Microsoft Security Essentials loses AV-Test certificate

Every two months, AV-Test takes a look at popular antivirus software and security suites and tests them in several ways. In their latest test which was performed on Windows 7 during September and October, Microsoft Security Essentials didn't pass the test to achieve certification. Although that may not sound that impressive, Microsoft's program was the only one which didn't receive AV-Test's certificate. For comparison, the other free antivirus software, including Avast, AVG and Panda Cloud did.

There are three categories where the programs receive points: protection, repair and usability. When added all up, the software needs to have at least 11 out of 18 points to pass the test. Security Essentials only got 10,5 points, which brings up the question: What's the cause?

It seems that Security Essentials failed to recognize enough zero-day threats with detection rates of only 69% in September and 64% in October, where the average is 89%. The rest of the scores remain largely unchanged when compared to the previous test. It's only honest to mention though that most of the programs tested scored lower than in May and June.

Bitdefender Internet Security is the winner with 17 out of 18 points. F-Secure Internet Security and Kaspersky Internet Security came in second and third respectively with 15,5 and 15,0 points. Out of the free programs, ZoneAlarm Free Antivirus + Firewall got the highest score with 14,5 points. In the similar test for business protection software, Microsoft Forefront Endpoint only gathered 9,5 points.

Source: PCMag | Images via AV-Test

Report a problem with article
Previous Story

Windows Phone 7 apps to arrive in more markets

Next Story

Over 20 Xbox games missing from Windows Phone 8

66 Comments

Commenting is disabled on this article.

I wonder how often all the definitions were updated. Security Essentials updates maybe once a day by default. You can use the Task Scheduler to make that more frequent. That could make a difference in test results.

Meh, screw 3rd party solutions, I like how flush MSE is. I could probably go without it anyway, but I don't notice it running.
If you know what you're doing it's unlikely you'll ever have a problem. I run EXEs through virustotal.com before executing them, and if they seem at all sketchy I'll use a VM or a 'dumping ground' PC instead of my main one. Provided you keep everything up to date, disable browser plugins, preferably keep flash/java uninstalled entirely, you'll most likely be fine. \o/

People prone to getting malware should probably switch away from MSE, or jump ship to OS X or something, far more difficult to junk that up (it's like a playpen).

warwagon said,
I've been saying MSE sucks forever but no one listened to me

The problem is that it doesn't suck. If you go for the reliable folks (like AV Comparatives) you'd see that it has a 94.9% detection rating across the board (not just for a small sample set like this) and a 0% False Positive rating.

Sure it needs a bit of work to get that 94.9% back up where it used to be...but that's still a far site better than some others. Also a good set of those others that have a higher detection rate also have a much higher False Positive rate as well.

To me slowing down the OS and kicking out a higher number of false positives isn't very useful either.

MSE is one of the best in terms of the balance between performance and detection. Now they just need to find a way to up the detection while keeping the FP's down to 0.

Shane Nokes said,

The problem is that it doesn't suck. If you go for the reliable folks (like AV Comparatives) you'd see that it has a 94.9% detection rating across the board (not just for a small sample set like this) and a 0% False Positive rating.

Sure it needs a bit of work to get that 94.9% back up where it used to be...but that's still a far site better than some others. Also a good set of those others that have a higher detection rate also have a much higher False Positive rate as well.

To me slowing down the OS and kicking out a higher number of false positives isn't very useful either.

MSE is one of the best in terms of the balance between performance and detection. Now they just need to find a way to up the detection while keeping the FP's down to 0.

Sorry Shane but i have to respectfully disagree. You say it`s a far site better than others yet it comes in at 13th out of 15 in the October AV-C tests. Granted it gives very few false positives which in general is good but personally i would rather be alerted to a potential malicious file whereby i can do further investigation than have it fly straight past!
It used to score reasonably very well accross the board, maybe they don`t have as many people checking sites like MDL (not MyDigitalLife ) or Malcode to find the latest threats and there`s allways the fact that when something becomes so popular the writers make sure it isn`t detected before they release!
Also from my own personal tests on my own sample set and fresh links (granted not huge) it hasn`t done so well, in both static and run detection.

One main problem with the test is it wasn't using the latest version. The latest version is 4.2.211.0. Since the test was with an older version it seems that it's a waste to follow it's advice.

Yet another reason why I use Antivir instead of MSE since MSE sucks so badly and takes forever to do a scan, don't take my word for it since you can go and try it yourself and see the results.

Once Antivir update the antivirus to Windows 8, then I'll upgrade to Windows 8.

If I read the results correctly, MSE had the lowest or close performance penalty. The average AV software slowed the computer by 10 seconds, while MSE was at 5. This lower performance penalty is a bigger factor for me than it's score on zero day attacks.

AV-Test is a basically useless and not quite so independent research firm (as they'd like people to believe). If and when AV-Comparatives (the gold standard of antivirus testing) comes out and says "Microsoft Security Essentials sucks, don't use it" then I'll consider their opinion and act upon it, and only then.

Tyler R. said,
Wow that's sad. I just recommended it the other day to someone.

It's still a good free av with a small footprint. You get what you pay for ...

I would not protect a workstation using that though. I presonally use Bitdefender products.

LaP said,

It's still a good free av with a small footprint. You get what you pay for ...

I would not protect a workstation using that though. I presonally use Bitdefender products.

Yeah I like BitDefender. A hundred bucks for an AV product is a tad expensive for me tho.

While no AV is perfect, I found MSE to be the one to catch things faster than the rest. Also, the zero day attacks ate often fixed in the Windows security updates itself, therefore not needed in MSE.

While no AV is perfect, I found MSE to be the one to catch things faster than the rest. Also, the zero day attacks ate often fixed in the Windows security updates itself, therefore not needed in MSE.

Here's the thing, the Domain Controller has been down for a few months at work, so client log ons are not being processed. This has put me in a predicament where I have to let students start signing on locally using the built in Admin account on XP. The minute I enabled this, students came to my office complaining their thumb drives are infected with viruses. When I had the locked down Limited User Accounts on XP with Group Policy restrictions plus MSE, everything was smooth. When it comes to MSE, you have use common sense plus the AV. You can't expect it to be your complete protection.

I will be killing the Server come December when everybody goes on holiday. I will just be setting up Workgroup mode and use Steady State. The fact that I disabled Auto-Run on these machines though, I am surprised viruses still penetrated these systems.

You should have a back up AD to handle a crash like that... and depending on how you have the ULs setup their profiles would be cached locally for the set time so they could still log in even if the network cable was unplugged.

On a side note, if the DC crashed months ago and you're having them login with a local account... why can't you just rebuild the DC now? It's not being utilized anyhow (unless you're using it for more then one service which is just bad practice for the exact issue you're having now where you can't take it off line because networked drives or other services would also be taken off line.)

Sounds like a revamp of your network setup is in order. My IT group manages around 60, 000 students and I'm not even sure how many staff with DCs. The smaller subset I'm part of manages over 800 staff and 900 staff machines, plus about another 1000 student machines. Redundancy and backups are a must (we have sweet tape robot setups to back up all servers and use TSM to back up staff machine data, and use IBM Tivoli system manager to remotely manage the machines, push packages, update the OS image etc.

I like Microsoft, but I really wish they would stop releasing free applications that they have no intention of improving. People are relying on this stuff to protect them!

AR556 said,
I like Microsoft, but I really wish they would stop releasing free applications that they have no intention of improving. People are relying on this stuff to protect them!

Umm... They update the definitions for MSE frequently so they don't need to update the app itself since it's not meant to bloat your computer. That's the beauty of it.

AR556 said,
I like Microsoft, but I really wish they would stop releasing free applications that they have no intention of improving. People are relying on this stuff to protect them!

Microsoft has been attempting to improve the product with frequent updates to the scanner, however, that's not to say if they been successful or not.

I use vb100 to keep an eye on how well different AV's are doing.
http://www.virusbtn.com/vb100/index

I don't know what they are testing MSE on, but here in my Office we use SOPHOS Corporate 10 and MSE blows it out of water in comparison. MSE detects many more viruses, less false positives, and much lower footprint than SOPHOS Corporate here in our office. I have a few servers/workstations I put it on since SOPHOS would not load on them and they are protected from every outbreak that SOPHOS misses and lets run rampant. We will be switching to Forefront soon because of this.

zeroomegazx said,
I don't know what they are testing MSE on, but here in my Office we use SOPHOS Corporate 10 and MSE blows it out of water in comparison.

This doesn't surprise me at all. SOPHOS has always been one of the worst AV programs and throughout the product's lifetime they've always stayed at the bottom. I don't know how they stay in business or why any business would choose to use them.

Anti-virus protection is a combination of safe browsing and a good anti-virus program. I already practice the former an MSE has found Java-related Trojan horses in my machine.

I've also removed Java, so I guess (and hope) I'm all set.

Maybe this will force Microsoft to make some changes to MSE to regain certification again.

Since I don't really need antivirus, MSE is the best one for me, I just need a basic protection when I plug in an external memory

It states the 0day catch rate is low. This shouldn't be a big issue for MS, considering they fix those 0days themselves since both the OS and the AV is their product.
so instead of shoving a AV definition to the client/user, it'll shuf the actual 0day fix to the user... no? hence the SE having a lower 0day catchrate?

SE doesn't have to compensate for the OS itself as other AV's do.

Shadowzz said,
It states the 0day catch rate is low. This shouldn't be a big issue for MS, considering they fix those 0days themselves since both the OS and the AV is their product.
so instead of shoving a AV definition to the client/user, it'll shuf the actual 0day fix to the user... no? hence the SE having a lower 0day catchrate?

SE doesn't have to compensate for the OS itself as other AV's do.

Pretty sure the`re talking about zero day malware, as in fresh on the scene and possibly no generic sigs made, or no sigs at all. Not zero day vulnerabilitys in the OS. It`s about how long it takes a company to react to a new piece of malware if their signatures or heuristics don`t catch it.
As others have said above iv`e seen many a computer with MSE on infected, Ramnit.A completely destroys the OS making a full hard drive wipe and re-install the only way to be sure

Hopefully this'll educate all the people on the forums who keep insisting that MSE is safe to use and better than all the other free alternatives. It just isn't

PsYcHoKiLLa said,
Hopefully this'll educate all the people on the forums who keep insisting that MSE is safe to use and better than all the other free alternatives. It just isn't

It's the only AV which let some horrendous malware walk onto my computer without any effort to block it. Proceeded to completely take over my PC, trashed MSE and left my machine in need of an immediate reinstall.

I used it religiously for well over a year (possibly two) but that was the last time I used it right there and then

Chicane-UK said,

It's the only AV which let some horrendous malware walk onto my computer without any effort to block it. Proceeded to completely take over my PC, trashed MSE and left my machine in need of an immediate reinstall.

Was going to post a very similar story. I watched in horror as a friend's PC got raped by malware while MSE's system tray icon was green & gave the all-clear. I finally pushed him out of the way and did a hard shut-down while the malware was in mid-download. After we rebooted, Malwarebytes found 16 trojans. Who knows how many would have been installed if we hadn't been there to shut things down?

I dunno about you guys but I've fixed several PCs over the the past 2yrs and it doesn't really matter which AV has been on them. McAfee, Norton, Avast, they've all been as bad as each other and let fake anti virus programs get on the PC etc etc. I use MSE for any PC I setup because it causes less hassle for users. It will only get better. But to be honest, it all boils down to the end user, the best anti virus is the end user and if they continue to go to random sites and click on random rubbish, no anti virus will protect them.

joemailey said,
I dunno about you guys but I've fixed several PCs over the the past 2yrs and it doesn't really matter which AV has been on them. McAfee, Norton, Avast, they've all been as bad as each other and let fake anti virus programs get on the PC etc etc. I use MSE for any PC I setup because it causes less hassle for users. It will only get better. But to be honest, it all boils down to the end user, the best anti virus is the end user and if they continue to go to random sites and click on random rubbish, no anti virus will protect them.

THIS.

I've bailed out several clients whose computers were infected because they "got an AV program off the internet" - despite having AV on their machines already.

I suppose Avast is the only decent free one now? Ditched MSE the other day but trying a trial of Avira premium because of AV-Test results, though the update notifications from system tray is a bit spammy.

Bitdefender free any decent?

Salty Wagyu said,
Bitdefender free any decent?

The product page says its only an on-demand scanner, so it wouldn't replace free AV like AVG, avast!, etc.

im using the combination of defender in windows 8 and my common sense. havent had a problem yet. in windows 7 i used the security essentials & common sense. never had an issue either.

i dont know but virus and trojans etc are so '90s.... how come my computer doesnt get one even thou its in the news that much?

My S.O. asked me why there wasn't a Microsoft-brand antivirus, then immediately said, "Oh, of course. If they can't fix the OS, you'd be crazy to buy their antivirus as an add-on."
-- from the Internet

Tal Greywolf said,
My S.O. asked me why there wasn't a Microsoft-brand antivirus, then immediately said, "Oh, of course. If they can't fix the OS, you'd be crazy to buy their antivirus as an add-on."
-- from the Internet

Uh. Microsoft's OS ranks as having some of the most advanced and well-designed security available in all of consumer technology.

Joshie said,

Uh. Microsoft's OS ranks as having some of the most advanced and well-designed security available in all of consumer technology.

Yeah, well, if it was advanced and well-designed, we wouldn't need as many MSCE's or security products that are needed just to harden the OS to the point of usability, now would we?

Tal Greywolf said,

Yeah, well, if it was advanced and well-designed, we wouldn't need as many MSCE's or security products that are needed just to harden the OS to the point of usability, now would we?

Do you even use Windows? In terms of vulnerability, it's outclassed Mac OS for years. In terms of deploying fixes when holes *are* discovered, Microsoft is incredibly fast.

Your attitude would be typical of someone who hasn't used a Windows released in the last ten years. You're completely out of the loop. Or have you allowed an outdated sense of humor to actually shape real opinions?

If your SO is using Windows 7 and frequently struggling with security flaws, the problem is in the chair.

HoochieMamma said,
Already knew this was crap from the get go. Couldn't get why so many people said they loved it and it beat other free AV.
So are you a world leading expert in AV software and were thus able to make an objective evaluation of the software's performance sooner than anyone else or are you just a troll who decided it was crap because it has Microsoft on it?
It takes a long time to assess accurately the performance of a new piece of AV software.

mog0 said,
So are you a world leading expert in AV software and were thus able to make an objective evaluation of the software's performance sooner than anyone else or are you just a troll who decided it was crap because it has Microsoft on it?
It takes a long time to assess accurately the performance of a new piece of AV software.

I KNOW its crap thank you very much from the sheer amount of people who come up to me with trojans and other viruses that have disabled it like it's just another standard program, not even hard to get rid of ones too, just standard extortion-ware as well . It takes forever to scan a computer with it as well not to mention every time I tried to use it and test it out a bit I could compromise the computer easily. So instead of thinking just because it has Microsoft written on it I don't like it you might want to think before you speak as it IS crap. Plus it wasn't even Microsoft software to begin with.

Uh, it's much more annoying that msmpeng.exe still causes random CPU loads in idle, even after I disable windows defender. Of course the MSDN forums sound like a broken record, it's a "configuration problem", "not reproducible" (although I can reproduce it anytime) or something similar. It's been doing this from the very beginning, still no fix.

bviktor said,
Uh, it's much more annoying that msmpeng.exe still causes random CPU loads in idle, even after I disable windows defender. Of course the MSDN forums sound like a broken record, it's a "configuration problem", "not reproducible" (although I can reproduce it anytime) or something similar. It's been doing this from the very beginning, still no fix.

Even if it is disabled and off, other programs can call it to check files. Browsers and other in/out utilities often do this, so after a download you will find this spike happen.

Microsoft makes this utility available as a part of OS APIs, along with defender that it integrates with.

So if you are getting random CPU consumption, follow the Application that called it, and also follow the specific files that it is processing. (Use the Sysinternals ProcessMon/Explorer tools and you can see exactly what is happening. Even using the built in System Performance tools you can see what called it and what files it is processing.)

I thought MSE was one of the best there was and they say that this may not sound that impressive?

Impressive? What's impressive about a product getting worse?

cork1958 said,
I thought MSE was one of the best there was and they say that this may not sound that impressive?

Impressive? What's impressive about a product getting worse?

If AV-Test would have a very strict testing procedure, it wouldn't be strange some (free) products don't achieve certification. But since MSE is the only one to fail the test, I chose those words.

Robisoft said,

If AV-Test would have a very strict testing procedure, it wouldn't be strange some (free) products don't achieve certification. But since MSE is the only one to fail the test, I chose those words.


Still. If their test resulted in MSE doing less good than other free solutions it pretty obviously means you're better off with other free solutions (Avast for example).

Ambroos said,

Still. If their test resulted in MSE doing less good than other free solutions it pretty obviously means you're better off with other free solutions (Avast for example).

AV tests are about statistics - you test a product with malware samples and hope they represent the reality. Just like a political poll, it's better to look at all the tests and make a decision since one test can be an outlier.

TheGreek said,

I don't know why you are not surprise...


We could wrap him in paper and put a bow on him, that would make him a surprise?

It's been going downhill for quite some time now. I switched back to NOD32 a month ago and couldn't be happier about it, really. Well, last time I got a virus was in the 90s, but it always feels good having something there, and NOD32 isn't noticable.

Seeing how I've never seen a change in the UI, the definitions, or anything on the software. I honestly believe it hasn't really come far. Even though I do use it. Well..I did, til I switched to Mac.

Wait..I wonder about what security I need for OS X. :\

Mr.XXIV said,
Seeing how I've never seen a change in the UI, the definitions, or anything on the software. I honestly believe it hasn't really come far. Even though I do use it. Well..I did, til I switched to Mac.

Wait..I wonder about what security I need for OS X. :\

Definitions update automatically. UI has nothing to do with how well the program protects you.

joep1984 said,

Definitions update automatically. UI has nothing to do with how well the program protects you.

I know that, but compared to AVG, I didn't really see much changes overall. And AVG made major changes at least every 6 months.

Mr.XXIV said,
Seeing how I've never seen a change in the UI, the definitions, or anything on the software. I honestly believe it hasn't really come far. Even though I do use it. Well..I did, til I switched to Mac.

Wait..I wonder about what security I need for OS X. :\

Your perception of development is reason why we get so much bloat in software. The 'We need to add something' culture.

stevember said,

Your perception of development is reason why we get so much bloat in software. The 'We need to add something' culture.

You don't even really know my ideals in development.

Mr.XXIV said,

You don't even really know my ideals in development.

Well you compared it to AVG which you state has "Major" updates every 6 months; that being a good thing to you, so I'd say stevember does have a good idea.

Mr.XXIV said,

You don't even really know my ideals in development.

Wasn't personal and you are far from unique in fact you are in the majority.

joep1984 said,
UI has nothing to do with how well the program protects you.

You missed the bit where he said he's a Mac user.