Windows Live OneCare place last in anti-virus evaluation

Anti-virus researcher Andreas Cleminti, owner of Innsbruck, Austria-based AV Comparatives Web site posts quarterly results of tests that compare the top anti-virus products against a dynamic list of nearly half a million individual pieces of malware. In his February 2007 on-demand comparative, Cleminti tested 17 anti-virus programs and found Microsoft's Windows Live OneCare claimed last place after detecting 82.4% of the threats. G Data Security's AntiVirusKit (AVK), scored the best score: 99.5%. Following close behind were: AEC's TrustPort AV WS (99.4%), Avira's AntiVir PE Premium (98.9%), MicroWorld's eScan Anti-Virus (97.9%), F-Secure's Anti-Virus (97.9%) and Kaspersky Labs' AV (97.9%).

Cleminti also tested the 17 products against polymorphic viruses, those which produce sometimes vast numbers of variants as they try to sneak by scanners. "The results of the polymorphic test are of importance because they how flexible an anti-virus scan engine is and how good the detection quality of complex viruses is," said Cleminti in his write-up. Only Symantec's Norton AntiVirus and ESET's NOD32 Anti-Virus caught every variant of the 12 polymorphic families, he said. In that test, OneCare placed 15th, detecting every version of only two families, and missing seven of the polymorphic families completely.

"We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests," a Microsoft spokesperson said.

Link: AV Comparatives | Forum Discussion (Thanks macstorm)
View: February 2007 On-demand Comparative
News source: ComputerWorld

Report a problem with article
Previous Story

Lenovo recalls 100,000 laptop batteries

Next Story

Microsoft to issue fix for Zune glitch


Commenting is disabled on this article.

I was beta testing OneCare and had to un-install it. I've never come across a product that takes over my system in such an awful way as OneCare.

Hopefully it's better for users once it's out of beta (and hopefully they fixed it so that it doesn't take over your firewall settings AKA delete them)

I still have no interest in using this as it's just entering the AV arena. Though, what do you expect? Sometimes things don't come out 100% working right off the bat. Either way, I hope for everyone that's using this that MS fixes it up soon enough.

Oh, and I do think the title is a bit misleading as well. Then again, who cares about Zatab's FREE Anti-Virus Solution Mix 101 Dr. Fix All-In-One Security Locked Hotdog Sandwich $9.99 software?

Good point. However, look at Norton Anti-Virus. They, deservingly, held the top place for AV for a long time. Then, along comes Symantec, and now they are considered by many to be the worst in AV.

Does anybody know anyone who has had a Virus, any type of malware or had there system hacked while running onecare? if so I would like to hear how!

Well.. I'm not surprised of the results since this AV hasn't been out for long, remember this program started on beta last year.. so maybe over the next few years they are gonna improve it.

Interestingly if you look at the chart

onecare did "very high" in dos virus detection, "excellent" in dialer removal, and "mediocre" in "potentially unwanted programs". Is that spyware or what? You have to read the whole report to find out according to the graph

Also, it did poorly in "Detection of polymorphic viruses"

Is is still one of the nicer packages as far as impact goes. Lets see how MS reacts to the report.

(edit: looks like they block links other than thier main page so you will have to find the chart on your own )

dugbug said,
"mediocre" in "potentially unwanted programs".

I was about to comment on that too... a lot of people, which includes Neowin readers, know that some antivirus programs detect anything and everything they can find to boost their "detection rate", as long as the software can be considered as "potentially unwanted". The problem is that although many people agree this is an intolerable practice, everytime a test is published, the one and only thing that seems of interest is the final count of "stuff" that was detected by the program.

If they add eMule in their list of software and an antivirus doesn't detect it, then it will miss a "point", consider thousands of programs like that and you understand how those results can be produced.

Again, those of you who actually read the report already know this:

From Conditions for participation

"Due (to) the high interest of Anti-Virus vendors to participate in our tests, we increase the needed minimum detection rate again to 85% (instead 80%) and include for the time and resource reason only the top 17 products in this test - all other products (which some of them may also meet the requirements) will take part in another test which will be release soon."

Another word, MS OneCare is the last of "top 17", so saying OneCare placing last is at least inaccurate, and at worst, purposely misinforming.


So, it placed LAST in the products tested. Don't get your panties in a bunch. In any case (no matter where it places) the product at this point is pretty much useless.

Are yours already bunched up? You, in the same breath, said "it placed LAST [but] no matter where it places... [it's] useless".

So, you could also say "Product X in this experiment placed dead LAST out of the top 3 so it's useless, even if it wasn't last".

Must be that Mac logic ;)

But please, continue to base your opinions on other people. Don't dare try it yourself and form your own conclusions.

Whoa... I already knew that their OneCare sucks badly, but that it is this abysmally bad to place last?

Indeed, shoddy security products from MS are no surprise.

You are obviously confusing Microsoft for Symantec. When it comes to bad security software, nobody beats Symantec.

I'm so surprised..... Microsoft releases a shoddy product.......

What is in those guys minds when they release a product way too soon? Security should have been one of the top concerns. It's not like this is uncharted territory. OneCare should have been the best or at least tied for the best.

BTW, 82% detection is HORRIBLE for a product produced by Microsoft. I remember the old days (DOS) when their products gave us what 3rd party vendors lacked.

Im not too worried about that. Im sure MS will fix what ever loopholes there are. Especially since its just been released and with the release of Vista, and thier campaign to make thier products more secure,

it's pretty crap IMHO. Dead last is dead last afterall. Sure its "new" but MS bought out a company with the software to begin with as far as i'm aware. Seems like more could be done. Hopefully the product improves anyway.

drygnfyre said,
82% isn't a bad detection rate for a fairly new product.
82% sounds good. But it was the worst tested. And, if it stops 8 out of 10 viruses, how quickly will it fail on a PC that receives 10 pieces a day? A week before it gets one it doesn't handle? An hour? A month?

82% is much worse than 100%. And, the amusing thing is that everyone rushes to defend the low score (as they did in an earlier posting on how OneCare bombed the recent VB100 testing) without realizing that OneCare scored 100% (yes, perfect) on the previous VB100 testing.

So, they already had a great product, then they let it fall into the crapper.

Smigit said,
it's pretty crap IMHO. Dead last is dead last afterall. Sure its "new" but MS bought out a company with the software to begin with as far as i'm aware. Seems like more could be done. Hopefully the product improves anyway.

Wrong, you're thinking of Windows Defender, in which case you're still wrong.

Microsoft bought out a company called Giant which made Giant Anti-Spyware.

It was a great competitor to AdAware & Spybot S&D.

The original releases they made of Windows Defender still used that products technology but eventually they found it too cumbersome to work with and they just built a whole new spy/adware destroying application which is what became the Windows Defender we have today.

Now Windows Live OneCare is an application built entirely from the ground up by a team at MS. The 1.5 version just came out of beta and more work is going into the beta that will be starting soon and also there is a perpetual beta group (I'm one of the members) that tests all public releases before they get released to see if we can find any showstopper issues.

So far I believe we're doing a great job in testing it and make sure it works. However if there are issues with virus detection it could either be in the definitions or the Heuristics.

Now I haven't had time to fully read this report but does it state what level of Heuristics they had each AV scanner running at? That can make quite a difference in the testing results and if they don't list it then they could be skewing the facts in favor of a payoff.

"how quickly will it fail on a PC that receives 10 pieces a day?"

If you have a user that receives 10 pieces a day then the problem certainly is not your AV software.

Whatever happened to people taking responsibility for themselves? Or do they just install a program and think they can turn off their brain and then blame the computer when something goes wrong?

Well, isn't this more a defenition and not an engine problem? If it's not finding a few things then maybe they're not listed in the defenition file etc.

From the report:

"(*) AVK, eScan, F-Secure and TrustPort are multi-engine products:
- AVK 2007 contains the Kaspersky and Avast engines ... "

And new AVK 2007 was expected to be inferior than previous 2006 version (Kaspersky+BitDefender engines) on these tests. This last one proves the opposite.

i hadnt heard of the multi engine scanners but that actually makes ALOT of sense at least for the manual/scheduled scan.

I'm optimistic about it's ability to improve. It just came out of Beta, and is Microsoft's first real attempt at a definitive anti-virus solution.

wow, maybe i should switch my AV then? oh, btw typo in main title "evaluatio" instead of "evaluation"

Slimy said,
Yeah, title got cut off, noticed it right before reading your comment :p

might wanna fix the link to the forum discussion as well, and the view link, middle one