Anti-malware test in hand, Symantec swats Microsoft Security Essentials

Armed with an anti-malware test report that pits Symantec's Norton AntiVirus 2009 against Microsoft's just-released Security Essentials software, a top Symantec engineer ripped into the new consumer anti-malware as an unimpressive re-cycling of Microsoft's discontinued Live OneCare technology.

"It's just stripped down OneCare," said Jens Meggers, vice president of engineering for Norton products, brandishing the report "Norton AntiVirus 2009 Versus Microsoft Security Essentials: A Comparative Anti-Malware Test," done by Dennis Technology Lab.

Microsoft officially discontinued Live OneCare last June and Security Essentials, out this week, is offered as its replacement in free anti-malware software for Windows desktops.

The Norton Antivirus 2009 vs. Microsoft Security Essentials test done by Dennis Technology Lab shows Norton stronger in malware defense by about a 2-to-1 margin; the test was sponsored by Symantec. Microsoft could not be reached for comment.

11 Security Companies to Watch

The lab tested how well each of the two vendors' anti-malware products could defend a desktop computer running Windows XP Professional SP2, Internet Explorer and Outlook Express, when subjected to 50 instances of threats originating either as Web-site malware, e-mail or downloaded files.

In a weighted score based on points assigned for successful defense (preventing malware from gaining a foothold in the system), neutralizing a threat (threat was able to infect but product neutralized it later) and the "target compromised," Symantec scored an 80, with 45 successful defends and 5 compromises. Microsoft Security Essentials scored a 44 with 33 successful defends, 4 neutralized threats and 13 compromises.

Meggers claims Microsoft OneCare is the same file-based scanning engine used in the discontinued Live OneCare service. The Microsoft scanning engine is "very average—nothing outstanding," he says.

Microsoft Security Essentials is also fat, he says, at over 110 megabytes because unlike most anti-malware vendors today, Microsoft is looking for effectiveness by cramming signatures for every malware sample around into its code base instead of deploying the newer reputation-based and behavior-blocking technologies gaining favor.

"Microsoft is two to four years behind," he says. "They're pumping in these signatures."

The problem is there are over 35,000 new malware samples discovered each day, he points out. So most anti-malware vendors are shifting toward scaling back on signatures in favor of alternative detection methods. The reason is speed in scanning, keeping software from ballooning, plus the signatures come and go so quickly, there needs to be a new type of defense.

This story, "Anti-malware test in hand, Symantec swats Microsoft Security Essentials" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon