Skip to navigation
Latest News

Microsoft Security Essentials misses 39% of malware in Dennis test

Microsoft Security Essentials

By Barry Collins

Posted on 19 Dec 2013 at 15:24

The latest tests from Dennis Publishing's security labs saw Microsoft Security Essentials fail to detect 39% of the real-world malware thrown at it.

Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender.

While the other eight packages all achieved protection scores of 87% or higher - with five scoring 98% or 99% - Microsoft's free antivirus software protected against only 61% of the malware samples used in the test.

Microsoft conceded last year that its security software was intended to offer only "baseline" performance, saying it wanted to "give customers a good reason to pay for their [security] products" because that would create greater diversity in the market and make life harder for malware writers.

Nevertheless, the company insisted that Security Essentials provided "strong, comprehensive defence against malicious code and attacks".

Norton Internet Security received the strongest protection rating in DTL's tests, detecting 99% of the malware used. Taking into account false positives against legitimate software, Kaspersky Internet Security 2014 provided the best overall level of protection.

The full results from Dennis Technology Labs can be downloaded here, along with results for small business and enterprise software.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

SE is only intended to be 'better than nothing'

It's good that PC Pro are reminding readers that Security Essentials offers quite poor protection but this should not be a surprise. Microsoft have made it transparent that SE is only intended to be 'better than nothing'. I think it's only purpose is to protect those users who give little or no thought to whether they have protection or whether it is functional. For this reason I still feel pleased that SE exists and feel that it serves a purpose even though all sensible users should install a superior product.

By Mark_Lawrence on 19 Dec 2013

C'mon PCP

No mention in the article the McAfee was actually the worst (despite being a paid for product)
No Bullguard included?

By JStairmand on 19 Dec 2013

It would be interesting to see if Security Essentials would have performed better if the test systems had been patched - they were running an unpatched W7 SP1.

By Mark_Thompson on 19 Dec 2013

Where's Total Defense Antivirus (formerly CA Antivirus)?

By malfranks2 on 19 Dec 2013

Windows 8.1

I wonder whether if - indeed I expect that - Security Essentials under Windows 8.1 might have fared better? Isn't Win8 an inherently safer o/s than Win7? But overall it's a pity. I like SE and have never had any problems with it and viruses but this sort of testing makes it difficult to recommend it to clients as a complete solution.

By jmiii on 19 Dec 2013

Engine or AV signatures.

I'd be interested to see the latest versions like Kaspersky 2014 tested against Kaspersky 2013.

Both versions using the latest AV signatures.

By synaptic_fire on 19 Dec 2013

What? The Pope's catholic?

People complain that Windows come with no anti-virus, yet Microsoft knows that if it provides something competitive it will end up in the courts. Damned if you do and damned if you don't...

By DArtiss on 20 Dec 2013

Installed Avast ...

... and quite clearly asked it not to install anything other than Avast and it still bloody well installed Chrome browser and Google toolbar. When are these companies going to learn! All instantly uninstalled again.

By jgwilliams on 21 Dec 2013

@Mark_Lawrence

I use SE, so I guess in your eyes that makes me a reckless naive user? Actually, sensible users are able to assess their risk profile. They can assess whether SE is adequate for their needs, perhaps (as in my case) augmented by an occasional scan using Malwarebytes, and by keeping their Windows installation bang up-to-date. And if I need to surf in shall we say the uncharted waters of the Internet, I use a VM – I love that bit at the end where it asks ‘Save any changes?’ NO be gone nasty popups!

By rjp2000 on 21 Dec 2013

@Mark_Lawrence

I use SE, so I guess in your eyes that makes me a reckless naive user? Actually, sensible users are able to assess their risk profile. They can assess whether SE is adequate for their needs, perhaps (as in my case) augmented by an occasional scan using Malwarebytes, and by keeping their Windows installation bang up-to-date. And if I need to surf in shall we say the uncharted waters of the Internet, I use a VM – I love that bit at the end where it asks ‘Save any changes?’ NO be gone nasty popups!

By rjp2000 on 21 Dec 2013

Norton is junk.

Any study that claims Norton is good was rigged. The same can be said for McAfee. They are what every hacker expects to encounter, and are bloated resource hogs. In my experience as a computer repair professional, they do not work in the real world. They have such a narrow definition of virus that they miss adware, spyware and scamware every time.

As for Microsoft Security Essentials, it like any in inadequate alone. Users also need an antispyware like Malwarebytes antimalware to catch what doesn't match the definition of a virus, which most of today's threats do not.

Norton products would be too expensive at free, and Security Essentials is free.

By compuwiza1 on 21 Dec 2013

Norton is junk.

Any study that claims Norton is good was rigged. The same can be said for McAfee. They are what every hacker expects to encounter, and are bloated resource hogs. In my experience as a computer repair professional, they do not work in the real world. They have such a narrow definition of virus that they miss adware, spyware and scamware every time.

As for Microsoft Security Essentials, it like any in inadequate alone. Users also need an antispyware like Malwarebytes antimalware to catch what doesn't match the definition of a virus, which most of today's threats do not.

Norton products would be too expensive at free, and Security Essentials is free.

By compuwiza1 on 21 Dec 2013

Word

"unpatched W7 SP1."

...Which makes this report less than worthless

By rhythm on 21 Dec 2013

Invalid Test

Testing against an unpatched system makes no sense, since the very process that updates the antivirus software updates the OS too in Microsoft's case. Who's smart enough to update their virus definitions but dumb enough to not apply OS patches?

Maybe MSE would still have scored lowest but this test isn't valid. Test against a fully patched system and then compare the results. Why would MS waste time coding for viruses and malware that their system patches already protect the user from?

By TimUs on 21 Dec 2013

Dumb Test & Dumb Testers

I just signed up here to comment. Using Safari for Windows, no CAPTCHA showed up on the registration page. I used Google Chrome and it showed up just fine.

If the testers were using unpatched Win7, for shame. You should not get paid.

This advice is from experience. I work on computers, removing viruses and performing tune-ups for a living in a brick and mortar shop. I easily fix, a thousand computers a year. Your best defense against viruses is DON'T USE INTERNET EXPLORER and to a lesser degree, Firefox. Both are vulnerable to viruses. DO USE SAFARI OR GOOGLE CHROME.

From my experience, it doesn't matter what anti-virus you use. If you are using IE or Firefox, you will get a virus. The virus will install itself and turn off your anti-virus. I've seen it happen while I was using Firefox a couple of years ago and have not seen any reason to trust it again.

After I finish fixing someone's computer, I always install and make Chrome their default browser. The ONLY time they ever come back for virus removal is if they used IE.

The shop I work in, installs MSSE on ALL computers when they are done and we update Windows and several other critical programs.

Incidentally, I've seen MSSE remove a virus that AVG Free could not.

Lastly, personally, I use one more line of defense in the form of a custom HOSTS file. Search for "mvp hosts file."

You're all welcome!

By PCtechGuy on 21 Dec 2013

Dumb Test & Dumb Testers

I just signed up here to comment. Using Safari for Windows, no CAPTCHA showed up on the registration page. I used Google Chrome and it showed up just fine.

If the testers were using unpatched Win7, for shame. You should not get paid.

This advice is from experience. I work on computers, removing viruses and performing tune-ups for a living in a brick and mortar shop. I easily fix, a thousand computers a year. Your best defense against viruses is DON'T USE INTERNET EXPLORER and to a lesser degree, Firefox. Both are vulnerable to viruses. DO USE SAFARI OR GOOGLE CHROME.

From my experience, it doesn't matter what anti-virus you use. If you are using IE or Firefox, you will get a virus. The virus will install itself and turn off your anti-virus. I've seen it happen while I was using Firefox a couple of years ago and have not seen any reason to trust it again.

After I finish fixing someone's computer, I always install and make Chrome their default browser. The ONLY time they ever come back for virus removal is if they used IE.

The shop I work in, installs MSSE on ALL computers when they are done and we update Windows and several other critical programs.

Incidentally, I've seen MSSE remove a virus that AVG Free could not.

Lastly, personally, I use one more line of defense in the form of a custom HOSTS file. Search for "mvp hosts file."

You're all welcome!

By PCtechGuy on 21 Dec 2013

@PCtechGuy

The list of rubbish in your post would indicate you're not actually very good.

By JStairmand on 21 Dec 2013

Amongst the dross....

... there are some interesting points made and what would be really nice would be if PC Pro could get some sort of response from Microsoft about the testing methodology. My feeling(hope) is that if you are running a fully patched 64bit version of Windows 8.1 with MSE you are pretty safe. If you are running an unpatched out of date o/s on an already infected computer then MSE isn't going to be your best choice to sort things out.

By jmiii on 22 Dec 2013

Dennis Test

Why does DTL not test ESCAN, from India?

It is ahead of Kaspersky and ESET in Virus Bulletin tests every time.

By MBELT on 23 Dec 2013

Dennis Test

That is in 2013.

By MBELT on 23 Dec 2013

Dennis Test

That is in 2013.

By MBELT on 23 Dec 2013

@PCtechGuy

https://www.nsslabs.com/system/files/public-report
/files/2013%20CAR%20Browser%20Socially%20Engineere
d%20Malware.pdf

You really need to keep up with current research on browser technology before giving advice to people. Independent research shows IE to be the safest browser (see above link). If you have worked with computers for as long as you say you have then you should have heard of NSS labs.

Like J Stairmand said - it doesn't look like you are very good. The best protections against malware on the internet are selectively turning off active scripting, sandboxing and using anti executable software.

By creepypixie on 23 Dec 2013

@PCtechGuy

By the way, did you know that when you type in the Chrome address bar the characters you type are sent to a Google server?

This is the ADDRESS BAR not the SEARCH BAR!

Most right-minded people characterise Chrome as Spyware.

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

@Norton is junk

Not really. The test shows that Norton is very good at screening INTERNET threats. The problem with the test is that it doesn't take into account attack vectors like USB sticks, e-mail etc.

Norton's file based scanning is just terrible. See the AV Comparatives and AV Test websites for confirmation...

By creepypixie on 23 Dec 2013

Not patched= not relevant

That fact that they didn't use a patched version of Windows makes this test junk. AV-TEST or VB are much better resources as they show much more data or the test, and test more AV's.

For endpoints the number one AV needs to be the users. Even a great av and spam filter won't stop a dumb user from clicking on a attachment from an unknown user.


On the server side that is protecting an entire organization and their customer's information none should rely on just one AV. Use multi scanning from OPSWAT and sandboxing to get the best static and dynamic results.

By Blue18 on 26 Dec 2013

Avast has wrecked my machine

Installed Avast, it caused a BSOD. It booted one more time, now it won't boot, even into safemode, and the restore points aren't helpful either. Stay away, or at very least make sure you back up your system before install.

By Mickyb on 26 Dec 2013

Not patched= not relevant

That fact that they didn't use a patched version of Windows makes this test junk. AV-TEST or VB are much better resources as they show much more data or the test, and test more AV's.

For endpoints the number one AV needs to be the users. Even a great av and spam filter won't stop a dumb user from clicking on a attachment from an unknown user.


On the server side that is protecting an entire organization and their customer's information none should rely on just one AV. Use multi scanning from OPSWAT and sandboxing to get the best static and dynamic results.

By Blue18 on 26 Dec 2013

Dennis Technology Labs responses

Hello all.

My name is Simon Edwards and I am Technical Director of Dennis Technology Labs.

It's great to see that so many of you are interested in this test, in one way or another!

The points, questions and accusations that some of you raise are fairly common and tend to appear on other internet forums fairly regularly.

I've tried to summarise them as best as I can and respond below.

For those who wish to stay in touch Dennis Technology Labs has a Twitter account (@DennisTechLabs) and a website (www.DennistechnologyLabs.com), while my personal Twitter account is @spgedwards.

Anyway, here's what I'd like to say in response to the above comments:

When we, at Dennis Technology Labs, publish results from our anti-malware tests internet users can be predicted to raise a number of questions, points of opinion and direct accusations.

Here are three of the most common, along with my responses:

1. The test is rigged because I don't believe that Product X would do well but it did. (Or Product Z performed badly but I know that it's good).

The test is not biased in favour of any vendor or vendor's product. Claims to the contrary should be accompanied by evidence.

We deal directly with all vendors involved in our tests and any corruption on our part would, I have no doubt, be discovered and publicised very quickly.

Our reputation is crucial and cheating in tests really makes no sense from a business perspective.

2. Testing on unpatched systems is pointless and produces worthless results.

Anti-malware tests by all well-known testing labs, including Dennis Technology Labs, AV Comparatives, AV Test and NSS Labs focus on testing the actual security software and not other elements. For this reason no tester runs what we call 'security endpoint' tests with the very latest Windows patches deployed.

To use a tired car analogy, if you were to test tyres you would use sub-optimal conditions, such as wet roads and sharp bends. Similarly, providing vulnerable software used by today's malware allows testers to stress the anti-malware software and determine which products are most effective.

In fact, what we see in terms of threats are far more likely to target third-party applications rather than Microsoft Windows components.

In an experimental test that we ran last year, we found that patching Windows with the very latest updates (on a daily basis) had a small effect in preventing the threats, but not enough to make much difference in a test such as we run.

That said, we're not saying that updating Windows is pointless. Far from it - it makes a lot of sense to fix known vulnerabilities.

3. Why doesn't this test include Product Y?

The way that we test is very detailed and labour-intensive. This means we are quite restricted in how many products we test.

Any anti-malware vendor is welcome to engage with us and discuss the inclusion of its products into the test suite.

By si_ed on 16 Jan 2014

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.