Over the last week Microsoft Corp. has had more than its fair share of humble pie.
Last week, the Redmond, Wash.-based software vendor fell short of the necessary 11 points required to pass certification by independent lab AV-Test for its free anti-virus tool Microsoft Security Essentials.
The Magdeburg, Germany-based independent lab AV-Test is one of a handful of evaluators that rates an array of anti-virus products to determine how well they stand up against the latest zero-day attacks, advanced persistent threats and other targeted malware yet to garner a signature.
Altogether, the test gives equal weight to three components of security: protection, which keeps new malware from invading users’ machine; repair, remediating malware that already exists on the users’ computer; and usability, doing the job without slowing the system or creating any false positives.
With a total of 10 points, Microsoft’s Security Essentials came close, but still failed to make the grade. While the firm did fairly well in the repair and usability arenas, it only received 1.5 out of a possible of six points for its ability to protect users from a slew of modern threats.
Top honors in this round went to Romania-based Bitdefender, which passed with a combined top score of 16.5 points. Both Kaspersky Lab and Norton tied for second, with 16 points each.
It might be a hard pill to swallow for Redmond, but it’s certainly not a first. Microsoft’s anti-virus solution didn’t pass muster with AV-Test during the last round of testing a few months ago either.
Since then, Microsoft’s Joe Blackbird, program manager at the firm’s Malware Protection Center, has publicly questioned and rebutted the test results in an extended company blog post, maintaining that “94 percent of the malware samples not detected during the test” had no impact on customers.
While that may be true, Microsoft is clearly falling short when it comes to zero-day protection. Both its free consumer offering Security Essentials, as well as its commercial Forefront line came in dead last in this area, nabbing just 78 percent of zero-days.
Solution providers might have some explaining to do to worried customers, now fearful that their anti-virus solution might be giving a free pass to more advanced threats than they care to count.
But here’s why it might not matter.
As of late, Microsoft has been placing less focus on its Forefront products specifically, and security in general. Last year, the software company gave the axe to a laundry list of Forefront products, including 2010 Exchange Server, SharePoint Security for Office Communications Server, Threat Management Gateway (TMG) 2010 and TMG Web Protection Services.
Following Microsoft’s “change to the roadmaps,” solution providers questioned if the software vendor would kick its Forefront security line to the curb altogether. And while it still is hanging on in this arena with anti-virus, Microsoft has also made it clear that its energies are elsewhere.
Also as mentioned previously by Channelnomics, security has never been a staple of the company’s product line, but rather a convenient add-on to its bulky line of software and infrastructure offerings.
Considering Microsoft’s user base, that number is likely quite high. In other words, it’s typically perceived as a channel value-add, as opposed to a standalone solution.
To that end, security solution providers have said that they don’t consider Microsoft security products leading, instead preferring to pad customer defenses with a dedicated third party solution.
That’s not to say that Microsoft security products don’t have value. However, when used, Microsoft’s security products likely provide an additional layer to an overall solution, as opposed to the solution itself, partners say. And while Microsoft security can possibly bolster a customers’ overall security posture, it likely won’t be the only solution that will be applied to combat increasingly sophisticated threats.
That said, Microsoft’s security division is facing many of the same challenges as other anti-virus vendors – staying competitive amid a rapidly evolving threat landscape replete with evasive and highly mutated threats. As mentioned by Channelnomics, that explosion of zero-day threats and other advanced malware have also rendered anti-virus less effective in general, relegating it to a much smaller — but necessary — piece of the overall security puzzle.
AV-Test’s latest result didn’t help Microsoft on that front. But chances are that most solution providers had their customers protected in other ways.
One Response to “Microsoft AV Test Bears Little On Channel”
Leave a Reply