Microsoft Security Essentials ranked second last in AV-Test's protection rating

Microsoft's free antivirus solution for all Windows users may be good in terms of usability - in particular, its impact on system performance - but when it comes to actual malware protection, it came almost dead last amongst its free and paid competitors in tests conducted during the first quarter of 2011 by German testing firm AV-Test. In fact, an almost identical observation can be made for AV-Test's previous tests conducted in the fourth quarter of 2010 on Windows Vista. Fortunately for Microsoft, despite these results the product did manage a pass and a certification from AV-Test.

The results were spotted by PCWorld, who are quick to point out that despite MSE's poor showing, it performed very well on samples of widespread malware and those on AV-Test's reference set that were discovered in the past two or three months. The problem is with 0-day samples and the resident scanner's ability to stop malware from running or after it ran. In particular, MSE caught only 50% of 0-day malware attacks in March, and only stopped 45% of malware from running. The industry averages are 84% and 62%, respectively. There were a total of 22 antivirus solutions tested.

Curiously, the only other free antivirus that was tested in that list was Avast!, which fared better than MSE but not by much. It was ranked 14th. In comparison to MSE's two weak spots, Avast! caught 80% of 0-day malware in March, but blocked only 41% of malware from executing. Other free antivirus vendors, such as AVG and Avira, submitted their paid "premium" suites for testing instead of their free solutions. Both ranked higher than Avast! and MSE, coming at sixth for AVG and tenth for Avira.

The winner in terms of protection ratings was BitDefender Internet Security Suite 2011. BullGuard Internet Security 10.0, F-Secure Internet Security 2011, Kaspersky Internet Security 2011, and Norton Internet Security 2011 tied for second.

The full report may be found here.

Report a problem with article
Previous Story

Settlement in Nvidia GPU case: Compaqs forced onto Mac users

Next Story

Microsoft company store employee caught stealing $10,000 worth of software

96 Comments

Commenting is disabled on this article.

Guys would any of you recommend that I ditch Eset NOD32 4 from all my home PC's and install Microsoft Security Essentials 2.0 instead? Please advise - thanks in advance.

So basically Microsoft had a bad month on March (or the test was done on a bad moment) and because of that it got a lower score than Avast (for example). Because if you compare only January and February MSE is well within "industry average".

sullysnet said,
how can you surf for pron with basic protection speaking of bloat... I have to go...
MUHAHAHA!! release your beasts!! LOL!!

sullysnet said,
how can you surf for pron with basic protection speaking of bloat... I have to go...
MUHAHAHA!! release your beasts!! LOL!!

Don't forget other things too: like how much RAM they all use, cost, and all that...

The best AV defense is to stay disconnected from networks, USB, dvds and the internet!

Norton is not what it used to be. it is alot better now but i believe it only got better as everyone was ditching norton and Symantec did not like that so they finally decided to fix the problems, which they had for many years. It kept getting worse and worse but not now.MSE if the one i would pick.

soldier1st said,
Norton is not what it used to be. it is alot better now but i believe it only got better as everyone was ditching norton and Symantec did not like that so they finally decided to fix the problems, which they had for many years. It kept getting worse and worse but not now.MSE if the one i would pick.

Agreed 100%. I will NEVER trust Symantec not to cheap out on quality vs. quantity again. Their management let the codebase got to hell and the entire computing world paid the price for it for almost a decade.

Even if they've fixed things now, their management has shown in the past that they'll cut corners once they've made their money...at our expense.

Never again.

fb10391 said,
Use any basic Antivirus and common sense while you are online, you are safe.

Ohk, O get it. But what about pen drives?

Meph said,
I'm curious... what would Microsoft Forefront get?

Apples and Oranges. Forefront is a business AV; the ones above are personal.

I'm sorry but a test by PC world? The company is **** and that's putting it nicely lol. I really despise the company, its overpriced crap they sell to customers that sadly know no better and there customer service I have found to always be disgusting from times I have sadly had to deal with them as a company. To go on there tests is a bad move IMO

107 and 29 samples in the first two tests, respectively?
How can this be considered an AV test?
With 100 viruses, MSE could have 100% or 0%....

As said before, one test is not enough. When purchasing a product online, do you read only the first review listed and take that as the gospel on that product? No.

I appreciate the work this company did, but it's one group with set factors. Motorolaman listed another series of tests that differ from these tests. Do the research before jumping on or off these products.

But.. what about all those users who thought they were 100% safe...

Seriously, no AV software is going to protect you 100%. If you want real piece of mind, you'll have to switch to GNU/Linux. Is it worth risking your bank account or other personal details because of keylogger malware installed on your Windows OS?

Flawed said,
But.. what about all those users who thought they were 100% safe...

Seriously, no AV software is going to protect you 100%. If you want real piece of mind, you'll have to switch to GNU/Linux. Is it worth risking your bank account or other personal details because of keylogger malware installed on your Windows OS?

That's not factoring in other factors outside of the OS like network, firewall, etc. If someone really wants your data, they will find a way to get to it.

How can this get picked up as 'news' or even reported seriously?

In 0-day 'realtime' scanning, MSE is purposely designed NOT to be as aggressive as some of the other tools, and even knowning this, people are ranking it 'second lowest' because of its inherent design?

MSE's default settings only update definitions on a 'scan', not continuously, as it uses the same methods as Defender, that is built into every version of Windows 7 and Vista, and would create a massive internet load if they all updated every system as new definitions are updated during the day.

If you want MSE to be as aggressive, set the definition updates to a more frequent level, even setting them to daily, will shove the realtime/0-day catches up with the top 'listed' products.

Again, this comes back to the argument, do you really want realtime protection, and if so, what performance costs are you willing to have this extra bit of security?

For example, the 'top' listed products on the list would be better to NOT HAVE THEM INSTALLED, as they are more dangerous than most malware, as they are eating a chunk of CPU and RAM resources, even on moderate systems, and most of them create compatibility and stability issues because of their horrid hooks and lack of understanding fundamentals of NT's I/O.

Windows 7 has enough 'inherent' protections, that a dedicated anti-virus package is even something to be debated, as users are already being covered with smartscreen, defender, a OSI level firewall, and monthly anti-virus scans that already happen automatically with Windows Update.

If you want a 'bit' more, because you don't trust your crazy aunt that also uses the computer, then use MSE, as it isn't going to eat CPU or RAM, and you can set it to be very aggressive or very mild and still keep the system safe by working with the Windows 7 inherent protections. Other products redundantly replicate many of the features in Win7, and do so at a performance cost that is often less effective.

---

I get tired of the MSE bashing to drum up $$ for other products. If you are reading these forums, you can configure MSE to update the definitions as often as you want to get the realtime 0-day catch numbers up to the leading product, and an article educating users to get the most out of MSE or facets of virus protection in general would be a far better article and actually help people.

Besides, stop and think for a moment about MSE...

It isn't like Microsoft doesn't have the definitions or knowledge of the malware, as they are usually the first ones to know. MSE just doesn't update the definitions as often as the other products in its default installation settings.

MSE is also far more capable or fixing and rolling back virus damage than most products, as Microsoft tracks every possible violation the malware makes on people's systems.

It is also kind of sad to steer people away from MSE, as the more people that use it, and participate in reporting what it finds, the stronger the product is, and the faster Microsoft is alerted to issues.

Also, at the end of the day, do you really trust Norton or company ABC to understand Windows better than Microsoft? Most of these companies can't even properly hook their products into NT, as they treat its I/O like a non-object based model, which is beyond insane and wrong.

If you want to create buzz, then go for these articles, if you want to inform or help people, then you can use these articles to spotlight the topic, as other sites will pick them up, but go on to offer actual help to users with information.

Sadly, scaring people away from MSE to a product that is going to kill their system performance and cause problems is not good, especially if they are also going to spend $$ when they don't have to do this.

thenetavenger said,

Sadly, scaring people away from MSE to a product that is going to kill their system performance and cause problems is not good, especially if they are also going to spend $ when they don't have to do this.

Normally i agree with most of the things you say but from my own personal testing i have to disagree with you. There are a few free products which are lighter than MSE on XP and 7 which have a better detection rate than it. Mostly going on fresh malware from a couple of sites but also on scanning a folder (compressed and/or not) with several thousand samples.
Fake AV`s seem to be the flavour at the moment and i have found MSE to be not to great in picking them up. The exact same fake av can change signature several times in a day, keeping on top of it is an almost impossible task.
People need to learn to use (as you say) the inherent protections built into Microsoft`s latest OS and security best practice. Trouble is we know this isn`t going to happen

thenetavenger said,

If you want MSE to be as aggressive, set the definition updates to a more frequent level, even setting them to daily, will shove the realtime/0-day catches up with the top 'listed' products.

Incorrect. I think your information is either inaccurate or out of date. MSE updates definitions daily on my machine, without any settings changes from me.

And it has nothing to do with scanning at my end because I've disabled scheduled scanning. After all, if the realtime protection doesn't catch the malware coming into the system (when it is downloaded, whatever) why is it going to catch it when it scans the system?

MSE already scans everything coming in and out of the system, so there's no risk to me backing up or transferring (across the network or to a drive) and infected file...in and only if MSE's detection engine can catch it in the first place.

Well, great, now all the MSE fanboys can STFU. Common sense + Win. 7 = no viruses (actually I haven't used an AV for a long long time - going back to XP, and I've been safe)

If Norton etal, would quit foisting their stupid 'buttons- & toolbars' into every app you run and leave it in the systray like someone with a brain, I would use them, but to pollute your browser with a toolbar, and buttons in Outlook etc, no thanks. If I need to use Norton for any reason, its there in the lower right-corner I don't need it in my software.

Littlemutt said,
If Norton etal, would quit foisting their stupid 'buttons- & toolbars' into every app you run and leave it in the systray like someone with a brain, I would use them, but to pollute your browser with a toolbar, and buttons in Outlook etc, no thanks. If I need to use Norton for any reason, its there in the lower right-corner I don't need it in my software.

You do realize you can remove the toolbar and the buttons from Outlook, right? It's not like they prevent you from doing that.

The dynamic detection testing part is imo the most important part of this test. Anti-Virus products just can`t keep up with the amount of malware being churned out on a daily basis. White listing (whether by digitally signed or #) as opposed to signature black listing is the way forward. It may cause a few more problems at times and is not foolproof (Stuxnet anyone) but stopping the malware from executing in a non isolated/restricted enviroment in the first place is crucial.
MSE is fine for most Neowin readers as they know not to just allow this and that, use common sense etc. Purely on a signature/hueristics basis however it isn`t that great and the update period is just not good enough!
One other thing would you trust an AV that has let malware infect your system with cleaning it up ???

It's also worth noting that Avast had just as bad ratings, they had a 2.5 rating for repair, and 3.5 for protection. (MSE had 3.5 for repair, and 2.5 for protection).

Na I don't believe this, I switched from avast free, because it was not working out for me, to MSE and it seems to be working and it updates regular.Obviously paid anti virus might be better I am not willing to pay for anti virus

these tests will never say free AV is better , otherwise people will not buy them..anyway i dont change my MSE by seeing this. using since it was released so far so good...

+1 to Norton here. Has been much much better for 3 years, get on with the times!

By the way, anyone else would like to see MBAM on these comparisons? I think it works really good, but I'd like to see an actual exhaustive test on it. Dunno why it's never included tho.

I don't get it, complaint about Norton, I've two processes in task manager from Symantec, takes 4 MB RAM, disaster...
During Full Scan this incredible big RAM amount is rising to max 20MB, another disaster...

A few years ago, it was a very different story. I don't know about memory usage but overall computer performance died when Norton was doing its scan. To the point where people stopped using their computers and did something else until it had finished!

I knew a lot of people that ditched Norton for OneCare and still won't entertain the possibility of trying Norton again.

Just like You said, it was few years ago, at this moment Norton is quite other soft, since version 2008/2009 with every new one, program was better and better and this progress stays all the time

DonC said,
A few years ago, it was a very different story. I don't know about memory usage but overall computer performance died when Norton was doing its scan. To the point where people stopped using their computers and did something else until it had finished!

I knew a lot of people that ditched Norton for OneCare and still won't entertain the possibility of trying Norton again.

You didn't even need to be running a scan for your computer to slow to a crawl... LOL God am I glad they improved that. Every year now it gets faster...

Some of us will never forgive Symantec for what they did to millions of computers worldwide when they let Norton turn into system crashing, non-virus detecting, impossible to uninstall, operating system crashing, bloatware.

I'm glad that they seem to have gone back to the drawing board and have fixed their product line, but to me that only means that management finally decided to they had to spend money on proper programming again.

If management made the bad call once before, I am concerned they will make the bad call again one day. And I won't put myself, my friends, or my clients in jeopardy with a company that had already burned the entire world at least once before.

If you can exercise common sense MSE is more than enough. If you like to visit dogey websites and run dodgey apps and random exes then yes you probably do need idiot proof anti-virus. MSE is a solid mix of integration with the system and protection.

Osiris said,
If you can exercise common sense MSE is more than enough. If you like to visit dogey websites and run dodgey apps and random exes then yes you probably do need idiot proof anti-virus. MSE is a solid mix of integration with the system and protection.

+1

How many virus dedect e.g. Norton, BitDefender, Kaspersky...? On your system in e.g. the last 5 years? Zero too? I know it sounds idiotic, but with this virus rate on my system, the virus detection rate of a AV software is not the most important point why I choose an AV.

Examinus said,
Wow, what is happening with Eset? They were my AV of choice.

They started failing miserably about three years ago. Myself and others eventually had to stop recommending them and I don't know if they ever recovered. 8(

flexkeyboard said,
Firefox+ABP = Best anti-malware trust me

Maybe add sandboxie, and the scanning off files with a couple of on-demand scanners and i`d be more inclined to agree with you. Still what about e-mails, infected sites?

flexkeyboard said,
Firefox+ABP = Best anti-malware trust me

Firefox & ABP can't replace an antivirus but it still protects you from malware ads from being served to certain extent.

I would be interested in seeing how Symantec Endpoint Protection fairs against those listed in the article.

Huh, haven't I seen that getting prizes among the free ones? hmmm
Oh well, It's just there to complement some commons sense which really is your best protection

Leonick said,
Huh, haven't I seen that getting prizes among the free ones? hmmm
Oh well, It's just there to complement some commons sense which really is your best protection

Give that common sense talk a rest already.
Everyone can get infected by files shared by friends, colleagues, etc...

Saying you won't get infected is like saying you won't catch AIDS not using a condom and sleeping with many people.
Now with se* with multiple people you might even at least use common sense and have a clue or the knowledge someone is not infected (e.g. your wife, girlfriend, ... your sister... ), with viruses on computers, that might be even quickly shared with someone totally different, etc ... you can't say that.

GS:mac

You might be surprised that Nortons Business AV is actually pretty decent for what it is and their detection rates are great, simply their consumer/old products were.. "fat".

These tests are about how well the AV deals with viruses/malware in the wild, not whether you have a personal grudge against the UI.

Teebor said,
I was taking this seriously until I read Norton shared 2nd place

Yeah my understanding is that Symantec took a hint and revamped it a couple years ago, apparently it is a lean mean fighting machine for once.

Teebor said,
I was taking this seriously until I read Norton shared 2nd place
Yes, don't let facts stand in the way of your anti-fanboyism.

virtorio said,
Yes, don't let facts stand in the way of your anti-fanboyism.

WOW! pot kettle right there.

Either way my preferred and current AV comes in 3rd, so I'm happy enough with that. Never really liked the microsoft offering anyway

daPhoenix said,
You might be surprised that Nortons Business AV is actually pretty decent for what it is and their detection rates are great, simply their consumer/old products were.. "fat".

These tests are about how well the AV deals with viruses/malware in the wild, not whether you have a personal grudge against the UI.

It was more a comment about the fact that Norton used to have so many false positives reported that you just couldn't trust if it was a genuine issue or not. UI never comes in to it

Teebor said,

It was more a comment about the fact that Norton used to have so many false positives reported that you just couldn't trust if it was a genuine issue or not. UI never comes in to it

It still has a ton of false positives. I would be glad to assist them but since they basically blew me off last time then I won't be going back ever. No matter how good they make it. They can be #1 with a reported 0% false positive rate and I still won't go back to them.

Yes I'm aware they perform better but false positives have always been my biggest concern. Not performance.

Marshall said,
If you want the best protection without a resource hogging program then go with Nod32, hands down.

Nod32 USED to be the best, but after seeing it fail again and again last year, I moved everyone I know off of it.

Sad to see MSE drop so far down. It was pretty damn good for the past few years, up in the top ranks. To see it now at the bottom sucks.

And I can confirm that I have seen MSE fail to catch even simple adware on multiple machines recently. And it used to be bulletproof. 8(

Marshall said,
If you want the best protection without a resource hogging program then go with Nod32, hands down.

Once NOD32 started giving me some false-positives, I ditched it for MSE. Which I later ditched for Norton.

excalpius said,

Sad to see MSE drop so far down. It was pretty damn good for the past few years, up in the top ranks. To see it now at the bottom sucks.

And I can confirm that I have seen MSE fail to catch even simple adware on multiple machines recently. And it used to be bulletproof. 8(

Microsoft isn't marketing MSE as ad-aware, though. Let said products do what they need to best. MSE is a very good first line of defense to catch the worst of worst things from doing a lot of damage on your system, getting basic worms, etc. Try installing it in safe-mode. It won't let you. It wasn't designed to be a spyware/adware removal tool, it's supposed to be protection from getting those things on your system, in the first place.

DarkSim905 said,
It wasn't designed to be a spyware/adware removal tool, it's supposed to be protection from getting those things on your system, in the first place.

And my point is that it DOESN'T prevent them from getting in your system. I've had to help a half dozen friends recently when MSE failed to protect them.

This has all happened in the past six months, so I have to say that MSE has dropped the ball recently.

Hello,

Are you sure they were false positives? ESET often detects cracks, keygens and a bunch of other potentially unwanted applications that aren't strictly malware. Or at least fall into the gray area of "this good program can be used to do very bad things."

In any case, any better results with today's brand new beta of ESET NOD32 Antivirus v5?

Regards,

Aryeh Goretsky

OrangeFTW said,

Once NOD32 started giving me some false-positives, I ditched it for MSE. Which I later ditched for Norton.

False positives didn't concern me as much as the multi-processor code based crashes/freezes (after a year of waiting for the codefix, ahem)...

and the fact that it started slipping terribly regarding detection. I saw all sorts of friends get caught by malware that NOD32 missed. And it had been bulletproof before that.

After 12 months of broken detection and broken code, I moved everyone I know off of NOD32. 8(

yowan said,
MSE=Basic protection

MSE = More than I need to protect me. I just don't click "You won $100000000000" banners, and I'm safe, as I was in the last 18 months since I'm using it.

MafiotuL said,

MSE = More than I need to protect me. I just don't click "You won $100000000000" banners, and I'm safe, as I was in the last 18 months since I'm using it.

+1000

yowan said,
MSE=Basic protection

I've been using MSE since its initial release, installing on every computer I work on, and recommending it to everyone. The only times I got infections were when I know I allowed something sketchy to run.

I used to use bitdefender, then kaspersky and now I am using my 2 month trial of norton internet security I got when i bought my new laptop. True story.

compl3x said,
I used to use bitdefender, then kaspersky and now I am using my 2 month trial of norton internet security I got when i bought my new laptop. True story.

Why would you use a two month trial? Are you just testing to see if it works for you?

IMO, Norton has way too much bloat.

Tom Z said,

Why would you use a two month trial? Are you just testing to see if it works for you?

IMO, Norton has way too much bloat.


Give the Norton too much bloat comment a rest already, it was nothing like it was in the past.

Tom Z said,

IMO, Norton has way too much bloat.

Times have changed. Norton is nothing like it used to be (from pre 2009). It's fast, light and powerful.

Sub_Zero_Alchemist said,

Give the Norton too much bloat comment a rest already, it was nothing like it was in the past.

Yes well we all know where PCWorld gets its advertising dollars from and its not Microsoft. MSE gets updates every day from Microsoft, I don't believe it doesn't know about the latest viruses/malware, and yes it has a light footprint that doesn't kill your machine's performance.

You can bet the "selected" testcases were provided to PCWorld by the winners (bit defender or bullguard etc)

I agree about Norton's - absolute useless bloatware, designed to turn a modern high spec machine, into an equally useless old i386.

dvb2000 said,

Yes well we all know where PCWorld gets its advertising dollars from and its not Microsoft. MSE gets updates every day from Microsoft, I don't believe it doesn't know about the latest viruses/malware, and yes it has a light footprint that doesn't kill your machine's performance.

You can bet the "selected" testcases were provided to PCWorld by the winners (bit defender or bullguard etc)

I agree about Norton's - absolute useless bloatware, designed to turn a modern high spec machine, into an equally useless old i386.

I agree completely, and I just stepped off my time machine too.

dvb2000 said,

You can bet the "selected" testcases were provided to PCWorld by the winners (bit defender or bullguard etc)

The testing was done by a third party, not PCWorld...

Tom Z said,

IMO, Norton has way too much bloat.
The last two or three editions of Norton AntiVirus are the exact opposite of that.

Tom Z said,

Why would you use a two month trial? Are you just testing to see if it works for you?

IMO, Norton has way too much bloat.

My last internet security software license expired just before I bought my new laptop so I am still deciding which one I want to buy. I think I might go back to bitdefender.

It is true norton in the past was bloated and damn near unuseable, I really hated it, but this new one actually seems to be quite good.

dvb2000 said,
I agree about Norton's - absolute useless bloatware, designed to turn a modern high spec machine, into an equally useless old i386.

You guys who say Norton is full of bloat now obviously haven't used the latest versions.
I've got NIS 2011 installed on my desktop and laptop and they run perfectly fine. Right now it's only occupying 10 K of memory space, both user and system. It runs fast and much more efficiently, and installs/uninstalls in less than a minute without any fuss.

Norton really stepped up their game lately, so stop giving it so much crap till you've tried it.

OrangeFTW said,

You guys who say Norton is full of bloat now obviously haven't used the latest versions.
I've got NIS 2011 installed on my desktop and laptop and they run perfectly fine. Right now it's only occupying 10 K of memory space, both user and system. It runs fast and much more efficiently, and installs/uninstalls in less than a minute without any fuss.

Norton really stepped up their game lately, so stop giving it so much crap till you've tried it.


That is the danger of making bloated software. People try it once, hate it and never want to use it again.

OrangeFTW said,

You guys who say Norton is full of bloat now obviously haven't used the latest versions.
I've got NIS 2011 installed on my desktop and laptop and they run perfectly fine. Right now it's only occupying 10 K of memory space, both user and system.

I think you may want to re-evaluate that - it's impossible for a start and most likely you've missed Norton's services!

Nice dream tho

compl3x said,

That is the danger of making bloated software. People try it once, hate it and never want to use it again.

All companies screw up now and then. People who do not recognize efforts of software companies to mend their mistakes are bordering on ignorant.

vanx said,

All companies screw up now and then. People who do not recognize efforts of software companies to mend their mistakes are bordering on ignorant.

I don't think it is so much of a screw up as it is an attempt to get customers to use their software for everything and charging them for things they never wanted in the first place. If I want an app to simply burn CD/DVDs I don't want to get something that creates media libraries, a media encoder and DVD builders, audio editing software, a photo manager, something to manage my removable devices etc... Siftware comapnies aren't doing their consumers a favour by adding features they don't need, want or use.

Sub_Zero_Alchemist said,

Give the Norton too much bloat comment a rest already, it was nothing like it was in the past.

Yeah, it really gets old. I've been using Norton for a decade and anyone that still claims it's bloated hasn't seen Norton in at least 4 years (When they started slimming it down). It really puts your knowledge in question when you're that far behind the curve...

compl3x said,
I don't think it is so much of a screw up as it is an attempt to get customers to use their software for everything and charging them for things they never wanted in the first place. If I want an app to simply burn CD/DVDs I don't want to get something that creates media libraries, a media encoder and DVD builders, audio editing software, a photo manager, something to manage my removable devices etc... Siftware comapnies aren't doing their consumers a favour by adding features they don't need, want or use.

I think that users are responsible for choosing a suitable product to meet their requirements. They can choose a product that does just what they want or they may prefer a piece of software that does what they want + extra. All features included need to have a business case, design, implementation and testing (depending on software dev methodology used). The above costs time and resources. Don't be mistaken by thinking that features are included on a whim.

If you do not like a piece of software, vote with your wallet. Buy something else.