Microsoft security tool fails malware detection test

The latest tests show the company lags behind the leaders in malware detection.

Microsoft fails malware detection test

There are many great choices out there for malware protection and detection. Unfortunately, Microsoft's offering isn't one of them. In recent tests by AV Test, the German lab that is pretty much the de facto standard in malware testing, Microsoft came in a distant last place.

See also: Microsoft outlines Internet of Things plan for Windows 10

AV Test's most recent experiment pitted 30,000 known samples of malware against Windows 7 AV programs. It focused on Windows 7 due to its ubiquity; it has about 60% global market share, as XP withers away and Windows 8 fails to gain ground.

This was not a test of commercial antivirus products you find in stores. It was a test of enterprise endpoint security products used in businesses.

Overall, 11 products were tested, and six of them – Bitdefender, F-Secure, Trend Micro, Symantec, and two offerings from Kaspersky – achieved a 100% detection rate. The rest did no worse than 95%, with one exception: Microsoft Security Essentials detected only 73% on the real-world testing and 87% of the malware on the real-time test.

070715 malware test 2 AV Test

You get what you pay for. As Erik Heyland, director of the AV Test Testing Labs, noted, "An economical option for protecting a corporate network is the use of the endpoint module, bundled in the Microsoft Management Suite System Center 2012. The test revealed, however, that this is not to be recommended. The solution was awarded 0 points by the testers in terms of its protection function, and it achieved only 11 out of 18 possible points."

His final conclusion: "The freeware Microsoft module is much too feeble in the detection of malware."

Microsoft has three products: Windows Defender, which comes with Windows 7 and 8; Microsoft Security Essentials (MSE), which you can download; and the Malicious Software Removal Tool (MSRT), which is focused on specific and common forms of malware. Defender and MSE have never had a good reputation or track record for malware detection because they use the same malware definitions.

Defender was just anti-spyware until Windows 8, when it was expanded to offer antivirus protection as well. MSRT is only updated once per month, during Patch Tuesday, which is going away with the release of Windows 10.

For whatever reason, Microsoft just has not been able to get its antimalware products going. These tests are nothing new. Defender/MSE have always brought up the rear in AV tests. The company has objected to the testing methodology of AV Test, but you would too if you came in so far behind the rest of the pack.

I've got a lot of respect for Microsoft's efforts to take down botnets and the criminal organizations behind them, but they just can't seem to make anti-malware software work. If the company can't get this unit going, in terms of detection rate and responding to zero-days like the numerous AV firms do, then perhaps it's time to end the product. Having it out there creates a false sense of security for users. They will think they are protected because they have Defender and MSRT, when both pale compared to Kaspersky, Trend, Panda and Malwarebytes.


Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022