Independent tester: Security Essentials 'very good'

Microsoft's free Security Essentials antivirus software identified 98% of over half a million malware samples, an accuracy rating an independent testing company called "very good" today.

Germany-based AV-Test.org tested Security Essentials, the free software Microsoft shipped Tuesday, on Windows XP Service Pack 3 (SP3), Vista SP2 and the final code of Windows 7, against two different collections of malware, said Andreas Marx, one of the firm's two managers.

The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. "All samples were successfully detected and blocked during our on-demand and on-access tests," Marx said in an e-mail today.

The second test sicced Security Essentials on a much larger set of malware. Of the 545,3444 malware samples in that collection, Microsoft's software nailed 536,535, resulting in what Marx characterized as a "very good detection score" of 98.4%.

In a follow-up test of adware and spyware detection -- Security Essentials also includes anti-spyware scanning -- Microsoft's software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.

This is the second time that AV-Test.org has run Security Essentials through the mill; when Microsoft launched a limited preview in June, the group tested the beta. Then, the free software also breezed through the WildList , spotting every sample in the 3,200-plus set.

Security Essential's final version also successfully identified and deleted all 25 rootkits AV-Test.org threw against it, Marx said.

But there were some things that Microsoft's program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don't rely on specific "fingerprint" signatures to match against a potential threat. Security Essentials lacks any such technology.

"We found no effective 'dynamic detection' features in place," Marx noted. "None of the samples were detected based on their suspicious behavior. However, other antivirus-only offerings doesn't include dynamic detection features, either. In most cases they are only available in the Internet security suite editions of the products."

Security Essentials was also able to completely scrub a PC when it did detect malware. "In many cases, traces of infection were left behind," said Marx, ticking off several examples, including empty "Run" entries in the Windows registry and modified "hosts" files. The program also failed to switch on the Windows firewall after a piece of malware had deliberately disabled it.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine