Microsoft fails security standard again

Microsoft must be furious after its Security Essentials product failed to get an important certification for the second time making it less secure than Woody Allen trying to pick up Mia Farrow in Zelig.

AV-Test is carried out by an independent German testing lab best known for evaluating the effectiveness of antivirus software.

There were ructions a few months ago when Microsoft’s software failed to make the grade and it was expected to pull its socks up and make changes to the software before the lack of a standard lost it too many contracts.

Microsoft’s Security Essentials is currently the most popular security suite in North America and the world, mostly because it is free. If the AV-Test is correct, that means that a lot of computers in North America are being projected by the security equivalent of a flatulent, aged watchdog, which does not like moving from its spot by the fire.

Needless to say, Microsoft is livid and is challenging the antivirus lab’s findings.

Joe Blackbird, program manager at Microsoft’s Malware Protection Center (sic) wrote in his blog that people should listen to Microsoft’s own statistics on the effectiveness of its product. After all that will be very reliable.

Its review showed that 0.0033 percent of Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were hit by malware samples not detected during the test.

In addition, 94 percent of the malware samples not detected during the test didn’t impact its customers

AV-Test only reports on “samples hit/missed by category,” while Microsoft prioritises its work based on consumer impact.

The difference is that AV-Test tells you if the software works, while Microsoft’s standard is whether or not it will cause you any harm.

AV-Test’s results indicated that Microsoft Security Essentials detected roughly 72 percent of all 0-day malware, with a sample size of 100 pieces of malware, Blackbird said.

However, Microsoft knows that from telemetry from hundreds of millions of systems around the world that 99.997 percent of Volish customers hit with any 0-day did not encounter the malware samples tested in this test.

AV-Test reported Microsoft Security Essentials missing nine percent of “recent malware,” using a sample size of 216,000 pieces of malware.

Blackbird pointed out that 94 percent of the missed malware samples “were never encountered by any of our customers.”

But it is difficult to see how Microsoft could turn out so badly in the AV-Test.

Its review looks at three key areas of security software, including protection, reparability, and usability of the whole computer based on the software’s impact. Across those three areas, Microsoft Security Essentials scored 1.5 out of 6 on protection against viruses and worms, a 3.0 out of 6 on repairs, and a 5.5 out of 6 on the usability scale. The lower values are better results.

Microsoft’s Security Essentials was just one out of three that failed to gain certification.