Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Security Essentials Loses AV-Test Certificate


  • Please log in to reply
9 replies to this topic

#1 bruinator

bruinator

  • Members
  • 501 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 30 November 2012 - 10:32 PM

Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didn't pass the test to achieve certification. Although that may not sound that impressive, Microsoft's program was the only one which didn't receive AV-Test's certificate. For comparison, the other free antivirus software, including Avast, AVG and Panda Cloud did.

Does this mean we should not be using it and to get something else?

thx

*Moderator Edit: Moved topic from All Other Applications to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 30 November 2012 - 10:39 PM.


BC AdBot (Login to Remove)

 


#2 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 AM

Posted 01 December 2012 - 12:40 AM

I have to hear from MSE users complain about the free product. That report is not credible enough and does not reflect how satisfied I am since switching from the top 3 free AV.

Tekken
 


#3 md2lgyk

md2lgyk

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Virginia USA
  • Local time:12:26 PM

Posted 01 December 2012 - 07:55 AM

I, for one, have no complaints about MSE.

#4 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:01:26 PM

Posted 01 December 2012 - 03:41 PM

I've read that Microsoft focuses mainly on the most common threats. Common sense is usually a good way to make sure you keep your computer, but if you run into a common infection, MSE should be able to catch it. That said, there may be lesser common infections that MSE may not detect (no AV detects everything, of course). I use Avast on my desktop and Comodo Internet Security on my laptop (since my laptop tends to be used for more general browsing, my desktop is for gaming). I know Comodo isn't the best, but I like the Defense+ feature.

#5 lti

lti

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 01 December 2012 - 04:37 PM

I have had issues with MSE. It makes older computers completely unusable because it has to scan the entire contents of any folder you open. While it is doing this, the computer is frozen. The only thing you can do is move the mouse. Also, it considers any change to the Hosts file (malicious or not) to be a hijack and removes most of the changes you made. Even if it doesn't tell you it found a "Hosts file hijack," it has removed at least a few of the entries. For example, the MVPS Hosts file is detected as a "hijack" when you download it. If you install MSE on a computer that already has the MVPS Hosts file on it, opening the Hosts file will reveal many blank lines where entries used to be.

Avast is the best antivirus software I have used, but it runs poorly on older computers due to its high resource use. Recent versions of Norton have low resource use, but they don't detect very much, have an extremely high false positive rate, and have performance and stability issues under certain software configurations.

Edited by lti, 01 December 2012 - 04:37 PM.


#6 Sightless

Sightless

  • Members
  • 435 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Up in the Clouds
  • Local time:01:26 PM

Posted 01 December 2012 - 04:46 PM

I have had issues with MSE. It makes older computers completely unusable because it has to scan the entire contents of any folder you open. While it is doing this, the computer is frozen. The only thing you can do is move the mouse. Also, it considers any change to the Hosts file (malicious or not) to be a hijack and removes most of the changes you made. Even if it doesn't tell you it found a "Hosts file hijack," it has removed at least a few of the entries. For example, the MVPS Hosts file is detected as a "hijack" when you download it. If you install MSE on a computer that already has the MVPS Hosts file on it, opening the Hosts file will reveal many blank lines where entries used to be.

Avast is the best antivirus software I have used, but it runs poorly on older computers due to its high resource use. Recent versions of Norton have low resource use, but they don't detect very much, have an extremely high false positive rate, and have performance and stability issues under certain software configurations.

Hi, according to AV-Comparatives, Norton has one of (maybe even THE) highest detection rate. However, I will never use it due to how awful the earlier versions were years ago. Avast actually has pretty low resource usage compared to many of the AV programs out there.

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 01 December 2012 - 05:18 PM

Does this mean we should not be using it and to get something else?


The problem I have with this AV-TEST report is that they don't describe the test set that gave the lowest score for MSE.
If you look at the PROTECTION part, there are 3 test sets: protection against 0-day, detection of a representative set and detection of a widespread set.
But on the page where they document their Protection tests (http://www.av-test.org/en/test-procedures/test-modules/protection/), they only write about the last 2 test sets: representative set and widespread set. There's no explanation of how they build the 0-day test set.
Remark that in their explanation, they give a higher weight factor to the 0-day test than the 2 other tests, but that the number of samples in the 0-day test (102) is much smaller than the 2 other sets (272,799 and 5,000).

It's impossible to give good advice when we don't know how that specific test, for which MSE scored so low, was conducted.

Update:

To give you an example how it relates to my usage (I use MSE): in the 0-day test, malicious e-mails are part of the test set, but we don't know how many.
But this 0-day e-mail test is not relevant in my case: I use Gmail, and it has a very good SPAM filter. I can't remember when I last received a malicious e-mail that was not classified as SPAM. It must be months ago.

Edited by Didier Stevens, 01 December 2012 - 05:36 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 DarkSnake-Kobra

DarkSnake-Kobra

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa, USA
  • Local time:12:26 PM

Posted 01 December 2012 - 05:40 PM

I've seen a lot of problems with these types of tests done.

1. Environments for whatever reason vary between security products. Things like the OS are different when testing different products.

2. Security companies are allowed to choose what settings on their products are used. AV-Comparatives is one example that does this. All products should be at the default settings as that's what most users are going to be at (most install and leave it). Than test them at higher settings.

3. The samples used are unprecedented. They should include the names and how recent they are.

4. Not all products tested are in the same category. One good example is MRG. They test products like Malwarebytes' against antivirus software like Emsisoft. Which are two completely different products. They also placed Immunet Protect in the same group which is mainly a cloud solution.

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:26 PM

Posted 01 December 2012 - 05:48 PM

Although I agree in general with your remarks, they do not apply to the AV-TEST test the OP refered to.

1. Environments for whatever reason vary between security products. Things like the OS are different when testing different products.

All products tested on Windows 7.

2. Security companies are allowed to choose what settings on their products are used. AV-Comparatives is one example that does this. All products should be at the default settings as that's what most users are going to be at (most install and leave it). Than test them at higher settings.

All products tested with default settings.

3. The samples used are unprecedented. They should include the names and how recent they are.

Size and age of the 2 malware sets are reported. What is not reported is the 0-day set.

4. Not all products tested are in the same category. One good example is MRG. They test products like Malwarebytes' against antivirus software like Emsisoft. Which are two completely different products. They also placed Immunet Protect in the same group which is mainly a cloud solution.

MBA is not tested in this test.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 jhayz

jhayz

  • BC Advisor
  • 6,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:26 AM

Posted 02 December 2012 - 01:37 AM

Protection - Repair - Usability Test Scores, So what's the average?

Tekken
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users