October 01, 2009, 1:48 PM — Microsoft's free Security Essentials antivirus software identified 98% of over half a million malware samples, an accuracy rating an independent testing company called "very good" today.
Germany-based AV-Test.org tested Security Essentials, the free software Microsoft shipped Tuesday, on Windows XP Service Pack 3 (SP3), Vista SP2 and the final code of Windows 7, against two different collections of malware, said Andreas Marx, one of the firm's two managers.
The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. "All samples were successfully detected and blocked during our on-demand and on-access tests," Marx said in an e-mail today.
The second test sicced Security Essentials on a much larger set of malware. Of the 545,3444 malware samples in that collection, Microsoft's software nailed 536,535, resulting in what Marx characterized as a "very good detection score" of 98.4%.
In a follow-up test of adware and spyware detection -- Security Essentials also includes anti-spyware scanning -- Microsoft's software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.
This is the second time that AV-Test.org has run Security Essentials through the mill; when Microsoft launched a limited preview in June, the group tested the beta. Then, the free software also breezed through the WildList , spotting every sample in the 3,200-plus set.
Security Essential's final version also successfully identified and deleted all 25 rootkits AV-Test.org threw against it, Marx said.
But there were some things that Microsoft's program had trouble handling. Most security software now includes an ability to sniff out malware by the way it behaves, often by using heuristics-based scanners that don't rely on specific "fingerprint" signatures to match against a potential threat. Security Essentials lacks any such technology.
"We found no effective 'dynamic detection' features in place," Marx noted. "None of the samples were detected based on their suspicious behavior. However, other antivirus-only offerings doesn't include dynamic detection features, either. In most cases they are only available in the Internet security suite editions of the products."
Security Essentials was also able to completely scrub a PC when it did detect malware. "In many cases, traces of infection were left behind," said Marx, ticking off several examples, including empty "Run" entries in the Windows registry and modified "hosts" files. The program also failed to switch on the Windows firewall after a piece of malware had deliberately disabled it.
Not surprisingly, Symantec, which yesterday blasted Security Essentials as a "poor" product with "average detection rates," had a completely different testing take on the new rival.
According to tests commissioned by Symantec last month ( PDF document ), a not-quite-final version of Security Essentials did poorly when stacked against Norton AntiVirus 2009, the then-current version of Symantec's consumer antivirus program. In a test of 50 different Web-based threats hosted on malicious sites, Security Essentials detected or neutralized 37, while Norton identified 45.
Using a weighted scoring system, the U.K.-based lab that ran the tests for Symantec gave Security Essentials 44 points, and Norton 80 points.
In the blog post Tuesday that called Security Essentials a "rerun" of the now-defunct Windows Live OneCare, Symantec claimed victory . "The bottom line: Microsoft Security Essentials falls short of protecting against today's aggressive malware and zero-day threats," Symantec said.
However, Norton AntiVirus 2010 -- the current version of Symantec's program -- lists for $39.95, which is $39.95 more than the price tag on Security Essentials.
