by Andy Patrizio
There was an old joke in the MS-DOS days: “DOS ain’t done ’til Lotus won’t run.” Microsoft was accused — falsely, as it turned out — of deliberately breaking Lotus 1-2-3 when it released a new version of MS-DOS.
That may be fiction, but here’s a real case of broken software: security firm BitDefender ran a test of 385 malware samples from the top 100 most prevalent forms of malware on Windows 8 machines with Windows Defender, the default free antivirus software Microsoft offers. Only 61 of the 385, or 15%, would even infect the computer. With Windows Defender disabled, 234 of the samples ran successfully (60%), while the other 40% either could not start on the machine for various reasons, crashed, or were blocked by UAC.
The fact that a new OS would be immune to 85% of existing malware with the most basic of defense should be seen as good news. But BitDefender chose to lead with “Windows 8 prone to infection by leading malware threats, controlled test shows” in the headline of the press release.
Coincidentally, BitDefender just launched its 2013 line of security products, certified for Windows 8, earlier this week.
Catalin Cosoi, chief security researcher at BitDefender, was much more praising of Windows 8 and Defender than the company’s press statement. “Of course, the fact that the new operating system from Microsoft blocks out of the box 85% of the malware in the top 100 is a great. The introduction of Windows Defender to Windows 8 will definitely change the overall security of the user for better,” he said.
“The purpose of our test was to find the issues with Windows 8 so we can advise and guide the user in achieving 100% protection, not to discredit Windows Defender or Windows 8,” he added. “[Windows 8] plays much better from a security standpoint. The fact that it comes with an antivirus is a great mitigation in front of malware. If we?re talking about Windows 8 without Defender enabled, then there is little difference as compared to Windows 7 in the type of test we carried.”
Randy Abrams, research director with NSS Labs, questioned the methodology of the tests. “With Internet Explorer 10 and AppRep, Microsoft has made it considerably harder for the malware to get to the operating system to begin with. Again, no mention was made of how BitDefender got the malware onto the system to start with. If you copy malware onto the system in manner in which it is not normally delivered you will skew the real world results of the test.”
Cosoi said that the tests were meant as an operating system stress test. “We were interested on how many of the most notorious samples can circumvent the safety mechanisms of the operating system without the user?s interference. That is why we did not use zero-day malware or malware that had been collected one day before via honeypots. We rather went for the obvious, most common malware that the user may stumble upon,” he said.