MSE Missed 100% Of Malware In This Test

Not good to read this, and sort of affirms why I generally view places like AVC with much less weight than other considerations.

 

Not good to read this? Why? What will happen?
Andreas of AVC has worked with many AV vendors and knows more about AV testing than just about
any member of Wilders.

 

Well I still think this re-analysis is interesting cuz' you can see how other AV softwares perform in different areas.

 

I've always known that MSE was at the bottom of the heap. I still use it sometimes because signature based malware detection is also at the bottom of the heap in the security practices I use and minimal and baseline is good enough for my needs. The first sentence of the article says it all.

There are much better approaches to security than bloated AV suites that use up a lot of the host computer's resources. As far as signature based detection, I like the approach Mayahana pointed out of using a dedicated UTM firewall that takes the burden off of client computers and puts it in a dedicated machine and combines it with a lot of other security measures.

 

I agree. Right now Fortinet, Sophos, and Bit Defender Box seem to be the ones pushing forward. I like how Forticlient uses the IPS/FW of the UTM when you have it installed. Bit Defender Box is promising, but only 10/100...Moving a portion of endpoint security off to appliances/hardware seems logical.

 

Wow. So you can provide your own set of data to test yourself?

Is this as bad as it sounds?

We need Andreas to comment on this -- if he can.

Good for AV-C for clearly spelling this out in clear detail. There are two other testing organizations that I'm pretty sure would never divulge this information. This is more evidence for me that AV-C is the best tester going. They have professional standards and fully disclose the testing methodology -- apparently even at the risk of agitating the client.

 

the analysis in this supplementary report is based solely on Microsoft’s data. means based solely on Microsofts prevalence data (and on the formula created by Microsoft). the test-set is unchanged, just the calculation done with it is in that report based on prevalence data from only one single vendor (i.e. MS telemetry perspective).
(p.s.: I do not see what could sound bad in what is written in the report - it is all well-explained and disclosed, including our wishes to make it more significant in future).

 

I agree with A-V Comparatives 100% on this one. Everything was clearly delineated in the report. However, at least one poster in this thread thought that this MS sponsored re-evaluation negated the findings shown for MSE in the full comparative report using your standard methodology metrics which I do not agree with.

However, there is the question of whether re-scoring of test data with vendor supplied metrics dilutes and obscures the purpose and findings of the lab determined metrics for of the overall comparative test. I would think the proper procedure would have been for Microsoft itself to make public the reasoning for and the results of the test re-evaluation.

 

Unfortunately MS is the vendor who has the statistics of widest coverage about infection, it's bad and unusual situation as other field such as insurance have many more objective and reliable stats and this unusual situation allows AV vendors exaggerate threats to promote their products (actually insurance company do the same but they can't fool careful people and sometimes such exaggeration will just ruin their trustworthiness).

I have to admit MS also used their stats in flawed/deceptive way when comparing thereat against XP and 7, 8.

But I think that test makes some sense, tho I'm not fully convinced the logic that detecting more prevalent malware should be valued more than rare malware, cuz if you're infected you won't care much if this malware is prevalent or not. Often people don't have correct idea about probability.

At least it's good they published thier formula, it should eliminates doubt that they adjusted the algorithm to make their product better. The formula itself is not much complex, only thing bothers me is their stupid way to name valiables. We mathematics guys rarely uses more than 3 char valiables.

 

MSE consistently places at the bottom of the heap in all tests published by AV-Comparatives, etc., yada yada here on Wilders. It's really unclear to me why this app isn't considered as nothing short of an embarrassment to Microsoft.

 

Since 142395 brought up the insurance industry, let's use them for comparison. In the U.S., there is an organization called the Insurance Institute for Highway Safety. They test the crash worthiness of vehicles sold in the U.S.

First, note that a third party is sponsoring and paying for these tests; the automotive insurance carriers, not the auto manufacturers. Next, this group does allow for re-evaluation of test results for a particular auto model. However, only after the manufacturer has made modifications to the vehicle to correct the defect and the vehicle is subjected to the same test and scoring metrics as the first test.

Ref: http://www.iihs.org/iihs/ratings

 

And you would still end up with "almost" nothing. Pity the **possibly offensive word removed** that use this as their first and only line of defense.

Edit: Notwithstanding the inarguably efficient Windows firewall in tandem.

 

Is still an addition to other security tools.
Although I know from some people on WS that they're not using AV.

 

This is why I am interested in seeing an updated MSE prevalence report to see if Microsoft is continuing the same approach.

 

Found another article that accurately describes the current status of MSE: http://www.makeuseof.com/tag/replace-microsoft-security-essentials-proper-antivirus/

The author does bring up two important issues among many others:

1. The current lack of protection features in MSE compared to it's competitors.
2. The sheer number of MSE installations worldwide.

In others words, the above two factors alone makes it a preferred target for malware developers; especially those in the fake AV camp.

 

Nothing new here. Just a rehash of previous articles.

 

Well, it probably is actually better than nothing. But I have been thinking very seriously about being in the same position as the **possibly offensive word removed's** for quite a while now with MSE. For one thing I'm so distrustful of MS monthly update patches I have the auto-update turned off. Which in effect means I have to manually update MSE every eight hours. After some deliberation I have uninstalled MSE from my Win 7 machine and installed Panda Free. I've used it on other computers before and I'm familiar with it. It appears to be running fine.

 

I found a PC Magazine article that explains the A-V Comparatives re-test of MSE using Microsoft supplied metrics. A bit of an easier read than delving into the detailed report at A-V Comparatives: http://securitywatch.pcmag.com/secu...-from-cellar-to-stellar-in-new-antivirus-test .

The gist of the Microsoft metrics was that their criteria reflected the actual prevalence of malware in existence and that MSE was "tweaked" to detect the samples with a higher incident rate. Hum .............. Sounds to me somewhat similar to the protection provided by Malwarebytes Anti-Malware that readily admits they concentrate on protecting against current threats only. However, the most important point to me is what I highlighted in bold in an excerpt from the article.

Microsoft commissioned the well-known lab AV-Comparatives to re-evaluate a recent test taking prevalence of samples into account. This was a simple file detection test—run an antivirus scan with each product and note how many of over 100,000 samples it detects.

 

This topic was discussed in greater detail when the tests originally came out. I suggest you search for threads discussing this topic.

 

The only time in the last few years when I've been infected that way was on a work computer that was not kept updated (I got infected twice when browsing). The work computer had outdated versions of Flash and Java. On my own laptops, the only time I ever get infected is when I run an infected download. That's with using no web filtering or blocking, and running as administrator with UAC turned off.

Maybe I've just been lucky. But, I've visited plenty of websites that Google or my browser has warned me against visiting due to them being infected, without infecting my computer.

 

What baffles me the most is why ppl still wonder about MSE detection quality. C'mon ppl, it has ZERO proactive features and it updates once per 24 hours assuming you don't miss the schedule by having PC turned off when it should update... Technologically, it's what other antiviruses were 8 years ago... But yeah, it's easy to use I guess...

 

I'm sort of in the same boat. Keep everything up to date and the only thing my anti-virus ever detects is legitimate software.

 

If you're not a target, anything more than a drive-by download that you have to manually execute is like winning the lottery, as long as you are up-to-date.

 

I've never totally understood MSE's updating cycle. It appears that signatures are updated every eight hours, although it won't inform you of when you are out of date for at least twenty four hours. If you are updating manually this can become a bit of a chore. Even without proactive features it had very high detection scores originally. In fact, it was very good at detecting drive-bys amongst other threats. What puzzles me is why that has so drastically changed in recent times. My guess is that it is all to do with the corporate policies of bundling MSE/Defender with Win 8 and perceived anti-competitive issues.

 

I don't know how that crash worthiness is used to calculate rates but in AV industry even such calculation is impossible. I don't know how Avast user will likely to be infected and how much degree damaged when infected, and how Bitdefender.. (goes on). Also tho they may conspire to raise rates, that can be and actually have been accused by comparison with general stats. As to crash worthiness per vehicle types, probably there's no general stats. However you can roughly calculate how you'll likely to get cancer in all your life assuming you live up to X years old, or you can calculate how you'll likely to get car accident in 5 years from now on, or even calculate possible lost $ in average from those general stats. AV industry simply lacks such general stats made by ministries or independent agencies (maybe availability for such stats vary on each country. I guess U.S have such general stats but not sure about French as French don't have national census).
Also I don't comment on the fact that those insurance products are made to make money for those company (quite natural), and fact that sales person ofc tries to make you to believe his product is necessary and its reasonable. That's completely another story.