Microsoft antivirus apps: Three basic facts everyone must know!
Today, I’d like to introduce three important facts about Microsoft antivirus products that everyone should absolutely know. Of course, that means you should first know that Microsoft creates antivirus products.
3. In essence not divided
Microsoft develops four antivirus apps: Windows Defender (originally not an antivirus before Windows 8), Windows Defender Offline, Microsoft Security Essentials (MSE) and Endpoint Protection. They use the same antimalware engine and pretty much do the same thing. Endpoint Protection has an additional reporting feature which enables a System Center Configuration Manager to monitor it remotely. Other three do not have this enterprise-only feature. Endpoint Protection also runs on Windows Server operating systems. Microsoft Security Essentials runs on Windows 7, Windows Vista and Windows XP. Windows Defender, which comes with Windows 8, does not have a Network Inspection System module, though Windows 8.1 has promised to implement this feature. Windows Defender Offline is a virus scanner meant to scan an offline system via a Windows PE boot disc to find and eliminate rootkits that cloak themselves by subverting Windows kernel. (These culprits lose their cloaking ability once the kernel that they subverted is no longer running.) So, naturally, it does not have real-time monitoring features.
They even look somewhat the same, so much so that even Windows Defender Offline says “Windows Defender Offline is monitoring your PC and helping to protect it” just so that it looks like the others.
2. They use the same virus definitions
Microsoft publishes two sets of virus definitions: one for IA-32 and one of x64 systems. These definitions are compatible with all aforementioned products. They even work with older versions of Windows Defender, which were not antivirus at all.
Note that ARM systems running Windows RT do not need an antivirus because they are virtually impregnable to computer viruses unless jail-broken. (As for the jail-broken systems, Microsoft’s answer is probably something in the line of “Ha ha! serves you right!”)
I was considering writing an article about ins and outs of copying virus definitions between systems but that’s off… for now.
1. “They are useless”, say the independent test labs
When Microsoft Security Essentials first came out, its protection score was impressive. It did very little in the way of protection, i.e. it only featured signature-based virus detection. But it did it very well. Microsoft Antimalware engine caught malware red-handed and generated zero false positive. It rocketed Microsoft to the position of the top North American antivirus producer and second world-wide vendor.
It still generates zero false positive, only it has long fallen from grace: Its ability to find malware is no better than that of a corpse. According to AV-TEST labs (a German independent lab), since April 2012, Microsoft antivirus products in home and corporate markets started losing protection score. On August 2012, they lost their certificate. Finally, on June 2013, they achieved the lowest possible score: Zero!
AV-TEST is not the only lab that hints of abysmal protection: Test by Dennis Technology Lab of the United Kingdom have also yielded a negative (below zero) protection score. It appears the myth of no false positive is, in the end, no myth at all: They don’t generate positives at all; be it true or false positive.
Microsoft response to all this, as always, have been erasing the question itself: We know better, you are wrong, is what Microsoft says. There was a time when Microsoft simply couldn’t do wrong; but that time is long past.
Please switch to another antivirus today. Avast! and Comodo both offer free antivirus products.
Posted on 21 August 2013, in Software Development and tagged Endpoint Protection, ForeFront, microsoft antivirus, Microsoft Security Essentials, System Center, virus definitions, Windows Defender. Bookmark the permalink. 1 Comment.