Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Security Essentials Misses 39% of Malware

timothy posted about 10 months ago | from the talked-harshly-with-the-other-61-percent dept.

Microsoft 149

Barence writes "The latest tests from Dennis Publishing's security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it. Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender. While the other eight packages all achieved protection scores of 87% or higher — with five scoring 98% or 99% — Microsoft's free antivirus software protected against only 61% of the malware samples used in the test. Microsoft conceded last year that its security software was intended to offer only "baseline" performance"."

Sorry! There are no comments related to the filter you selected.

In other news (5, Funny)

NoNonAlphaCharsHere (2201864) | about 10 months ago | (#45750595)

Microsoft Windows hosts 99.999% of malware.

Re:In other news (0, Troll)

mrbluze (1034940) | about 10 months ago | (#45750621)

Microsoft Windows hosts 99.999% of malware.

Windows is malware.

Re:In other news (-1, Flamebait)

Anonymous Coward | about 10 months ago | (#45750651)

no it's not. stop being dramatic. it only makes you look like an idiot.

Re:In other news (-1)

Anonymous Coward | about 10 months ago | (#45750863)

As opposed to you... who just looks like an insecure sycophant.

Re:In other news (4, Funny)

tlambert (566799) | about 10 months ago | (#45751093)

Windows is malare.

no it's not. stop being dramatic. it only makes you look like an idiot.

How exactly is Windows making him look like an idiot?

Re:In other news (0)

Anonymous Coward | about 10 months ago | (#45751179)

i just meant that chanting the old "windows is malware" thing looks damn dorky.

Re:In other news (3, Insightful)

Anonymous Coward | about 10 months ago | (#45751587)

Malware is probably the most precisely written, bug-free software on the planet, bar nothing else. It takes up little memory, runs without being noticed, can run on an extremely large amount of hardware/software combinations and run well.

So, calling Windows malware is really a misnomer. Malware is written to some damn exacting quality standards, and its support (such as the people behind CryptoLocker) is usually better than 99% of the tech support departments in any legit company.

Re:In other news (3, Insightful)

bloodhawk (813939) | about 10 months ago | (#45751727)

You honestly have not dealt with much malware. Most of it is atrociously written and more often then not only detected because it chews up system resources or causes crashes. only a tiny percentage of malware is written well.

Re:In other news (1)

Anonymous Coward | about 10 months ago | (#45751851)

only a tiny percentage of malware is written well.

Only a tiny percent of Windows is writen well. As well.

Re:In other news (-1)

Anonymous Coward | about 10 months ago | (#45751287)

no it's not. stop being dramatic.

He is being satiric, but certainly not dramatic.

it only makes you look like an idiot.

Speaking of which, might I suggest you try capitalizing your sentences next time? And perhaps making sentences longer than 3 words. Insulting someone's intelligence has much more impact when you don't present yourself as a brain-dead baboon.

Re:In other news (-1)

Anonymous Coward | about 10 months ago | (#45751525)

no it's not. stop being dramatic. it only makes you look like an idiot.

Yeah it is, you Microsoft shill. Let me guess, you also use that POS Bing and believe it's better? The lengths these militant Microsoft shills go to...

Re:In other news (0)

Runaway1956 (1322357) | about 10 months ago | (#45751615)

I must disagree.

When the Athlons were new and exciting, the wife bought herself a nice, pretty, new shiny computer from Compaq. Her gigahertz computer ran like a frigging sick dog with Windows XP, whereas, my aging Super Socket 7 machine with XP installed ran quite nicely. Her Compaq was burdened with pre-installed malware from the factory. My own very customized installation of XP, with half the services disabled among other tweaks hummed along nicely, loading web pages while her machine struggled to load similar pages.

What the end user gets for his money is indeed malware. You have to be at least moderately techie minded to make Windows tolerable.

Re:In other news (4, Funny)

Stormwatch (703920) | about 10 months ago | (#45751025)

Obligatory blast(er worm) from the past...

Is Windows a virus?

No, Windows is not a virus. Here's what viruses do:

1 - They replicate quickly - okay, Windows does that.
2 - Viruses use up valuable system resources, slowing down the system as they do so - okay, Windows does that.
3 - Viruses will, from time to time, trash your hard disk - okay, Windows does that too.
4 - Viruses are usually carried, unknown to the user, along with valuable programs and systems. Sigh... Windows does that, too.
5 - Viruses will occasionally make the user suspect their system is too slow (see 2.) and the user will buy new hardware. Yup, that's with Windows, too.

Until now it seems Windows is a virus, but there are fundamental differences: viruses are well supported by their authors, are running on most systems, their program code is fast, compact and efficient and they tend to become more sophisticated as they mature.

So Windows is not a virus. It's a bug.

Re:In other news (1, Insightful)

AlphaWolf_HK (692722) | about 10 months ago | (#45751045)

The really good (as in clever) malware don't do any of those things. It's best not to in order to avoid unwanted attention so that your ultimate goal (whatever it be) can be achieved.

Sounds like the exact definition of .... (0)

Anonymous Coward | about 10 months ago | (#45751613)

... the Android OS. Malware by design.

If they made it good... (0)

Anonymous Coward | about 10 months ago | (#45750599)

... they'd just get hit with an antitrust lawsuit.

Subject lines are for subjects! (2)

tqk (413719) | about 10 months ago | (#45750935)

If they made it good they'd just get hit with an antitrust lawsuit.

Yeah, and considering what happened last time, that'll have 'em shaking in their boots.

"Baseline performance" and "failing miserably while lieing to customers" don't mean the same thing. Not catching zero-days is one thing. Only catching ca. 30% is worse than flipping a coin.

Actual Reports (5, Informative)

mythosaz (572040) | about 10 months ago | (#45750601)

Re:Actual Reports (5, Insightful)

mythosaz (572040) | about 10 months ago | (#45750643)

7.2 Threat selection
The malicious web links (URLs) used in the tests
were not provided by any anti-malware vendor.
They were picked from lists generated by Dennis
Technology Labs’ own malicious site detection
system, which uses popular search engine
keywords submitted to Google. It analyses sites
that are returned in the search results from a
number of search engines and adds them to a
database of malicious websites.
In all cases, a control system (Verification Target
System - VTS) was used to confirm that the URLs
linked to actively malicious sites.
Malicious URLs and files are not shared with any
vendors during the testing process.

In other words, you get to take his word for it, and we don't know what failed or why.

Re:Actual Reports (2)

msauve (701917) | about 10 months ago | (#45750771)

Not just that. I'd be more interested in a metric which considers the real-world prevalence of a threat. They're not equal, failure to block a common threat is much worse than failure to block a rarely encountered one.

Re:Actual Reports (2)

vux984 (928602) | about 10 months ago | (#45750795)

Is it clear that the malicious urls actually hosted different payloads? Or did MSE and McAffee just get hammered by same virus strain 30 times?

I realize that if a strain is common and being missed that it's a big deal, but it does distort the picture greatly if they just keep testing the same "gap" in security over and over again.

There is also the question of what some of this stuff is and whether or not its even within MSE's purview. Kapersky Internet Security and NIS etc are full system protection -- they get into your email, they run your firewall, etc. In other words I don't expect MSE to block "threats" that are outside its functional scope. (And in exchange for that MSE has never completely effed up my ability to receive email... something NIS does on a regular basis.)

Re:Actual Reports (3, Insightful)

TapeCutter (624760) | about 10 months ago | (#45751075)

Yes, vendor A says vendor B's free product sucks. I put MES on my win7 boxes after the free AGV let something thru earlier this year. The virus tricked win7 into thinking an infected system file was a good thing.Interestingly MSE was the only one of three free virus scanners I tried that picked up the infection.

However there was catch22 since MSE stubbornly refused to install itself until the infected file was gone and win7 kept restoring the infected file at boot up. The pragmatic developer in me gave up digging further down that particular rabbit hole. I realise I was now also fighting a win7 immune system that the virus had usurped, but I knew how it got in and that was enough to convince me to change the scanner I'd been using since the late 90's. First time in at least 10yrs I've had to wipe my own windows system disk because of an infection.

Why yes, IAACS, but the above is experience with MSE is a personal anecdote, not a professional opinion.

Re:Actual Reports (1)

cusco (717999) | about 10 months ago | (#45751637)

My wife's family is in Peru, and her nieces and nephews send her emails and such from the Internet cafes. MES has caught everything but one ever since it was first introduced, and that one was only because she accidentally clicked 'OK'. Even then the MES bootable CD cleaned it.

Re:Actual Reports (2)

mlts (1038732) | about 10 months ago | (#45751667)

Almost all AV software is (to borrow a British term) bollocks. One time interval, one AV offering is at the top of the heap. Next time interval, same package is now getting stomped on by other tests, and some tests are not really objective.

Every other OS out there except Windows runs quite fine without AV software. The only reason McAfee is running on the AIX or Solaris box is because it makes the legal eagles happy... and even then, the software only runs when a cron job fires off to fetch updates, then go scan down filesystems... and there are just not going to be any viruses in COFF format on a JFS2 filesystem, nor any on a ZFS pool, barring Windows malware on a samba share.

Realistically, what I've found that protects against the bad crap, would be ad blocking Web extensions and software that blocks bad IP addresses. Yes, in theory, there may be a way for a bad guy to jump a firewall, connect to machines behind a NAT, and inject malware directly, but that is exceedingly rare. The biggest threat next to Trojans (the .pdf.exe or the "foo.pdf .exe" files) are security holes in the Web browser or add-ons. A zero day in a popular browser sells for a lot because it can bring even more revenue in. CryptoLocker has showed that to be the case.

The best way of protection these days is defense in depth. Something like Qubes OS where not just the memory and registers are virtualized, but the complete filesystem. Then, this is combined with a rollback ability so when the Web browser is not used, any code other than signed add-ons is purged, and only data is stored. However, on the operating systems we have now, the next best thing is either running the most dangerous thing (the Web browser) in a virtual machine, or at the minimum a sandbox that redirects writes to a separate filesystem [1].

This sounds like a lot of effort, but it really isn't, once things are set up, and assuming the host machine has enough RAM to keep the VM happy. (XP can do decently in 512MB of RAM, or one can run a modern Linux distro with a modern DE in 1024-2048 MB of RAM.)

With most malware being zero day stuff, if it manages to get a user context, or an Administrator context, you tend to be screwed no matter how good the AV program is, except for Malwarebytes which blocks by IP addresses.

AV has two uses in my book: It keeps the legal eagles happy, and is a checkbox come audit time. It also can useful for scanning offline volumes, to check if a backup image has been rootkitted.

[1]: The reason for the separate filesystem is that I've encountered malware that will just write bunches of zero byte files, or create directories until Windows's analog of inodes are used up. With the sandbox on a separate FS, it doesn't take much to kill the sandbox, reformat the volume, re-Bitlocker [2] it, and continue on.

[2]: With a BitLocker protected filesystem, if you run a Vista or newer format.exe on it, the format command will notice it is a BDE filesystem, and overwrite multiple times the spaces where the old master volume keys are stored, effectively ensuring the volume cannot be recovered.

Re:Actual Reports (5, Insightful)

LordLimecat (1103839) | about 10 months ago | (#45751833)

CryptoLocker has showed that to be the case.

Having been on a team that dealt with cryptolocker, I can say that you are not correct.

Cryptolocker often is sent as malicious executables contained in zip file email attachments, which could target Linux or OSX or AIX just as easily.

you tend to be screwed no matter how good the AV program is,

If the virus is in usermode, the AV can easily remove it no matter what measures it takes, since the AV runs with root privileges. If the virus has root, it depends on what virus and what AV and how recent each is.

The whole premise of "Windows gets viruses because its insecure" is such an absurd myth thats been disproved so many times that its astonishing that people still make such a stupid claim. Go look up Pwn2Own, and see how vulnerable your *nix systems can be when theres a sufficient incentive to break in. Go look up the cross-platform PDF Proof of concept. Check the stats on what type of exploits are used for the majority of malware (OS / third party /browser plugin); I think you'll find that OS-level exploits are quite uncommon these days compared with the others.


Viruses dont do that because there is no financial gain whatsoever to killing a Bitlocker volume.

McAfee is worse (1)

FlameWise (84536) | about 10 months ago | (#45750645)

Thank you.

Reading that, the more important news is probably that McAfee scored even worse.


Re:Actual Reports (0)

Anonymous Coward | about 10 months ago | (#45751925)

I always recommend Avast to people for free antivirus. It's still the best out there.

Bullshit (5, Interesting)

TheRealMindChild (743925) | about 10 months ago | (#45750603)

Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used

I call bullshit. This seems like a paid advertisement to me. The only reason they used a few undetected ones was because no one would believe anything hit 100%

Re:Bullshit (4, Interesting)

00Monkey (264977) | about 10 months ago | (#45750661)

Seconded! There's no way in hell NIS performed at this level on a legitimate test. It's shit and that's putting it nicely.

Re:Bullshit (1)

jones_supa (887896) | about 10 months ago | (#45750663)

Appendix B claims that the study was not sponsored. We don't still of course know if they are lying, but I just wanted to point that part out.

Sponsored? (5, Insightful)

dcooper_db9 (1044858) | about 10 months ago | (#45751663)

From page 19 of the report:

What is the difference between a vendor and a partner vendor?

Partner vendors contribute financially to the test in return for a preview of the results, an opportunity to challenge results before publication and the right to use award logos in marketing material. Other participants first see the results on the day of publication and may not use award logos for any purpose.

Do you share samples with the vendors?

Partner vendors are able to download all samples from us after the test is complete. Other vendors may request a subset of the threats that compromised their products in order for them to verify our results. The same applies to client-side logs, including the network capture files. There is a small administration fee for the provision of this service.

Re:Bullshit (1)

CastrTroy (595695) | about 10 months ago | (#45750693)

Either that, or it also ends up having a lot of false positives. Basically, if you flag almost everything as malware, you're going to be able to catch most of the malware. The great thing about MS Security Essentials is that it doesn't try to find reasons to justify it's existence.

Re:Bullshit (5, Funny)

Anonymous Coward | about 10 months ago | (#45750697)

Norton failed to detect itself. That's why it only got 99%.

Re:Bullshit February 2013 DennisTech (5, Informative)

retroworks (652802) | about 10 months ago | (#45750777) [] outed this testing firm last Friday for A) running MSE without applied windows updates, and B) accepting sponsorship from tested softwares.

Re:Bullshit February 2013 DennisTech (1)

retroworks (652802) | about 10 months ago | (#45750779)

Sorry that's last February not Friday

Sounds about right (5, Insightful)

Sycraft-fu (314770) | about 10 months ago | (#45750983)

If you look at AV Comparitives, who seem to do pretty good testing, MSE is about 90%. That's quite low (though there are commercial apps that are worse) but the tradeoff is zero false positives on essentially every test.

It's certainly not what you get if you want highest security, but it does a reasonably good job, and doesn't generate false positives, which can piss off newbie users and make them want the AV scanner off. It also updates definitions via Windows Update, if its internal updater has an issue, which is nice for people who won't mind after their AV software.

It's not what I use, but it isn't a bad baseline. I'd sure as hell use it rather than Norton :P.

Re:Sounds about right (1)

chuckugly (2030942) | about 10 months ago | (#45751389)

True, and most of the misses tend to be malware that's not in circulation much at the moment.

Re:Sounds about right (4, Insightful)

gman003 (1693318) | about 10 months ago | (#45752169)

More to the point:

Defense, of any sort, requires layers. And with enough layers, each individual layer can have quite a significant failure without compromising the integrity of the whole defense. My browsing habits, AdBlock, browser-based malware blocking, antivirus, and OS-level permission limits - all of those protect me. Each one probably only has a 90% success rate, but that combines to 99.999% effectiveness (assuming each layer is fully independent - in reality, stuff that can break one layer is likely able to break some of the others, so it may only be 99.9% effective, which is still pretty damn good).

I use MSE not because it's the best, but because it's the least intrusive. It nags me to run a scan about once a month, and I think only once has it flagged any malware (false positive - I do scans with MalwareBytes every few months, which is much better at detection and removal but does nothing for real-time protection, and it did not find anything). Other than that, it doesn't put any noticeable load on my system or bother me with meaningless alerts - unlike even "good" AV like AVG.

Re:Bullshit February 2013 DennisTech (1)

TubeSteak (669689) | about 10 months ago | (#45751685) outed this testing firm last Friday for A) running MSE without applied windows updates

I noticed that too while reading the PDF.
But it doesn't seem like much of a defense for MSE's and McAfee's extremely poor showing.

Re:Bullshit February 2013 DennisTech (0)

Anonymous Coward | about 10 months ago | (#45751785)

If slashdot keeps posting bullshit and sensationalist articles like this, I'm going to stop reading. Either they're doing worse vetting of material, or I'm just noticing it more. For example, slashdot recently posted an article talking about how some malware authors made off with $30 million, but simply doing the math as described in the article showed the amount was $30k. Readers pointed this out, the article was corrected, but the sensationalist title wasn't revised.

Re:Norton much improved (2)

Billly Gates (198444) | about 10 months ago | (#45750903)

It is not that steamy bloated piece of shit known as 2007! Other labs report it as one of the best with minimal performance degration believe it or not.

It is re engineered and has a tarnished image like real player and IE which are hard to break.

Re:Norton much improved (1)

Overzeetop (214511) | about 10 months ago | (#45751509)

It may be wonderful, but based on what happened in the early-mid 2000s I won't even look at Norton. I ditched Kaspersky when I bought a 3 license package for the office, but didn't need two of the S/Ns for a couple of months. When I installed them, I found that the timer on all three licenses expired based on when the first one was installed.

I'm not in a high-risk environment, so I'll stick with defender for the time being.

Re:Norton much improved (1)

Billly Gates (198444) | about 10 months ago | (#45751545)

I use Avast. This version I use now is pretty good. It is free. If you put it in game/silent mode it wont ever bug you. I notice minimal performance downgrade.

The good news is most AV software is rapidly improving with the exception of McCrappy. True Norton's answer for malware was to encapsolate the whole damn hammer! Worse, may the lord have mercy on your soul if you ran it on Vista! The disk would spin to eternity with indexing and with the whole virtual disk layer encapsulated doing a scam for each damn byte.

If you must use Windows you would be insane not to run anything. It is a sad reality but with all the malware and trojans using flash, zero day exploits, and popular ad networks you can't ever be secure. Even slashdot had malware hosted ads were you would get 0wned if you came here and had flash installed :-(

Re:Bullshit (2, Informative)

Anonymous Coward | about 10 months ago | (#45750939)

You've obviously not used Norton in the recent years have you.
I swear you nerds are stuck with obsolete knowledge and refuse to accept that things change.

Microsoft Security Essentials was one of the best when it first came out and is now of the worst. Things go both ways.

Re:Bullshit (0)

Anonymous Coward | about 10 months ago | (#45751203)

How great is the latest Norton when your subscription runs out and the virus defs haven't been updated for a year or two? That's always what I find whenever someone asks me to look at their PC/laptop.

Re:Bullshit (0)

Anonymous Coward | about 10 months ago | (#45751325)

Yes Norton AV is a fantastic utility for tech support people and retail outlets that sell commercial software, it's billable hours for the former and snake-oil, peace-of-mind sales for the latter. Outside of that having Norton installed on your system is a 50/50 issue -- yes you get great protection and monitoring but the price you pay is a crash-prone, performance-limiting utility with multiple background processes tied to system level functionality. As for your '...recent years have you...' remark, you really need to take things into context. A few years ago Norton screwing up your system was a much more noticeable issue, now most PCs have the over-kill in resources to negate Norton's list of short-comings.

That said, the consumer versions are indeed a sham but surprisingly the corporate versions pretty useful and effective.

Re:Bullshit (1)

amiga3D (567632) | about 10 months ago | (#45751513)

You're right on. Norton is a system hog. It's almost as bad as the malware it guards against.

Re:Bullshit (2)

cusco (717999) | about 10 months ago | (#45751671)

I was surprised the last PC that I bought. It had Symantec Anti-virus pre-installed, and I expected to have to go back and delete the services, the folders, and the registry entries that it always left behind. It was surprisingly good about not leaving detritus behind like all the previous versions. Now that they actually have an uninstaller that works maybe they'll work on improving their product next.

Re:Bullshit (1)

mlts (1038732) | about 10 months ago | (#45751705)

I don't understand the point of buying AV software on a non-enterprise basis when a decent program is installed (or downloadable at no charge -- a utility that doesn't throw pop-ups at you demanding subscriptions), the two exceptions would be SpywareBlaster (which updates killbits, adds blocking cookies), and Malwarebytes (which blocks IP addresses.)

The enterprise is a different story. AV software is a must for jumping through regulatory hoops, and something like System Center 2012 Endpoint Protection or Symantec Endpoint Protection is a must because it offers an audit trail that can be saved to a central server. This is critical come internal audit time, or when the external auditors start knocking.

Re:Bullshit (1)

chuckugly (2030942) | about 10 months ago | (#45751387)

It's a consistent result across many recent tests, since the re-engineering effort a few years back. NAV/NIS seems very low impact on systems, and is routinely first place for performance and among the top for detection.

Re:Bullshit (1)

BitterOak (537666) | about 10 months ago | (#45751765)

Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used I call bullshit. This seems like a paid advertisement to me. The only reason they used a few undetected ones was because no one would believe anything hit 100%

I can't help but think that if this really were something sponsored by Norton that they wouldn't have had a free product (Avast) score so closely to Norton (which is a paid product.)

Re:Bullshit (1)

NIK282000 (737852) | about 10 months ago | (#45752117)

Norton IS 39% of malware! It eats up processor time, ties up an insane amount of memory and is damn near impossible to remove. In Norton's case the treatment is worse than the disease.

On the other hand... (1)

oldhack (1037484) | about 10 months ago | (#45750617)

89.376% of stats from "security" outfits are crap with 99.9118000042% confidence interval.

MSSE vs Norton (4, Insightful)

Mr Foobar (11230) | about 10 months ago | (#45750619)

So, either MSSE misses over a third of malware, or use Norton and your computer turns into a zombie with the performance of a 486 running WfWG...

Hmm, tough choice there.

Re:MSSE vs Norton (0)

Anonymous Coward | about 10 months ago | (#45750855)

You sir, are the perfect example of an idiot who spout nonsense based on highly obsolete knowledge.
Norton received a massive overhaul in 2009 and is now one of the anti virus software that's the least taxing on the system. So before you start spouting obsolete nonsense, get informed.

Re:MSSE vs Norton (1, Troll)

bloodhawk (813939) | about 10 months ago | (#45751077)

Yep, no way in hell anything with Norton on it would run as fast as a 486

Re: MSSE vs Norton (0)

Anonymous Coward | about 10 months ago | (#45751373)

Right. When I look at a friends computer, first uninstall norton and install MSE. It's runs much faster and the defs will be updated. I did this a week ago. Norton is still crap.

Re: MSSE vs Norton (1)

Billly Gates (198444) | about 10 months ago | (#45751563)

In the old days the scanner would still fucking run and take 70% cpu even after uninstallation?!

A re-image was what I had to do and this annoying thing came with adobe flash and was impossible to get rid off. UGH!

Re:MSSE vs Norton (1)

Billly Gates (198444) | about 10 months ago | (#45750913)

Or use avast?

Good detection and minimal overhead.

Re:MSSE vs Norton (0)

Anonymous Coward | about 10 months ago | (#45752191)

Oh, boy. Travel back in time much? This is NOT 2003, and Norton is NOT the resource hog it once was. In 2009 it was rewritten, and since then it is actually among the lightest-weight ones on the market, free or commercial.... unlike Slashdot users' precious MSE which is a fucking dog when it comes to updates.

MSE has always scored low on virtually all tests, yet is pushed harder than cheese at Burger King around here. Yes it's free, yes it's easy to install (Windows Update), yes it's a small download ( 20 meg... but then consider the eternity to download initial and subsequent updates), but as a security program, it totally sucks donkey ass.

Norton has a shit reputation from the 16 bit Windows era and XP... but Symantec woke up and redid the whole fucking thing. It's been nearly four years since then, it's time to put that to bed already. It is not perfect, none are, but it's the best we have found for use on our clients' computers (who consist of ordinary people, home users, seniors, K-12 students and families, etc). We see every other antivirus fail.. but no client PC with a current Norton program and subscription has been infested with malware, spyware, viruses or rootkits since 2009.

It's True (0)

Anonymous Coward | about 10 months ago | (#45750627)

I tried downloading several lines distributions, and not once did MSSE try to stop me. Epic fail.

They'd get convicted again (1)

atlasdropperofworlds (888683) | about 10 months ago | (#45750633)

If they made a good security product, I'm pretty sure there would be much gnashing of teeth. Remember the uproar because MS dared to include a browser and media player? I'm sure if they put a decent antivirus product in Windows they'd just get sued again.

Re:They'd get convicted again (1)

SpaceLifeForm (228190) | about 10 months ago | (#45750695)

Yeah, I can see the NSA doing that.

Re:They'd get convicted again (1)

Seumas (6865) | about 10 months ago | (#45750707)

MSIE wasn't decent, either. Didn't stop anyone.

In fact, one might assert that providing a worse bundled product was more damaging as it would cut down other vendors and give users a false sense of security. (If this report were even legitimate).

Of course, Defender isn't even bundled (you have to actively seek it out, download it, and install it), so I don't think the "anti-trust!" thing even applies.

Re:They'd get convicted again (1)

TheGoodNamesWereGone (1844118) | about 10 months ago | (#45750901)

Defender *is* bundled in later versions of Windows. Look, far be it from me to defend M$, but as far as the free AVs go, I've recommended MSSE to a lot of my clients. It runs quietly and unobtrusively and doesn't constantly ask the user to make decisions he may not have a clue about, and it doesn't nag you to ***BUY OUR PAID VERSION ZOMFG*** every five minutes. It does its job reasonably well, albeit not perfectly, and like others I'm a little skeptical of this outfit's testing methodology and results. FWIW, out in the field servicing customers' machine I'm seeing fewer virus infections lately and more adware/crapware infections on W7+. XP is another matter. It's always been a Petri dish.

Re:They'd get convicted again (1)

atlasdropperofworlds (888683) | about 10 months ago | (#45751043)

MSSE is not bundled with 7. Defender (which is the same thing) is bundled in 8 and 8.1.

Re:They'd get convicted again (1)

Billly Gates (198444) | about 10 months ago | (#45751141)

IE 6 was the best browser. Don't believe me? Go google Slashdot stories on Netscape from 1999 to 2002?

IE as much as I hated MS winning was the browser I kept using as it was more standards compliant and faster browser. It supported MS CSS while no browser supported W3c CSS at all. It rendered more properly code than Netscape and even early Mozilla!

Re:They'd get convicted again (1)

TheGoodNamesWereGone (1844118) | about 10 months ago | (#45751255)

You need to make it more plain when you joke around like that

Re:They'd get convicted again (3, Interesting)

Billly Gates (198444) | about 10 months ago | (#45751457)

I was typing that on a phone and didn't have time to elaborate. IE was only popular when IE 6 was light years ahead of Netscape 4.7 in 2001. Netscape 5 and 6 I did not even bother as websites would not even render correctly. Not because the IE era started on the web, but because there were more quirks in thsoe pieces of dinosaur doo than even IE itself!

People use what is best. IE no longer has the strangle hold because it is not the best thing since sliced bread anymore.

In 2001 through 2003 I used it with Mozilla, but not since Firefox .9x did I finally feel a worthy competitor came.

  By 2004 it was an insecure old awkward browser but not terrible. By 2006 it was a POS HORRIBLE abomination! This is when average Joes started using alternative browsers as techies told them to use Firefox.

MSE now is going bad and I no longer use it just like I no longer use IE unless I am at work. People use what is best and yes a good 20% are sheep but the rest will find something else.

I think MSE came about just like IE (since analogy was brought up) as a better alternative as everything else sucked worse. Norton was worse than the actual damn virus! Symentec same ... McCrappy just as bad. AVG would work and then corrupt your Windows installation, etc.

Now Norton is re-engineered and is a great lightweight and secure again though geeks wont touch it now. Avast is much better and we have Avirri and Panda which are ok and fairly decent for free or low cost.

MSE is ... well old. It is scanner from an older era that does not have the whistles of active protection and sandboxing. Just like IE it became an abomination as it never was great (just sucked less) and became out of date where everyone is going one way, MS is staying put in technology.

Re:They'd get convicted again (0)

Anonymous Coward | about 10 months ago | (#45750711)

They should have been sued a very long time ago for releasing an insecure OS to begin with. They should be sued now for releasing an insecure OS that continues to require a security product.

Re:They'd get convicted again (1)

atlasdropperofworlds (888683) | about 10 months ago | (#45751049)

Insecure OS? It seems to be holding up with linux just fine at pwn2own.

Re:They'd get convicted again (0)

Anonymous Coward | about 10 months ago | (#45752121)

Insecure OS? It seems to be holding up with linux just fine at pwn2own.

Well then, that must explain the thriving anti-virus market that has developed around linux then right? Wait, you mean there's no anti-virus market for linux?

I mean, as long as we're comparing apples to apples and oranges to oranges right?

Re:They'd get convicted again (4, Informative)

chuckugly (2030942) | about 10 months ago | (#45750743)

It used to be pretty decent, at one point MS was trying to recruit me to work on that since I had a lot of AV development experience; I eventually declined and fed them a few resumes who they did hire, but to get to the point, they have done this in the past at least once before. Maintaining AV is an ongoing and expensive endeavor, and MS just doesn't seem to learn that lesson. It's not something they can develop and then tweak for year after year, they need to have developers and AV researchers on it 24/7, every week of the year. That's not cheap and apparently not their model.

Re:They'd get convicted again (0)

Anonymous Coward | about 10 months ago | (#45750749)

They would get sued if they forcibly bundled a security product to Windows, insisting it's a necessary part of the OS. They' would get sued if they forced OEMs out of deals with their competitors.

They probably wouldn't be convicted though...

Figured (1)

jfdavis668 (1414919) | about 10 months ago | (#45750639)

I just assumed that from the start. It's better than nothing, though.

Re:Figured (1)

TheSimkin (639033) | about 10 months ago | (#45750687)

It is worse than nothing. This gives people a false sense of security when they should be wary.

Re:Figured (0)

Anonymous Coward | about 10 months ago | (#45750759)

There is no such thing as this 'security' you speak of.

100% non-accuracy. (0)

Anonymous Coward | about 10 months ago | (#45750699)

Also miss 100% of NSA/FBI malware.

Oh look... (0)

Anonymous Coward | about 10 months ago | (#45750843)

Norton is in the top 3, yet still many dismiss it as the worst possible thing on earth, based on obsolete knowledge from before 2008 and from expired copies not giving the right protection.

Re:Oh look... (4, Interesting)

tqk (413719) | about 10 months ago | (#45750991)

... based on obsolete knowledge from before 2008 and from expired copies not giving the right protection.

Meanwhile, free software ticks along happily needing none of this BS. Funny that.

Re:Oh look... (1)

jones_supa (887896) | about 10 months ago | (#45751209)

The bugginess of free software causes even more problems though.

Re:Oh look... (2)

tqk (413719) | about 10 months ago | (#45751341)

The bugginess of free software causes even more problems though.

The bugginess of commercial software made me ecstatic to find free software, in '93. I've also watched clients choose products based on features advertised as current which didn't work until years later.

This entire story points out only one of the massive flaws in one (or a few) commercial software package(s). You should lose your prejudice. Here's one for you: perl vs. Java.

Re: Oh look... (0)

Anonymous Coward | about 10 months ago | (#45751359)

Yeah, it just needs different BS.

"I just want to install a program, don't ask me for that password gobblegook."

Re: Oh look... (1)

tqk (413719) | about 10 months ago | (#45751463)

Yes, it does try to protect itself from harm, as it should. If you don't know how or why something is, you've no business doing anything to it.

Re:Oh look... (0)

Anonymous Coward | about 10 months ago | (#45751743)

Yeah, look at how little malware runs on android.

Re:Oh look... (1)

bloodhawk (813939) | about 10 months ago | (#45751349)

It isn't the worst possible thing because of its detection rate. It is the worst possible thing because of the impact it has on a system, many cases the impact is worse than what it is protecting against, add to that the intrusive annoying nature of the product and you get something that is like chopping your legs off to avoid stubbing your toes.

Not that i love MS (1)

avivgr (1556371) | about 10 months ago | (#45751081)

but i would seriously question the source of any "objective report" and check who paid for the report. I know how these things work....

Re:Not that i love MS (0)

Anonymous Coward | about 10 months ago | (#45751219)

No one paid for it. The Appendix B says that it was unsponsored. I think that's the best information that we'll ever get.

Re:Not that i love MS (1)

Anonymous Coward | about 10 months ago | (#45751391)

These same guys have been caught out before publishing dodgy reports and were uncovered to be sponsored, combine that with their unwillingness to reveal there testing methodology I would say these results should be utterly ignored. There are plenty of legimate reviews that crap like this can be safely flushed down the shitter.

Norton detected 99% (2)

istartedi (132515) | about 10 months ago | (#45751201)

Norton detected 99%. The other 1% is Norton.

Re:Norton detected 99% (1)

thegarbz (1787294) | about 10 months ago | (#45751955)

Here's hoping Norton can lift it's game.

Though it's kind of hard to delete a file when it must first terminate the running process.

It misses 100% of NSA/GCHQ malware (-1, Troll)

Anonymous Coward | about 10 months ago | (#45751263)

Like all major software security providers, Microsoft carefully avoids 'spotting' current trojans, keyloggers and the like used by intelligence agencies in the West AND nations under Russian influence. The Russian exclusion may surprise most of you, but may of these companies are Russian or have Russian links (like any based in Israel), so an agreement exists between Russia and America/UK to NOT identify each other's official malware.

Now the worst criminal malware comes from Israel, and is a direct result of people within the Israeli intelligence agencies leaking classified information about back-doors and other 'weaknesses' to criminal partners mostly working out of ex-Soviet states like the Ukraine. The Israeli connection ensures the USA government does little to nothing in the way of cracking down on these criminal activities, when knowledge of back-doors hits the crime circuits, and millions of ordinary users and businesses are put at risk.

There is obviously a period when the same back-door coded for the NSA by Microsoft (or any other major software company) is in simultaneous use by intelligence agencies, and common criminals, and the criminals know they have a period of grace BEFORE anti-virus packaged will be upgraded to block this vulnerability.

But it gets worse. Mozilla, for instance, removed the ability for Firefox users to simply disable Javascript, so commonly served browser malware can take complete functional control of Firefox (including menus),and the user needs to use an low-level OS thread manager to close down the browser (which will restart with the malware active again UNLESS the user has added certain third party plug-ins to Firefox to handle tabs and sessions). Mozilla does this because intelligence agencies now mostly attack victims via their browsers, and via deadly functionality of Javascript as a way to access Mozilla created back-doors.

That Mozilla refuses to have a high level KILL TAB function that cannot be over-ridden by the content of any possible website tells you ALL you need to know about Mozilla's game. Mozilla specifically states in every major strategy document that user control MUST be removed from Firefox, version by version. Telling a tab to close is the very definition of user control.

Firefox: Disabling Javascript via about:config (1)

Anonymous Coward | about 10 months ago | (#45751891)

"Mozilla, for instance, removed the ability for Firefox users to simply disable Javascript,"

Can you disable it via:

1. about:config
2. javascript.enabled -> Toggle to FALSE


shit!;? (-1)

Anonymous Coward | about 10 months ago | (#45751441)

minutes now while Let's kkep to visit Gig in front of

Shitty Software (0)

Anonymous Coward | about 10 months ago | (#45751467)

From a Shitty Software company. Why would they prevent viruses and malware from infecting their OS when their OS is basically a piece of stinking malware.

It is such a dis service to write this and not say (1)

Ralph Ostrander (2846785) | about 10 months ago | (#45751485)

Who had the 99

Simpler Explaination (1)

quantaman (517394) | about 10 months ago | (#45751601)

I don't know much about the current state of software viruses (I'm a Linux user!) but my understanding was a lot of them looked for suspicious behaviour rather than straight up definitions.

In that case if I'm a Malware writer it's nice if I can sneak around 3rd party anti-virus software, but it's not essential.

But if Security Essentials is built into Window's and it catches my suspicious behaviour every time, well there's not a big niche for my virus. Just like web developers would make sure their pages rendered under IE malware writers have to make sure their code runs under Security Essentials.

Note, this is a good sign for 3rd party anti-virus companies since it implies there's always going to be an opportunity to supply a better product.

The test was bogus (0)

Anonymous Coward | about 10 months ago | (#45751643)

Just read the linked article. They used Win XP w/SP3, IE7, and no other updates to windows even thought tons were available. Not win 7 or 8 with all the latest updates. So yeah, grats, an unpatched XP system is vulnerable.

Have you ever used it? MSE is great. (3, Insightful)

Slagothor (1156549) | about 10 months ago | (#45751823)

I care about the security of MSE a great deal. MSE does what Av should do. It also does it in the background like it should and out of the way. MSE is a program/tool that is outstanding. Surprised to see it come out of Microsoft. If a paid version were needed/required, I'd pay, and I don't pay for Av protection.

No test of false positives (0)

Anonymous Coward | about 10 months ago | (#45752143)

Which effectively make this whole test meaningless. AV softwares passing 99% of tests might just use while-list scanning and report all kinds of weird behaviors regardless of their true purpose (cracks, custom patchers etc).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?