AV-Test Results for Sep/Oct Now Available

Really? What about Andreas Marx? I guess he is just a simple Wilders' member...
Microsoft Security Essentials loses AV-TEST certification

Kaspersky and Bitdefender, for example,have Both much Lower Market Share than MSE.
-Does this imply that MSE offers a better Protection than Kaspersky and Bitdefender?
-Since when Market Share, which is a Quantitative factor, has been associated with QUALITY?

Once more, Market Share tells me nothing; especially when MSE is Free.
How many do you think would have paid for MSE IF MSE had Not been Free?
After such a Low-Scoring in recent Tests, Not Many ones...

About "Predictions": I hope MSE Not to end up like OneCare...

Talking about Repair Shops, most infected PCs that come are running MSE...HERE

On the other hand, I see many infected Networks running MS Business Products every day.
The last one was yesterday: a big Hospital with several hundreds PCs "protected" by Microsoft Forefront...

Just go to the Malware Removal Fora and check -by yourself- to see
how many Windows users are infected and seek help.
Then, you -may- realize that all these Microsoft "Security" features
-you just mentioned-
FAILED to protect users.

Users who run IE, MSE etc.

IF Microsoft products had been so effective (the way you presented them...),
then Everybody would have used nothing but Microsoft!

We both know that Reality is much different...

Do Not bet on that...IF MSE continues to perform as it does, they will care.

Microsoft would like to beat beat Google as a Search Engine.
The truth is that Microsoft canNot beat Google as a Search Engine.
With Yahoo! and Bing they do Not have many possibilities.

Most users are running infected PCs, too. More than 80% of users...

Imagine what would have happened IF MSE had many FPs apart from its Low-Scoring on Tests...

 

https://www.nsslabs.com/reports/consumer-avepp-comparative-analysis-exploit-evasion-defenses

 

I assume this means that some AVs don't scan zipped files. This is only in default configuration. Most AVs have option that you can check to scan all archived files. So the criteria for these tests seemed to be skewed towards MSE.

 

f-secure removed the option to scan zip files with on access which would explain the result.

 

It strikes me as being odd that Norton wouldn't scan archives on-access by default, given that it's sister product does. But most products give you this option.

 

So how many users will check that? Mostly hobbyists.

 

Too much drama just because of a test for MSE.
Relax

 

Consumer AV/EPP Comparative Analysis - Exploit Protection
https://www.nsslabs.com/reports/consumer-avepp-comparative-analysis-exploit-protection

Between 65% and 75% of the World is poorly protected,
and 75% to 85% in North America is poorly protected.

~ Removed Copyrighted Image - See NSS Labs Terms of Use ~

 

if we look at this one

https://www.nsslabs.com/reports/consumer-avepp-comparative-analysis-exploit-evasion-defenses


microsoft 100% < the winner O.O

 

My case on MSE:

http://answers.microsoft.com/en-us/...-884e-4901-a7e7-63f35f164355?tm=1354644839654

 

What you uploaded to VT is rar archive and if you send a archive file to MMPC, it is treated with low priority. This is not a rule but just what I have noticed because I often submit them and other samples. Generally, they are fast (if not archive file) but sometimes such things happen. They do not treat it high priority, their telemetry shows this perhaps.

 

Nov. 2009 I installed MSE and said I'd keep it until I got an infection...still waiting.

 

well
I have the sample on my own system....it is zipped
if I extract it,my ESET will catch it....if I disable my antivirus,you know what will happen ;-)

I v checKed virus total and MSE is still out of the ring.....

~ VirusTotal Results Removed per Policy ~

It s not zero day any more,it s 1 week old
That s very bad for microsoft

 

MSE is not meant to protect against 0-day threats (zero day - the way you mean it). I showed you it is actually blocked If MSE (which engine and definitions go to big companies, too thanks for Forefront and System Center) was meant to kill zero day this way, lots of false positive could apprear. It takes MMPC 6 hours to deeply test each and every new definition update before G.A. against huge database of known clean files - to eliminate FPs.

 

No doubt about it...

Other Endpoint solutions react, by far, much faster without having FPs.

Six (6) hours is 'Too Late' especially when Malware spreads rapidly...

 

SSF is in IE8 too, as is Protected Mode. So every version of Windows since XP is covered in this regard.

I agree with other posters that say MSE was designed with the other integrated layers of Windows OS's in mind, while other AV's are not. This without question creates a less than accurate portrayal of their relative effectiveness in such a test.

 

PJC,

During my not so long ^career^ in the IT industry I have seen so much chaos caused by false positives from 3rd party vendors. I have had severe issues caused by false positives from Norton IS , McAfee and Symantec endpoint antivirus, AVIRA, Avast, etc. I have seen important top high priority programs deleted, detected, blocked, etc, which causes users stop working, loosing money. They call me to visit them and fix issues caused by such mistakes. I have seen productive servers disabled and cannot boot due to false positives. This has never ever happened with Microsoft products - not a single mistake. I can finally sleep well You can ask many people, they will all confirm - MSE and brothers produce practically 0 FPs.

I totally can't agree with you that "other solutions react" (like ALL other solutions but MS react) , because I've seen lots of malware override popular big names like Norton and Kaspersky, and Windows Defender (this ^silly stupid program^ that is there in Vista and 7, that program which everyone disables because ^it is ineffective^) finishes the job, updates, deletes the Trojan and fake program, restores back original stuff and voila - problem gone.

For such situations, which are not common in today's reality, MMPC can react appropriately. Just to let you know - today's malware created by professionals is not made to spread so rapidly and visibly (as it used to do). Today, it has to find the right victim and to remain under cover as much as possible to steal information. For the so called zero day web malware (the one you refer to) - Microsoft as a vendor has created other technologies that can guard the users - I have mentioned some in my posts above.


To get back on topic, let me conclude that each and every vendor has its own positives and negatives. For the specific test, AV-Test and other testing orgs need to change their testing methods to reflect better the reality (for most and for MS programs particularly). This is my opinion. I do respect your own, too. Take care!

 

Unfortunately,it is more than that my friend,the malware I had mentioned has not been detected yet( and it is more than 6 days of my submission)
(I cannot show virus total results because it will be eliminated by the moderator....I ll send you the analysis in a private message(and anyone who wants))

I have two questions:

1-How this Smart Sceen work?( Is it based on reputation,behavioral,malware signature database.....?)

2-as you mentioned,there are other layers that cooperate with MSE on catching malwares(such as Smart Screen).
Does that means MSE is not enough for systems not using these additional layers( fore example a user with Win 7 and google chrome browser)?
I mean,for a user that doesn't have Win8 and IE....isn't MSE a satsfactory choice(comparing to 3rd parties)?
Thanks in advance

 

Very good post.

 

"Cloud based" technology built in IE 9/10 and in Windows 8. Based on reputation, kind of. Microsoft own data collected through different sources and mechanisms.
It started in IE 7 - was only phishing protection. In IE 8 - it was only protection against phishing and protection against sites that host malware. In IE9/10 it has dramatically improved. It includes protection against phishing sites, malware hosting sites, against malware files.

For the files - when you download a file via Internet based application (such as browser or other) or IE9/10 particularly, Windows or IE will connect to the MS server, send the hash of the file and warn you if the file is definitely harmful or has bad reputation (not commonly used). It won't inform you about good files. Smart Screen in IE warns after the files has been downloaded. The one in Windows 8 warns if you try to execute malware or harmful file (actually by default it blocks executing malware or potentially bad files).

Yes, many other layers.

Microsoft as a vendor is only responsible for their products. That is why they use and create their own technology for guard the main products (Office, Windows). Microsoft can't or do not want to cooperate with other vendor's technology. MS has their own browser, their own mail service, their own spam filter, their own AV, labs, etc..... MSE alone is just one guard that lacks many other important protection (protection available in other MS products). So, IMO you need to other 3rd party products to help your antivirus (MSE) or switch to MS technologies that cooperate with MSE.

Win 7 is not the latest MS technology, Chrome is not MS technology at all.

I can't advise definite YES or NO. Maximum protection is only guaranteed if all protection mechanism and technologies are used (which is not your case). However, it very much depends on you and your habits. Some people don't get infected at all and run no AV at all. If you insist of using Chrome, you can add some other protections to help you remain safer. Microsoft products for web protection (direct and indirect) include: Windows Update, MS AV, Internet security settings, UAC, Protected mode of IE, Smart Screen filter. With Chrome, you miss some but you can have them from other vendors (if you trust them). It is user's choice. Windows Smart Screen Filter in W8 cooperates with Chrome because it is a browser. In Windows 8 there are also MS own Adobe Flash player version, own PDF viewer, etc.

 

As far as NIS 2013 goes, it does scan compressed files by default. See below.

I beleive the NSS Labs article refers to scanning upon download? NIS would detect any malware in a zip file upon access of the archive or its next scheduled scan.

Now as I recollect, NAV has a different setting as far as archives go. I believe it does not scan archives by default. Why I don't know.

Personally, I always perform a manual scan of all downloaded archive files.

Compressed File Scan

Scans and repairs the files inside compressed files.

By default, Compressed File Scan option is turned on. In this case, Norton Internet Security scans and detects viruses and other security risks in the files within compressed files. When Norton Internet Security performs such a scan, it extracts a file and then checks for threats inside the file.

Norton Internet Security does not scan and repair password-protected compressed files.

The other options in this section are configurable only when you turn on the Compressed File Scan option. This setting include:

• Remove Infected Folders

When this option is set to Automatic, Norton Internet Security automatically deletes the infected compressed folders from your computer. Even if one file in a compressed folder is infected, Norton Internet Security deletes the entire folder and all its contents.

However, if you set this option to Ask Me, Norton Internet Security alerts you when it detects an infected compressed folder.

 

^Does this apply to the real-time scanner as well?

Yeah, download scanner, maybe. I know PC Tools does it - you can test it very easily - just download the double zipped EICAR file and see for yourself

 

I am over 40 years old, and my IT career is definitely long...
I have seen Malware disabling Servers which, in turn, could not boot.
I know that MSE offers 0 FPs. It offers 0 protection, too.
I've seen that often; very often...

On, the contrary, it is MSE that fails to protect against Trojans.
Go to the Malware Removal Fora and see for yourself:
The majority of users asking for help -because they are infected- are the ones who run MSE.

When their Favorite AV scores Low, Fan-boys attack the AV Testing organization.
Please, show a little Respect to AV-Test.org, because it has been
one of the most well-respected AV Testing organizations.
Would you have claimed that AV-Test.org needs to change their Testing methods IF MSE had scored High?
No, you would Not have claimed that.

 

same from me for mse. i dont have 40 years but i do have a pretty long history and i see the same from mse ALL the time as pjc. imo its a worthless program that should not be pushed the way it is because it simply does not offer the level of protection people believe it does. and when it does good in one test here or there i simply shrug it off because i know real world use is far from what any of the tests that show it doing really good really show. i believe in REAL world use that tells the true tale of how a av performs and i have dumped a number of them due to them not meeting how well i wanted to see them do on a real world machine throwing malware at it.

i do read tests and i do care about the results but not so much to dump a av at the drop of a hat, for instance i use eset and have for YEARS on many systems even when it does not do good on some tests which i have seen. same currently with wsa i really like it and it does not always do well. but i have seriously put it through the ringer and i have yet to be infected while using it and im trying to be to see how well it protects.

 

sorry my friend,but with all the respects,I have to disagree with you.

1-What we are trying to say is that MSE lacks what some big vendors have,you say other windows security features can help MSE against malwares.
These other layers(such as Smart Screen,as you described precisely...and thank you for that) can also help Avast users,they can help ESET users(and other AVs),So an Avast user(just for example of better protection) can be more safe(I didn,t say SAFE AT ALL) because of his better core antivirus software.
besides,Internet is not the only way to get infected.Imagin a win 7 user who encounters an infected flash drive....there will be no IE smart screen...so there would be some time that it is up to your mere antivirus.

2-this is not a good policy for microsoft,because the user will be more limited,he has to use other softwares of Microsoft,because MSE cannot protect him by itself (as it should),but 3rd party AV users have more options.they can use Chrome as the browser and they can stay with Win7(offcourse using Win 8 would be an advantage)

3-av-test(and other standard comparison sites) tries to compare AVs on the same circumstances,and that should be the way
Using the same system features(such as win7) you can see which AV can protect(repair,perform) in a better way

4-Believe me, Win 8 users are not that protected with MSE(Windows Defender)....I mean comparing to others(having win8 and a good 3rdparty AV).
we have a test here:
http://www.comss.ru/page.php?id=1119

I dont emphasize on the result(percentage),but you can see Microsoft AV is not perfect(if we don't wanna say "the worst")
If Microsoft doesn't improve their MSE,AV-Test results on Win8 will be the same

I think that s enough for MSE.