Vista anti-malware products fail virus tests

It's fortunate that Vista-specific malware is still in its infancy because a new test of anti-malware products running on the platform has found that many don't work as well as they should.

The latest independent Virus Bulletin tests looked at 37 different Vista-based security programs to see which could manage to reach the level of threat detection required for VB100 Certification. Out of 37 tested, 17 failed the tests, including big-name products from McAfee, Sophos, and Trend Micro.

Before users rush to de-install Vista products from those companies, the VB100 sets an incredibly high detection bar of 100 percent of a subset of malware defined by a malware collection known as the WildList. Programs must also, using default settings, avoid false positives -- false flagging files as malware infected when they are in fact innocent.

While McAfee, Sophos, and Trend detected 99.99 percent of the WildList, other programs fell some way short of this "almost" status. Doctor Web reached only 95.21 percent, and Security Coverage PC Live managed a hopeless 84.35 percent. Microsoft's own oft-criticized Windows Live OneCare and Forefront Client Security both hit the VB100 100 percent mark.

"It is disappointing to see so many products tripping up over threats that are not even new -- computer users should be getting a better service from their AV vendors than this," said Virus Bulletin tester-in-chief John Hawes.

"With the SP1 upgrade promising a raft of improvements to performance and functionality of the platform, we are likely to see a significant upturn in the number of people installing it on their desktops, and it is therefore imperative that anti-malware vendors are able to provide solid protection on the platform," he said.

Three programs were so problematic that they couldn't, for a variety of reasons, be made to run properly, and were ditched from the full tests, while some working products struggled to run in a stable fashion on Vista. The tests were done before the SP1 update appeared.

A few months ago, Virus Bulletin lifted the stone on Windows 2000 anti-malware performance and found a few unwelcome creepy-crawlies underneath.

But do the VB100 tests tell the whole story? As has been noted before by Techworld, they don't test programs against the best the criminal world has to throw at the average Windows install, Vista or not. The danger posed by many rootkits, Trojans, and malware based on specific and usually unpublished vulnerabilities, is all left up to conjecture. This is where a good element of today's threat comes from, but they aren't easy to package up into tests.

Thus far, Vista's defense has been the relative trickiness of programming malware for it and the fact of its slow uptake. Neither factor will protect it indefinitely.

Techworld is an InfoWorld affiliate.