look behind the headline figures - the results are complete junk. The 64% figure - which somehow brings the "protection ability" to 1.5 out of 6.0 (25%) - is derived from a sample of just 102. Some of the tests are determined on samples as low as 27. This shite wouldn't get a second look-in on a peer-review process.

Dave
The Rat is offline   Reply With Quote
Old 30-11-2012, 22:52
LION8TIGER
Forum Member
 
Join Date: May 2005
Posts: 7,502
Yes the 102 for Zero day attacks seems a small number but they have used the same number for all the other AV they tested. Why did MSE do so badly in an 'equal' test against the others ? I can't see either why the bad Zero day result should drop it to 1.5 out of 6.

This shite wouldn't get a second look-in on a peer-review process.
You are no doubt right Dave but if I was using MSE it would be scaring the shite out of me now but then again I don't know shite .
LION8TIGER is offline   Reply With Quote
Old 30-11-2012, 23:04
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
Yes the 102 for Zero day attacks seems a small number but they have used the same number for all the other AV they tested. Why did MSE do so badly in an 'equal' test against the others ? I can't see either why the bad Zero day result should drop it to 1.5 out of 6.
The problem is it is being presented as statistically significant when it is not - a sample of 102 is too small. Pick another set of 102 and the variation in your findings would be notable, hence the test (and its conclusions) are junk.

You are no doubt right Dave but if I was using MSE it would be scaring the shite out of me now but then again I don't know shite .
That is the problem, these things are presented in sensationalist ways to alarm people. The fact that your susceptibility to a zero-day exploit is predicated on the existence of the exploit vector and a know route to exploiting it - somewhat of a rarity - means you have little to be scared about, yet the conclusions from this study suggest you are just "25% protected". Shite is the censored word.

Dave
The Rat is offline   Reply With Quote
Old 01-12-2012, 11:38
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,956
I had stopped commenting here, but I do need to make you aware that an updated operating system is theoretically protected from everything but zero day malware.

Zero day malware uses new holes that have not being prevented/fixed by Microsoft.
Thus a sample of 104 is very high, How many new holes are there really?

The other thing to note is that I do not think anything has changed, apart from av-test changing its 'pass rate'. Historically zero day malware always had low detection rates across the board.
So av-test has at last updated it's pass rates to acknowledge high detection rates elsewhere.

Why the pass rules were left woefully dated is the only mystery to me.
alanwarwic is offline   Reply With Quote
Old 01-12-2012, 13:59
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
I had stopped commenting here, but I do need to make you aware that an updated operating system is theoretically protected from everything but zero day malware.

Zero day malware uses new holes that have not being prevented/fixed by Microsoft.
Thus a sample of 104 is very high, How many new holes are there really?
A sample size of 102 is not statistically significant in a malware population of 100,000s, as is the true population size, to draw a conclusion on a particular AV packages' ability to protect (protection is a broad concept with many facets). Your last point hits on the crux of it - how many zero-day holes are there to be able to say MSE gives "25% protection"?

Dave
The Rat is offline   Reply With Quote
Old 01-12-2012, 14:19
d'@ve
Forum Member
 
Join Date: Oct 2003
Location: Darn Sarf
Posts: 21,418
This is a question rather than a statement, but is it not true that av software isn't just about O/S "hole" protection? There are plenty of ways for malware to get onto computers other than through O/S holes, and they should all be detected by the AV components of the security software, right?

Do these tests tell us anything at all about the intrinsic security level of the O/S itself?
d'@ve is offline   Reply With Quote
Old 01-12-2012, 14:32
John259
Forum Member
 
Join Date: Nov 2003
Location: Norwich, Norfolk, UK
Posts: 13,235
It's a good idea to do a scan with MalwareBytes once a week as an additional safeguard on top of whatever other protection software you use.
John259 is offline   Reply With Quote
Old 01-12-2012, 21:29
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,956
Most malware that people run across is not going to be zero-day.
And so they normally have a double defence.

Zero day is often zero defence. And as often as not in the case of MSE.
Even over rated common sense may be of no use whatsoever.
alanwarwic is offline   Reply With Quote
Old 02-12-2012, 11:02
The Rat
Guest
 
Join Date: Feb 2007
Posts: 5,914
This is a question rather than a statement, but is it not true that av software isn't just about O/S "hole" protection? There are plenty of ways for malware to get onto computers other than through O/S holes, and they should all be detected by the AV components of the security software, right?
The most common way these-days is through social engineering - no OS can protect the user from him/herself. In these cases AV software is a reactive measure.

Do these tests tell us anything at all about the intrinsic security level of the O/S itself?
No, see above. Not least there are other factors which are not equal, for example prevalence of a particular family or version of an OS.

Dave
The Rat is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT. The time now is 19:54.