Microsoft Fails Antivirus Tests, Vows Improvements
Microsoft is vowing to improve the performance of its home and corporate antivirus suites after the products received failing marks from a well-known testing firm.
Microsoft lost its certification from AV-Test, an independent IT security institute based in Germany. The firm's CEO, Andreas Marx, told CRN that Microsoft's corporate Forefront Endpoint protection and its Security Essentials suite underperformed in tests the institute conducted over the past four months.
"It's a bit unusual," Marx said. "Microsoft failed gaining our certification for the tests and this means from our point of view that the protection offered by the product got lower results."
[Related: Did You Hear That? Sophisticated Cyberattacks Don't Make A Lot Of Noise ]
AV-Test conducts tests on more than 30 products and releases results every two months. It pits the software against a selection of known zero-day malware samples, malware samples detected over the past two to three months, and widespread malware samples.
Microsoft's corporate Forefront Endpoint protection and its Security Essentials suite for home users failed to detect 28 of the zero-day malware samples it was tested against, detecting only 78 percent of the malicious files. Both antimalware suites detected 90 percent of the "recent" samples and 100 percent of the widespread malware.
Security experts say antivirus and other signature-based security technologies have had trouble keeping up with the ever-increasing number of malware variants in the wild.
Marx said AV-Test sees three new malware samples every two seconds. In 2012, the testing firm registered 35 million new unique malware samples.
NEXT: Microsoft Vows Antivirus Performance Improvements
Joe Blackbird, program manager at Microsoft Malware Protection Center, said the company would improve the performance of both products. He said the majority of the malware samples the software was tested against don't represent what Windows users encounter.
"When we explicitly looked for these files, we could not find them on our customers' machines," Blackbird wrote in a blog. "When we did our review, we found that our customer-focused processes had already added signatures that protected against 4 percent of the missed samples. These files affected 0.003 percent of our customers," Blackbird wrote in response to the antivirus tests, posted on the Microsoft Protection Center blog.
Nonetheless, Blackbird called the tests meaningful and said improvements would be made to regain the firm's seal of approval.
"We continually evaluate and look at ways to improve our processes. We know from feedback from customers that industry testing is valuable, and their tests do help us improve," Blackbird said. "We're committed to reducing our 0.003 percent margin to zero."
AV-Test's Marx said he agrees with Microsoft's response and indicated that the testing firm develops its processes to meet the growing number of malware strains in the wild. Antivirus software is typically good at detecting known malware, but virus writers release new malware samples quickly and only target very few users at the same time.
"Microsoft actually confirms our results," Marx said. "In our tests we are focusing on the prevalence of unique malware families. We are getting a lot of different viruses every day so we tried to cover as many malware families as possible."
PUBLISHED JAN. 17, 2013