February 6, 2007 11:25 AM PST
Microsoft's own antivirus fails to secure Vista
- Related Stories
Microsoft goes global with antivirus tool updateJanuary 23, 2007
Security tools ready for Vista launchJanuary 17, 2007
Symantec unveils beta of Norton 360 serviceNovember 22, 2006
Microsoft offers businesses a security test driveNovember 14, 2006
Microsoft adds Vista support in OneCareOctober 10, 2006
Microsoft nabs another McAfee virus expertSeptember 19, 2006
Security news site Virus Bulletin, backed by a team of security researchers based in Oxfordshire, U.K., tested 15 antivirus software packages used by businesses and designed specifically for Vista, Microsoft's newest operating system. The packages were released to businesses two months ago.
The researchers tested whether each of the antivirus products would stop a set of viruses known to be currently circulating. In order to be awarded a pass, the software had to detect all the viruses with no false positives.
But out of the 15, four failed: Microsoft Live OneCare 1.5; McAfee VirusScan Enterprise version 8.1i; G DATA AntiVirusKit 2007 v17.0.6353; and Norman VirusControl v5.90. The other 11, including software from CA, Fortinet, F-Secure, Kaspersky, Sophos and Symantec, detected all the viruses.
"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "In these days of hourly updates, it's always a surprise and a disappointment to see major products missing them (viruses). Vista cannot fend off today's malware without help from security products. It certainly looks like people upgrading to the new platform are going to need additional security solutions."
Joe Telafici, vice president of operations for McAfee's Avert Labs, told ZDNet UK that, in his opinion, Virus Bulletin had not used its latest antivirus updates, causing the failure. He said McAfee would issue further results with the updated software.
Microsoft pledged to improve Live OneCare. "We are looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future tests and, most importantly, as part of our ongoing work to continually enhance Windows Live OneCare," a company representative told ZDNet UK.
On the subject of Vista, the Microsoft representative added: "It's important to remember that no software is 100 percent secure. Microsoft is working to keep the number of security vulnerabilities that ship in our products to a minimum, through our Security Development Lifecycle process, and that work is paying off. The release of Windows Vista is the first Microsoft operating system to use the Security Development Lifecycle from start to finish and was tested more, prior to shipping, than any previous version of Windows."
Richard Thurston of ZDNet UK reported from London.
65 commentsJoin the conversation! Add your comment