In something of an embarrassing development for Microsoft, four anti-virus products for Vista have failed to reach the required standard to achieve VB100 certification by the highly respected independent industry body, Virus Bulletin.

In something of an even more embarrassing development, Microsoft’s own anti-virus flagship product, Live OneCare, was amongst the four applications that failed the certification process.

Sure, it’s a tough procedure which is why the VB100 certification is treated with such respect throughout the IT security industry. To pass the process, an anti-virus package must be able to detect every single one of the numerous ‘in the wild’ viruses pitted against it. What’s more, it must be able so to do without generating a single false alarm when faced with a set of totally clean files to scan. One would like to think that AV vendors submitting their products for such testing would have done their homework and be pretty certain of an ability to pass, to save themselves from embarrassing news releases such as this one. Unfortunately, that does not seem to have been the case with the G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise version 8.1i and Norman Virus Control 5.90 all of which failed.

And, of course, Microsoft itself with Live OneCare.

John Hawes, a technical consultant with Virus Bulletin, is equally bemused as I with the whole affair, commenting “with the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now. Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

What makes the matter worse for Microsoft and McAfee for that matter, is the Virus Bulletin strict ‘no re-testing’ policy. This is a one strike and you are out game, and there is no second chance. And there’s no escaping the security criticism of the Live OneCare line up, as competing vendor Webroot has also revealed that in its own tests of the Windows Defender anti-spyware component it failed to block a staggering 84% of a sample containing 15 of the most common in the wild malware variations. This could be down to the weekly rather than daily definition updates, which really isn’t good enough in a world where the bad guys have development houses to match the good guys it terms of code turnaround. Of course, let's not forget that Webroot has built a business on selling anti-spyware solutions so is hardly an independent and neutral observer.

Microsoft has responded to the criticisms by stating it is “looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future.” So that’s OK then…

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

10 Years
Discussion Span
Last Post by N317V

Well, not reaching a standard has never been a problem for MS. They just declare a new one. :twisted:

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.