Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

// Home / Blogs

Posted on January 18th, 2013 by Darien Graham-Smith

Were we unfair on Microsoft Security Essentials?

white blank book brochure

If you’ve read the latest issue of PC Pro, you’ll have seen one of the conclusions of our latest round-up of security suites: Microsoft Security Essentials isn’t doing a great job of protecting against current malware threats, especially not brand new “zero-day” ones.

Microsoft isn’t happy about this conclusion, and it’s published a blog post challenging the research carried out by AV-Test.org to which we refer in our Labs.

The post doesn’t seek to claim that the test results are actually incorrect. It accepts that Security Essentials (and its business-oriented Forefront Endpoint Protection package, which uses the same engine) failed to protect against 28 out of 100 genuine zero-day attacks, as well as 9% of a huge collection of recent malware, representing almost 20,000 missed samples.

However, Microsoft – in the person of Joe Blackbird, from the company’s malware protection centre – does argue that these failings aren’t as significant as they appear. Based on its own analysis, it claims that while in the test lab Security Essentials missed a large number of malware samples, in the real world these samples accounted for only a tiny minority of actual attacks:

Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test. In addition, 94% of the malware samples not detected during the test didn’t impact our customers.

Does Microsoft have a point? To an extent, yes. Saying that one security tool protects against twice as many types of malware as another doesn’t mean it will, in the real world, keep you twice as safe. It could be, for example, that the latter protects against all the most common types of malware, while the former focuses only on obscure exploits. With Security Essentials scoring far below its rivals in these recent tests, I can understand why the company wants to put its results in context.

The future’s not ours to see

Does this mean we’ll be retracting our judgment, and recommending Security Essentials after all? Not a bit of it.

Here’s why: Joe Blackbird argues that the missed exploits in this test “don’t represent what our customers encounter”, and that may be broadly true for the period in question. The problem is that nobody knows what sort of malware epidemic might break out tomorrow. While the test was running, any one of these threats might easily have been injected into an innocent-looking website or tacked onto a popular download and suddenly become a major global threat and Security Essentials would have done nothing to stop it.

In fairness, we don’t doubt that Microsoft would, in such a scenario, reactively push out a database update to block the attack. But when it comes to malware, prevention is vastly preferable to cure: a password-stealing trojan doesn’t have to be on your PC for long to do its damage. Such being the case, it’s very hard to forgive an imperfect malware-detection record – especially when several alternatives achieved 100% scores in the same test.

We might also wonder just why it was that many of AV-Test’s zero-day exploits failed to make a bigger impact. Is it possible that, since most security suites intercepted them immediately, they were largely spotted and cleaned up before they had a chance to grow into major outbreaks?

We can’t be sure, but we can say this: if everyone used Security Essentials, any one of the tens of thousands of malicious programs it missed could have sparked a global malware crisis. If everybody used one of our award winners instead, those avenues of attack would all be securely closed off. We know which scenario we find more reassuring, and that’s why we stand by our conclusions.

Tags: , ,

Posted in: View from the Labs

Permalink

Follow any responses to this entry through the RSS 2.0 feed.

You can skip to the end and leave a response. Pinging is currently not allowed.

39 Responses to “ Were we unfair on Microsoft Security Essentials? ”

  1. Surefire Says:
    January 18th, 2013 at 12:54 pm

    You need to calm down. I’ve used many computers over many, many years, and I’ve never had a single incident of malware of any kind. The same thing goes for just about everyone I know, and that’s a LOT of PC’s. I would never recommend going without protection but there’s no need to get hysterical about it.

     
  2. Colin Ford Says:
    January 18th, 2013 at 1:10 pm

    Well I have been using Security Essentials for the last 2years on my and all the rest of the computers of friends and family and have not had any problems at all. In fact on one of my mates laptops after uninstalling Norton and putting Security Essentials on it found some mail-ware that Norton had missed and he is downloading stuff from all over the place and since I put it on his laptop he has had no problems.

     
  3. Mike Says:
    January 18th, 2013 at 1:31 pm

    I have a complaint about the internet: Too many people saying that just because it doesn’t affect me personally, it’s not an issue.

     
  4. Dean Says:
    January 18th, 2013 at 1:31 pm

    @Surefire.

    I’m so pleased you’ve never experienced a single problem but I had to spend a large part of boxing day fixing my in-laws laptop which had become hopelessly stuffed with malware. They had been using MSE and recently installed Norton, neither of which spotted a damn thing wrong and it was only manually running Spybot that I was able to remove the crap on their system.

    I never understand the argument that because you’ve never seen a problem there isn’t one, that’s the whole point of a lot of malware, to sit there unnoticed and steal your data/passwords.

     
  5. Mark Thompson Says:
    January 18th, 2013 at 1:32 pm

    @Surefire
    Who needs to calm down? Who’s hysterical? Are you implying that the magazine’s reporting on this is alarmist or an over-reaction? Which bits of it?

     
  6. Roy Motteram Says:
    January 18th, 2013 at 2:02 pm

    You might never have been burgled, but that doesn’t mean you can safely do without a lock on your front door.

     
  7. Damian Says:
    January 18th, 2013 at 2:57 pm

    Maybe PC Pro (Awfully titled cover this month…) could run an article on how to run as a ’standard user’ after setting up an Admin account with uac, across the board, set to full.

    After all that would be very, very important and practical information to know. Then again MS would probably have to pay for an article such as that.

     
  8. Mike Baldwin Says:
    January 18th, 2013 at 5:22 pm

    Well i read the article in the mag and uninstalled AVG free and installed avast free Antivirus…done a scan and it picked up a virus that was on my machine…not that it’s relevent to this discussion….just saying that’s all…

     
  9. mike Says:
    January 18th, 2013 at 7:00 pm

    I use a Chromebook.

     
  10. Russell G Says:
    January 19th, 2013 at 12:30 pm

    Wow, somebody actually uses a Chromebook!

     
  11. Martin Keen Says:
    January 19th, 2013 at 1:16 pm

    I’d be interested in hearing why Sophos was left out of that round up? Did they decline the opportunity?

     
  12. ChrisB Says:
    January 19th, 2013 at 10:17 pm

    ” (Awfully titled cover this month…) ”

    Yes, who came up with the cover? It doesn’t seem to relate properly to AV test?

    I think I’ve seen most brands of AV on PCs that were still infected with some sort of malware or nasties.

     
  13. james Says:
    January 20th, 2013 at 9:56 pm

    Just switched to avast after reading this.

     
  14. Roger Andre Says:
    January 21st, 2013 at 2:30 am

    Just as with Humans, the best viruses will cause minimal disruption to their hosts…..you can never really be sure you’re totally clean unless you learn to use tools such as auto runs and process explorer etc.

     
  15. Surefire Says:
    January 21st, 2013 at 9:12 am

    @All
    So many straw many arguments based on what I said. I DID NOT say that there were no problems and I specifically said that I would never recommend not having protection. It’s just that this article is getting wee bit overheated considering that what PC-Pro recommends as the best one year often comes nowhere the next. Trying to have the ‘best’ protection is very much trying to shoot a rapidly moving target.

     
  16. Maria Says:
    January 21st, 2013 at 2:35 pm

    Well there’s no point worrying about it now as mine hasn’t updated in days, thank goodness I have Avast and spybot

     
  17. Paul Ockenden Says:
    January 22nd, 2013 at 9:56 am

    I often see lots of comments such as “I’ve been using security Product X for eleventy eleven years without a problem”. That’s all well and good, but what would be FAR more useful would be to hear from people brave enough to admit that they HAVE been infected, and a) what security products they were using at the time, and b) whether these were fully patched and up to date.

     
  18. Surefire Says:
    January 22nd, 2013 at 11:24 am

    I think the reason people come up with “I’ve had no problems” stories is to counteract the nonsense propagated by the security companies that if you don’t have protection your PC will be infected within nanoseconds of being attached to the net. Certainly there are risks out there and people do get infected but there’s no need to get hysterical about it.

     
  19. Jimbo762 Says:
    January 22nd, 2013 at 1:09 pm

    While choosing an excellent anti-malware product is a good defense against infection, it should not be your only one.

    With the increasing popularity of Zero Day exploits in recent times as well as the threat of APTs (Advanced Persistent Threats) targeted against enterprises and companies of all sizes and threats such as ransomware we need to adopt a multi-layered approach to security. With these threats, at best the advanced heuristics or reputation scanning of your security product will remove some or all of the threats. At worst if these threats are brand new and have never been seen before your security product won’t even detect it since it relies on signatures.

    I have cleaned infections from PCs running the following security products: Avast Anti-virus, PC Tools Spyware Doctor with Anti-virus, McAfee VirusScan, Norton Internet Security 2012, Kaspersky Internet Security 2011, and Microsoft Security Essentials. It was no coincidence that I also found out of date free software on these PCs e.g. Adobe Reader, Java, Flash etc. as well as missing Windows and Microsoft Office security updates.

    I would recommend choosing an anti-malware based on PC Pro’s award winners and exercising caution on what links you click on. If you click on something you shouldn’t, don’t always expect your security software to save you from infection.

    The most useful set of tips that I have encountered for staying safe online is the following blog post from Security journalist, Brian Krebs:

    http://krebsonsecurity.com/tools-for-a-safer-pc/

    I hope this helps. Thank you.

     
  20. Ubique Says:
    January 24th, 2013 at 6:56 am

    Spitfire I too have used numerous business and professional computers since the days before IBM said PC’s did not have a future. Contrary to your assertions I have encountered malware and viruses etc on mission critical computers that were meant to be inpregnable.

     
  21. richtea Says:
    January 24th, 2013 at 8:06 am

    There has been no convincing argument yet to make me switch away from MSSE, and that is the end of the story. By and large, MS gets it right, with a product that is good enough, year in, year out.

     
  22. Khun Roger Says:
    January 24th, 2013 at 8:36 am

    @richtea
    Ditto, and please can you send me some biscuits? They’re pretty rare in Phuket.

     
  23. Sean Bond Says:
    January 24th, 2013 at 9:44 am

    I’ve no problem with the findings of the product review but found the front page ’shock horror’ headline laughably poor. Only after revealing that the headline refers to a free MS AV\security product do you realise that general Windows security ‘isn’t working’.

    I assume that if in the near future PC Pro comes across a poor free Apple product that we’ll see ‘Apple products are crap!’ emblazoned across the front page. No? Didn’t think so.

     
  24. Nick Ioannou Says:
    January 24th, 2013 at 10:30 am

    Antivirus is like a security guard at your front door. If you leave all the windows and side doors open due to old versions of java, flash, IE and missing patches, your protection will be greatly limited.

     
  25. MikeS Says:
    January 25th, 2013 at 11:05 am

    Read this months Which magazine they rate security essentials no 1 as a best buy, how does that stack up with PC Pro’s review? As with all reviews you read them and take them with a proverbial pinch of salt.
    At least the Which review is doing a real world/real user test compared to some of the more artificial scenarios that the tech magazines like to contrive. (esp with PCPro’s current anti anything without a fruity logo editorial policy)

    I agree with the previous comments any security is better than no security.

    Most of all though YOU are the best security of your computer. Consider what you are doing online before clicking OK, do you know what it is you are saying OK to is a reputable site and publisher, otherwise Cancel may the best option. Also don’t enter your email address and use the same password on any third party sites, especially those that offer to collect your contacts, its just a recipe for getting your account/PC infected or hijacked.

     
  26. Afterburned Says:
    January 25th, 2013 at 12:24 pm

    I too would like to know why Sophos has never appeared in these tests…

     
  27. Notsofastmatey Says:
    January 26th, 2013 at 2:42 pm

    My issue with the review is that Avira Free seems to have slowed my PC down to the point of being unusable, and it pops up ads and “notifications” several times a day. Think I’ll take my chances with MSE.

     
  28. Surefire Says:
    January 28th, 2013 at 12:54 pm

    “Read this months Which magazine they rate security essentials no 1 as a best buy, how does that stack up with PC Pro’s review?”

    Maybe Which found some PC journalists who knew what they were doing rather than PC-Pro who probably pressed a few of their Apple journos into service.

     
  29. Vexation Says:
    January 29th, 2013 at 11:48 am

    The article was well timed for me, as my machine had developed a strong dislike to the Security I had been running for 4 – 5 years.

    So I took onboard the advice and tried Bit Defender. it installed ok but required the use of a “downloader” rather than a once off Full donwload. (Dislike) Ignoring that it ran well and all seemed ok. Then the next thing I know I’m hit by Bit defenders rather annoying habit of overwriting the browsers homepage with about:blank. At first I thought I’d got a malware attack, but on a short excursion to google I find this is a well known, persistent and incredibly annoying known fault with Bit Defender.

    *Dumped*

    In the end I’ve returned to the od reliables of Kaspersky or Norton for paying customers, and MSE for low rent customers.

    Running a repair shop I observe daily infections, with the worst offenders being Mcafee and the whole string of free suites.

    As a paid suite Mcafee is abysmal.

    Overall though regular updates, common sense and care make for safer Internet Connected computer use than almost any suite.

     
  30. WTF Says:
    January 31st, 2013 at 3:37 pm

    OTT Tabloid headline. One of the reasons I stopped subscribing to the magazine.

     
  31. JB Says:
    February 1st, 2013 at 9:45 am

    Got hit by Trojan horse Hider.MPR -
    which produced an avgui.exe exception and blocked avg web access, switched off Windows firewall,disabled security centre, blocked MS web access, disabled spybot and caused multiple random ut inactive avg free 2013 screens.
    Investigation by local PC centre unable to locate Trojan but found corrupted OS. – XP Pro svc.pack 3.
    Anyone know anything about this?

     
  32. Hider Says:
    February 5th, 2013 at 11:58 am

    I have seen “Hider” type damage on machines through the repair business.

    It would seem to me that virus writers are beggining to move towards the more disruptive end of the spectrum once again.

    In terms of cleaning, all the usual tools will work from a trusted download source.

    You need to clean out the active threats, sanitise the system with something like “unhide” which will correct your permissions.

    After that checking over with something like SFC /scannow (Dos Box)

    If your still have major errors it would be time to think about a clean install, if you can backup and reformat.

    Bear in mind that security and support for XP will end soon, so I would be considering moving up to Vista, or ideally Windows 7.

     
  33. Symon Says:
    February 14th, 2013 at 9:36 pm

    I’ve been using MSE for a while now: first coupled with Malwarebytes free but now with the Pro version. They seem to work together extremely well. Both are realtime proactive systems.

    Had Norton (never again,) Macafee, PC Tools+AV, Bit Defender free (paid version refused to work), Avira and Avast.

    I left Avast last deliberately as it is another I’ll not use again. That programme totally ruined my laptop, eventually requiring a full reformat of Windows. The meltdown occurred after an Avast update was received and I subsequently ran a pre-boot scan.

    So, Avast, in my view, stinks and if you are using it simply because of this Article, you may wish to think again. Avira is better.

     
  34. hjoseph7 Says:
    March 3rd, 2013 at 1:09 pm

    I tried a load of anti software programs that have gotten rave reviews from so-called experts and magazines such as CNET that have turned out to be total nightmares. Here is a list of programs I have tried:

    Mcafee Anti-Virus – Total nightmare, this is the most intrusive and annoying of all the AV programs. Constant pop-ups while you are working asking you to upgrade and Restart. I still celebrate the anniversary when I finally got rid of Mcafee 7 years ago.

    Next Trend Micro ! Trend Micro was OK for about 2 years, but the set up was diffcult and plagued with problems. I had to spend hours with customer service just to get it running. Renewing was also a huge PITA. On one of my renewals(while downoading the new software), I actually got a Trojan that disabled my computer to the point where I had to send it in and spent $75 to get it cleaned up. The Tech who cleaned my machine recomended Microsoft Essentials.

    Next Norton Antivirus + 360 ! Norton antivirius and 360 were very good, but I got tired of getting their misleading emails asking me to renew my subscription when I had just installed it ! These emails continued for about a year ! Norton customer service was clueless why I was receiving these emails messages ? But the BIG turn-off with Norton was their Automatic Renewal policies. Norton would arrogantly debit your credit card, sometimes 3-4 weeks early, without any warning notice. Out of the blue you would just get an email saying your account was billed for $75(just when the rent was due, or it was your wifes birthday). Another problem with Norton was that trying to talk to someone from customer service was like trying to break into Fort Knox.

    Next Avast ! Downloading Avast to Vista was a total nightmare on an XP computer it was not so bad but the scan was so slow I could go jogging for a couple of miles come back and the thing would still be running. Avast was also easily corruptible. The files would get corrupt easily and often, especially if the system went down prematurely. Customer service consisted of some guy from Germany with a heavy thick accent that was hard to understand.

    Next Bitdefender ! I really wanted to love this program. I was getting really tired of switching my Antivirus software. However I should have known better. The Bitdefender home page where you could download the program was a confusing maze filled with marketing tricks and slik placement of the download buttons to get you to purchase items you did not need or want. Nevertheless I managed to download a 2012 version of Bitdefender. The program worked well and the simple, uncluttered interface was refreshing compared to Norton AV and others. However I started noticing that my computer would freeze more often when surfing causing me to refresh the page alot. I though maybe it was the connection until I went to a page called Bitdefender (real) reviews and was shocked by what I read. Out of the 42 reviews 41 of them were negative. Allot of people posted that Bitdefender was freezing/slowing down their computer and that downloading the software was a huge PITA. Maybe the experts know something those people including myself don’t ?

    Next Microsoft Essentials ! I had MSE on my old XP computer for the past 2 years and it has worked without a hitch. I don’t remember having problems with any viruses in the 2 years since I installed it knock on wood. It’s the perfect “start it and forget it” software. No annoying pop-ups asking you to update and restart, no annoying emails, no annoying bills on your credit card, no renewals when you least expect it. Just use it and forget it and it’s free ! Of course I supplement it with 2 other very good programs SpyZooka and Malware-bytes Anti Malware software. Now I have this set up on my new Windows 7 Computer and on my laptop. So far so good, knock on wood…

     
  35. David Says:
    May 22nd, 2013 at 10:20 pm

    AV’s and anti malware programs is big, big business….

    it’s quite surprising you go to AV testing sight you get completely differing results going to another – so whos telling the truth, obviously it’s the testing method used.

    But how do they get and make their money what worries me…. I never go by the ‘glossy’ writes up’s and always prefer the one that suits my needs.

    No AV is perfect, you catch a virus that another AV will block. Go to any forum to judge their AV see problems folks are having.

    I hate any AV, Avast is one that uses ‘piggy back installs’ a big, big problem along with BSOD’s at the moment, Avast pushes Chrome Drive and Google Chrome – sometimes without ones knowledge it get’s installed.

     
  36. Daren Says:
    June 3rd, 2013 at 4:42 pm

    We use Forefront, and have had 4 infections in as many weeks. I used to love it, but not any more

     
  37. John Says:
    July 22nd, 2013 at 9:18 pm

    Some computer users certainly need good protection as they typically don’t recognize a situation that might install malware. Most security experts say the end user is the weak link in the malware problem. I don’t use anti virus software. Not since Windows 7. I typically use a online scanner once a month to verify my systems. I have yet to have one piece of malware that fully installed. It has found malware on my computer but it never had to opportunity to install and cause any problems. It basically just sat in a folder dormant. Just because your Anti virus program finds something, does not mean it saved you from disaster. I know plenty of security suites that classify some cookies as malware? I guess they want to make you think their software is working. The PC’s I have cleaned from family members were infected because they did something they should not have. Like clicking yes on a rogue install of Flash update or some sort of fake AV update. These were PC’s with some of the best security suites installed. Updated and fully activated. The end user that is educated on what NOT to do is far more valuable for security then and software.

     
  38. Anthony Duncalf Says:
    July 28th, 2013 at 8:18 pm

    If all your software is up to date and you have all the Windows updates you should be ok.This will prevent a lot of attacks getting onto your computer in the first place.

     
  39. Trevor Tyrrell Says:
    January 20th, 2014 at 9:04 pm

    I agree. An Ad-Blocker such as ABP (Ad Block Plus) can help prevent problems on Kids computers more often than malware attacks, in my opinion.

     

Leave a Reply

Spam Protection by WP-SpamFree

* required fields

* Will not be published

Authors

Categories

Archives

advertisement

SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010