Tests performed by AV-Test.org show Microsoft's malware solutions work--but they're far from the best. The company needs to do better.

According to AV-Test.org, an independent security research organization, more than 390,000 new malware applications are discovered and registered every day. No matter how you slice it, that is a lot of malware to track and counteract. No wonder so many enterprises fall victim to malware attacks--their defenses are overwhelmed.

Microsoft continues to renew its commitment to creating a secure operating environment for its enterprise clients, but there is very little the software company can do to counteract the major weakness in all security systems: people. Technology, no matter how sophisticated, can't outwit its users.

Virus protection 2016

In October 2016, AV-Test.org conducted its annual test of all the major purveyors of security software on both a consumer and enterprise level. The organization carried out more than 13,000 malware attacks against 22 consumer applications running under Windows 10 and 12 enterprise endpoint security solutions running Windows 8.1.

The test criteria were based on three factors: protection, performance, and usability. The good news is that all the test applications passed and received AV-Test's official certification. As you might imagine, some applications protected better than others and some applications performed better than others. But only a few did all three factors well.

In the enterprise test, Microsoft's System Center Endpoint Protection fell in the fair-to-middling range, achieving an overall score of 14 out of a possible 18. By comparison, Bitdefender and Kaspersky Labs had the highest scores, both posting perfect 18s.

Examine the numbers a little more closely and you will note that Microsoft's endpoint solution had very good performance and usability scores with a mediocre protection score. Perhaps Microsoft traded protection for better performance?

The consumer part of the test shows that Microsoft Windows Defender running in Windows 10 also failed to impress in the protection factor, while scoring fairly well in performance and usability.

Bottom line

On a global scale, malware costs enterprises and consumers billions of dollars in lost productivity and worker hours every year. It is a big problem and there is little hope malware will ever be truly eliminated.

The AV-Test seems to show that, while Microsoft has professed a renewed effort to combat malware attacks in its products, it still has a long way to go. In real-world scenarios, Microsoft's malware protection solutions and applications are mostly adequate, but they could be, and should be, improved.

Technology is only part of the problem, however. The easiest and most common way malware gets into an enterprise is through its people. Human beings, no matter how well-trained or how well-intentioned, are flawed and prone to manipulation by other human beings. Technology can reduce the number of ways malware can enter a system--but as we all know, users often circumvent technology in the name of convenience or expedience.

People are the weakest link in any security system. IT professionals must contend with this fact on a daily basis, and while better technology certainly helps, it is not enough. So yes, Microsoft should continue to improve its security solutions across the board, but that is not going to completely solve the problem of malware in the enterprise. Unfortunately, no system is ever truly secure.

Microsoft Weekly Newsletter Be your company's Microsoft insider by reading these Windows and Office tips, tricks, and cheat sheets. Delivered Mondays and Wednesdays Sign up today

Also read...

Your thoughts

Which malware protection software does your enterprise use? Is it time for an upgrade? Share your experience with your peers in the discussion thread below.