[ISN] Microsoft's OneCare comes last in new test

From: InfoSec News (alerts@private)
Date: Sun Mar 04 2007 - 22:10:06 PST


By John E. Dunn
02 March 2007

A new test of anti-malware programs has found that Microsofts OneCare 
software is by some margin the weakest product on the market.

Austrian outfit, AV Comparatives, found that out of 17 programs put 
through extensive tests against a wide range of malware, OneCare was 
only able to detect an average of 82.4 percent of what was thrown at it. 
To put this into context, the next worse program, Dr Web, scored 89.27 
percent, with the other 15 programs under scrutiny scoring rates from 
approximately 92 percent to 99.5 percent.

The top-scoring programs were G Data Securitys AntiVirusKit 
(99.45percent), AECs TrustPort AV (99.36 percent), Aviras AntiVir PE 
Premium (98.85 percent), Kaspersky Labs Kaspersky AV (97.9 percent), and 
MicroWorlds eScan Anti-Virus (97.9 percent).

Rival big-name brands such as McAfees VirusScan, Symantecs Norton 
Anti-Virus, and GriSofts AVG, scored 91.6 percent, 96.8 percent, and 
96.3 percent respectively, well above OneCares poor showing.

The tests set the programs against a million-sample round-up of malware, 
including Windows and macro viruses, worms, backdoors, rootkits, 
Trojans, scripts, diallers, and spyware.

AV Comparatives also tested each program against a sample of polymorphic 
viruses, a class of malware where a large number of related variants are 
generated from an original piece of malware. Detection rates for these 
are considered to be an acid test for anti-malware programs because it 
demonstrates the flexibility of a products detection engine.

Again, OneCare scored weakly, detecting only 4 out of the 12 
polymorphics pitted against it. The majority of other products found 
between 6 and 12 of these, with only three programs achieving poorer 

Unlike all of its rivals, Microsofts OneCare is a new and clearly still 
immature product, and the company will no doubt aim to improve its 
performance as time passes. Nevertheless, it has a chequered recent 
history, falsely flagging Googles Gmail email service as suspicious, 
only last November.

Then, two weeks ago, the companys Defender product scored poorly in 
tests carried out by an Australian lab, Enex Testlab. Defender was only 
able to pick up just over half of the malware tried against it.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Sun Mar 04 2007 - 22:18:06 PST