Microsoft's antivirus is a starting point, not the final stop

Before you rely on Security Essentials to keep you safe, you might want to look at its accuracy record.

Last week’s blog post from Alan Shimel that showed Microsoft’s antivirus software, Security Essentials, is the most popular antivirus software product in the world came as no surprise. They give it away for free and push it on you if you go anywhere near

The encouraging news in the report is that people aren’t settling for just MSE. They are also picking other products from Kaspersky, McAfee, ESET and AVG. That’s good news because even Microsoft will be the first to say that MSE isn’t meant to be your only line of defense.

MSE was an optional download for earlier operating systems, but Microsoft has since rebranded it as Windows Defender and offers it out of the box with Windows 8. All told, the security rate isn’t bad. BitDefender, which I wrote about last month, ran some tests on Windows 8 and found that a system with just Windows Defender stopped 85% of the malware samples used in the tests.

On the down side, though, Microsoft appears to be falling behind in security and has just been dinged by AV-Test, an independent German lab that does antivirus effectiveness testing. From September to October 2012, the effectiveness of Security Essentials at spotting zero-day malware attacks - catching unknown viruses that are new in the wild - dropped from 69% to 64%. The industry average is 89%.

For detecting malware that's been discovered in the past few months, Security Essentials scored a 90% detection rate, which is still well below the 97% average for the industry. That’s just bad no matter how you slice it. As a result, AV-Test has withdrawn its certification for MSE.

In October, independent U.S. testing firm NSS Labs rated [PDF] MSE’s overall effectiveness at 65%, compared to the top dog, Kaspersky Internet Security 2012, at 92%.
I would have to think that the problem is due to how frequently Microsoft updates MSE. I usually see an update to the library definitions on Patch Tuesday. ESET’s NOD32, my main AV program, updates once or twice a day. The way things work in malware, you just can’t go a month in between updating virus definitions.

But, again, MSE isn’t trying to catch every last bit of malware. Malware has a ridiculously long tail. If you get the top 100 pieces floating around, you catch the vast majority. It’s your other antimalware software that catches everything.

MSE lost AV-Test’s seal of approval in September 2010, but with the release of version two in December 2010 it got the seal of approval back. Even if Microsoft gets it back again, you really need a second, stronger line of defense.

Clearly, Kaspersky has the lead, judging by both the AV-Test and NSS tests. I’ve been very happy with ESET’s NOD32. It’s written in assembler, so it’s very fast and very small. I can run a full system scan in the background while playing Call of Duty with no system impediment. Then again, my person system is a bit of a monster, not your typical employee issue at the office.

The bottom line is that MSE is a good start, but you need to keep going.


Post a Comment

Blog Archive