Stress Testing Microsoft's Free Anti-virus Offering

Microsoft's free new anti-virus product is earning decent marks in preliminary tests, putting it roughly on par with many other stand-alone anti-virus products available today.

A number of readers seem keen to try out Microsoft Security Essentials (MSE), but are eager to hear how the program stacks up against other free anti-virus tools in terms of detecting and removing malware. While the results of early testing may not provide that side-by-side comparison, they do offer a glimpse of how effective MSE may be in blocking and tackling some of the most common threats currently in circulation.

The MSE performance analysis comes from av-test.org, a group that routinely publishes the results of anti-virus stress tests. AV-Test ran MSE against 3,732 samples of malware that are currently infecting PCs around the world, and found that the program blocked all of them, both when the samples were opened or accessed and when the malware was manually scanned.

Using Windows XP as a testbed, AV-Test also dunked MSE into a hostile environment of more than 545,000 current computer worms, viruses, backdoors, bots and Trojan horses, and found that it was able to detect more than 98 percent of those samples. Pitted against threats labeled adware and spyware, MSE earned a detection score of just over 90 percent.

AV-Test's Andreas Marx said the group's testing found MSE had no effective "dynamic detection" against a handful of very recently released malware samples. Still, Marx said, other anti-virus-only offerings don't appear to offer much in the way of dynamic detection either.

"In most cases they are only available in the Internet Security Suites editions of the products," Marx said.

Marx said testing showed that MSE's scanning speed was about average, but that the product excelled at detecting and removing "rootkits," stealthy software designed to burrow deep into the operating system in a bid to hide the presence of malicious files.

AV-Test also found that the product effectively removed malware threats, but often times left behind certain inactive components of the threat (e.g. some inactive executable files, empty "Run" entries in the Registry, the Windows firewall remains disabled, the "hosts" file remains modified).

Windows users should bear in mind that no matter how well an anti-virus product performs in the most rigorous of tests, no anti-virus product can secure the system against reckless or high-risk security behavior. By "reckless," I'm talking about installing software of dubious origin, downloading executable programs from peer-to-peer file-sharing networks, and clicking on attachments in unsolicited e-mail.

Update, Oct. 1, 9:43 a.m. ET: Here's a shocker: Anti-virus industry giant Symantec Corp. continues its free-av-ain't-up-to-snuff claim, with a blog entry that labels MSE "little more than a bad rerun of Microsoft's infamous history of offering consumers incomplete and ineffective protection. Read more here.