Microsoft's Security Essentials Fails Major Antivirus Test

Microsoft's free Security Essentials antivirus tool has failed the approval process from a leading antivirus test lab, a stinging rebuke for Microsoft's security efforts.

Microsoft, for its part, essentially claimed that the tests were unfair, and that the malware that its software didn't detect affected just 0.0033 percent (or just over three one-thousandths of one percent) of its user base.

The good news is that there are numerous free antivirus solutions for Windows users, so those that worry if their data is safe can download a replacement while Microsoft and AV-test.org, the lab that performed the test, hash out a resolution. But those that have criticized Microsoft's security efforts will also find fresh ammunition in AV-test.org's results. 

Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows Defender, which blocks adware and spyware on Windows. (Windows 8 includes an improved version of Windows Defender, which blocks malware, too.) Microsoft launched Security Essentials in 2008. Security Essentials replaced Windows Live OneCare suite, which didn't do too much for users, either. Essentially, Essentials provided basic protection for users, including those in emerging regions, Microsoft said, who apparently couldn't figure out how to download and install free antivirus software from Avira, AVG, or others.

Each year, two leading antivirus test labs, AV-test.org and AV-comparatives.org, download and test both free and paid antivirus solutions and run them through rigorous tests of how they detect, respond to, and clean up infected PCs. AV-test.org also evaluated each product for how easy it was to use.

The vast majority - 23 of 26 - of antivirus solutions AV-test.org evaluated in the November-December time frame were awarded an "AVtest Certified" logo. The exceptions were AhnLab's V3 Internet Security 8.0, PC Tools Internet Security 2012, and Microsoft.

Microsoft Whiffs at Unknown Threats

The lab didn't explain why Microsoft failed to earn its approval, but one metric offers a clue: in November, Security Essentials only detected and caught 71 percent of so-called "zero-day" malware, or worms and viruses that have not been previously released into the wild. The industry average was 92 percent, meaning that if you used Microsoft's product as your PC's immune system, you'd stand a much better chance of catching something nasty as you crawled the Web. Security Essentials also trailed other providers in detecting a "representative set of malware" discovered in the last two to three months.

In a blog post, Microsoft defended its product. "Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test," its Malware Protection Team wrote. "In addition, 94 percent of the malware samples not detected during the test didn't impact our customers."

Microsoft also said that it designed its protection to meet "prevalence and customer impact" metrics, another way of saying that it sought to protect the most customers from the most common malware. Microsoft's team also defended its poor zero-day showing, claiming that it knew from "telemetry," or reports from hundreds of millions of systems around the world, that "99.997 percent of our customers hit with any 0-day did not encounter the malware samples tested in this test." Finally, Microsoft also accused AV-test.org of crafting special test cases that aren't in line with the real world.

That all may be true. A typical Windows Security Essentials user may be someone who visits Facebook daily, checks email, reads a sports score or a blog, and does little else. But Security Essentials users are just as prone to click a suspicious link, or respond to an instant message, or do all the inadvisable but common Internet behaviors that lead to trouble. A few months ago, my wife, who worked in business development for a major Internet security firm, carelessly tripped on some socially-engineered malware on one of our Windows machines while surfing one night. Accidents happen. 

Microsoft's blog post goes into more of the percentages analysis, which you can explore if you want. But here's the bottom line: Microsoft failed where the vast majority of other antivirus vendors succeeded.

Microsoft's explanation may be valid, as is its commitment to eliminate the 0.0033 percent of malware it missed. But that doesn't mean that it's excused from releasing what a respected test lab refers to as a sub-par product. For now, I'd follow AV-test.org's lead, uninstall Security Essentials, and replace it with another, comparable antivirus product that does the job.