Security Essentials fails 'AV-Test Certified' stamp of approval and Microsoft says it does not matter
Three days ago, the AV-TEST Institute published its latest results for consumer security product testing, which was conducted on Windows 7 during a two month period, through November and December 2012. From the 25 security solutions analyzed in the roundup, only three products failed to receive the recognized AV-TEST certificate, one of which was Microsoft's own Security Essentials.
The software giant was prompt to respond to the latest test results, by emphasizing that "a rigorous review" is conducted in-house "whenever test results warrant it". Obviously, Microsoft does not shoot itself in the foot, as you may assume, and provides a number of internal test results in order to reassure users that Security Essentials is not as bad as the AV-TEST Institute may suggest. Question is: Why put itself on the spot in the first place?
According to Microsoft, 0.0033 percent of users of Security Essentials and Forefront Endpoint Protection (which also failed to pass the challenge) "were impacted by malware samples not detected during the test". Furthermore, the company says that "94 percent of the malware samples not detected during the test didn't impact our customers". Basically that suggests that 6 percent of the malware samples that were not detected did impact 0.0033 percent of its users. Why not phrase it like that?
That's because it does not carry the same ring to it, of irrelevance to "customers" per the overall scheme of things. The software giant also says that it prioritizes "protection work based on prevalence and customer impact measures". By comparison, some dedicated security companies with products analyzed in the test did manage to extend their priorities on a much larger scale.
What's also worth noting is that Microsoft outlines the following: "AV-Test shared some of the difficulties and shortfalls in many of the independent industry tests in a presentation they gave at the AVAR (Association of Anti-Virus Asia Researchers) Security Conference in 2012", and further continues along that route. Questioning the test and finding excuses is not how security products should be established as top-notch or gain better marks, Microsoft!
The software giant also admits that Security Essentials failed to detect 28 of the 0-day malware samples and 9 percent of the recent ones, and therefore the security product did not pass the minimum bar established by the AV-TEST Institute. But seeing as Microsoft's response is to find an excuse, the company states that during its own internal review the "customer-focused processes" already had signatures in places that did protect from 4 percent of the missed samples.
A further two percent of missed malware "existed across 0.003 percent" of Security Essentials and Forefront Endpoint Protection users. The remaining 94 percent of the samples simply do not matter, according to Microsoft, for customers as a whole.
In order to receive the seal of approval, the AV-TEST Institute requires each product to score at least a 10 out of 18 rating as well as a minimum of 3.5 out of 6 in each category. The software giant's security product managed to tick the first box but failed at passing the second in not one, but two categories -- for "Protection" and "Repair", it received a 1.5 out of 6 and 3.0 out of 6, respectively.
The AV-TEST Institute did grade Security Essentials with a significantly better 5.5 out of 6 in the "Usability" category, but the latter was not enough to make up for the two disappointing scores. By comparison Symantec's Norton Internet Security 2013 managed to post a 16 out of 18 with BitDefender's Internet Security 2013 topping the charts at 16.5 out of 18. For both products the lowest mark is 5 out of 6.