Updated Monday, December 3, 2012, at 11:45 a.m. PDT with comment from Microsoft.
Updated Friday, November 30, 2012, at 1:00 p.m. PDT with comment from AV-Test.org.
In a month of uneven Windows 8 news and reviews, Microsoft is taking another hit. This time, its freeware Security Essentials finds itself in the crosshairs.
Independent German security suite evaluators AV-Test.org publish bimonthly tests that rate the effectiveness of the biggest Windows security suites out there, and the recently published results showed that MSE failed to earn certification on the most recent test. MSE was the only suite to fail out of the 24 suites tested on Windows 7 during September and October.
"Microsoft is offering a baseline protection with MSE. However, the majority of free and paid security offerings from 3rd parties includes a better protection against current threats," wrote Andreas Marx, CEO of Av-Test.org, in an e-mail to CNET. The low scores in the "Protection" category, he wrote, are "especially related" to the low blocking rates against zero-day malware. MSE stopped only two-thirds of them, whereas many competitors did significantly better. Marx explained that blocking zero-days is "the most important feature in today's protection mechanisms," since more than 90 percent of malware comes from Web sites distributed by downloads or e-mail attachments.
Marx did write that Microsoft was 90 percent effective at blocking malware from sources like USB keys.
A Microsoft spokesperson replied to an e-mail requesting comment on the test results by not actually addressing the issue raised by AV-Test's results.
"Microsoft prioritizes protection based on impact and prevalence of malware affecting Microsoft customers from a global perspective. The Microsoft Malware Protection Center actively supports third-party testers to use similar methodology in their test results. We reaffirm that Microsoft is committed to providing a trustworthy computing experience and continues to invest heavily in continuously improving our security and protection technologies."
The news is potentially more damaging for consumers because Microsoft Security Essentials is, according to Opswat's September 2012 market share report, used by almost 14 percent of the security market worldwide. In the U.S. alone, it commanded nearly 27 percent of the market as of September.
As PC Magazine noted, 16 out of the 23 vendors scored worse this time than during the previous Windows 7-based test in May and June. AVG has AV-Test benchmark its free and paid suites, which accounts for one more suite tested than there are vendors.
Following CNET's report in September on security suite vendors' struggles in AV-Test's Windows XP-based test, there's a clear downward trend in AV-Test's results during 2012.
Microsoft Security Essentials has never been a particularly strong antivirus suite when it came to effectiveness, but it wasn't terrible. Its marks on the previous Windows 7 tests this year in April and May and May and June were good enough to pass the 80 percent prevention mark of zero-day samples on three out of four tests, and reached 76 percent on the fourth test.
However, on the most recent test it couldn't even crack the 70 percent barrier on zero-day prevention. That, plus a remarkably weak ability to remove infection components, kept MSE from being certified.
It's rarely a good idea to trust one test's results on which to base an entire judgment, but there's no doubt that these scores are a major cause for concern, not only for people who use Microsoft Security Essentials, but also because a lot of MSE has gone into Windows 8 security. However, AV-Test's Marx said that Windows 8 security is probably safer than Windows 7 with MSE. "The situation on Windows 8 (with Windows Defender) is most likely better than on Windows 7, thanks to further and additional protection mechanisms which are in place on this platform," he said.
Nobody wants to deal with a computer virus or malware infection, though, so I'd recommend that people running MSE change to another, better regarded free security suite as soon as possible. Avast or AVG have solid security reputations. The current AV-Test top-rated suite for security efficacy is Bitdefender, but the cheapest version starts at $39.95.