by Andy Patrizio
Even Microsoft will tell you its Security Essentials shouldn’t be your only line of defense on your PC, although it is still valuable in stopping malware. However, when a popular antivirus testing lab yanked certification, the company took it badly.
AV-Test is a German group that evaluates the efficacy of antivirus products, and its certification carries a lot of weight. In its December tests of 25 antivirus programs, only three failed to win AV-Test’s endorsement: AhnLab: V3 Internet Security, PC Tools Internet Security 2012 and Microsoft Security Essentials.
MSE is the consumer product but Microsoft also has a corporate antivirus program, using the same detection and cleaning engine, called Forefront Endpoint Protection. So it didn’t get AV-Test’s blessing, either.
AV-Test noted that MSE was excellent against widely known threats, but against zero-day threats it fared poorly and did not do a good job of removal of malicious components or do full system remediation.
Microsoft fired back in a blog post by Joe Blackbird, program manager for the Microsoft Malware Protection Center. He made three rebuttals:
1) AV-Test reports on samples hit/missed by category. Microsoft reports are based on customer impact. He had noted that 0.0033 percent of MSE and Forefront Endpoint Protection customers were impacted by malware samples not detected during the test.
2) Telemetry from hundreds of millions of systems around the world report that 99.997 percent of customers hit with any 0-day did not encounter the malware samples tested in AV-Test’s samples.
3) While AV-Test says MSE missed 9 percent of “recent malware,” Microsoft’s telemetry says that 94 percent of these missed malware samples were never encountered by any of its customers.
Microsoft has pointed out in the past that the threat from zero-day attacks are severely overblown. Zero-day vulnerabilities accounted for just 0.12 percent of all exploit activity during the first half of 2011, while the vast majority of infections were from malware that was months or years old and were known to all antivirus vendors.
While Microsoft defends the accuracy of its antivirus software, a new malware is striking Skype, its messaging and VoIP service. Threatpost reports writes that the variant of an old piece of malware, called Shylock, has been spotted in the U.S., UK, and Europe. This version has new features, including the possibility to send malicious links to the victim?s contacts though the chat option.
The malware relies on a network of infected Web sites to perform drive-by download attacks as the initial form of infection. Once it installs itself on the user’s computer, it sends malicious links to the victim’s contacts through the chat function.
Microsoft said it has detections available for the Shylock, officially known as Backdoor:Win32/Capchaw.N. “We continue to encourage customers to avoid opening links from untrusted sources and visiting untrusted sites,” said the spokesperson.
Microsoft is slowly migrating its instant messenger users to Skype. Windows Live Messenger will be shut down on March and MSN Messenger will also go offline soon, with users migrated or encouraged to move to Skype.