The word is in, and it's not good: Microsoft's free Security Essentials anti-virus software doesn't do much to protect computers against infection.
On Monday (Jan. 14), German anti-virus software testing lab AV-TEST announced that Microsoft Security Essentials had failed to meet the minimum standards of protection, repair abilities and usability for the second time in a row.
AV-TEST prefers to let the numbers do the talking instead of issuing journalist-friendly press releases, but essentially, Essentials failed to catch 28 percent of previously unseen "zero-day" malware and 9 percent of malware that was only a few months old.
Only two other products, both paid, out of the 25 tested also failed AV-TEST's latest round: AhnLab V3 Internet Security 8.0 and PC Tools Internet Security 2012.
Both, however, did markedly better than Microsoft Security Essentials in protecting users from malware.
Tests? We don't need no stinkin' tests
Microsoft's manager of malware protection, Joe Blackbird, fired back in a company blog posting Wednesday.
Blackbird argued that AV-TEST's tests are irrelevant, since they overemphasize protection against malware that most Microsoft customers will never encounter.
"Our review showed that 0.0033 percent of our Microsoft Security Essentials and Microsoft Forefront Endpoint Protection customers were impacted by malware samples not detected during the test," he wrote.
"In addition, 94 percent of the malware samples not detected during the test didn't impact our customers."
Microsoft Security Essentials' paid sibling, Microsoft Forefront Endpoint Protection, failed in the latest round of AV-TEST's enterprise testing.
Blackbird also pointed out that Microsoft Security Essentials did block 100 percent of the malware that was more than three months old.
Patterns of force
Ninety-four percent may be an "A" grade in middle school, but it'd be cold comfort to anyone hit by a zero-day bug that Microsoft Security Essentials failed to catch — for example, the countless people hit by the latest Java zero-day browser exploit last weekend.
More sophisticated — i.e., more expensive — anti-virus products rely less on malware definitions and more on "heuristics," ways to detect behavior patterns characteristic of malware.
Such products were at the top of AV-TEST's list: Bitdefender Internet Security 2013, Kaspersky Internet Security 2013 and Symantec Norton Internet Security 2013 on the consumer side, and Kaspersky Endpoint Security 2013 on the enterprise side.
All tests were done on machines running the 64-bit edition of Windows 7, Service Pack 1. AV-TEST has not yet concluded comparative anti-virus product tests on Windows 8.
Microsoft has bundled Security Essentials, renamed Windows Defender, into Windows 8 and activated it by default to give all users at least some degree of protection.
In Windows 7 and earlier versions of Windows, Microsoft Security Essentials had been an optional download.