In something of an embarrassing development for Microsoft, four anti-virus products for Vista have failed to reach the required standard to achieve VB100 certification by the highly respected independent industry body, Virus Bulletin.
In something of an even more embarrassing development, Microsoft’s own anti-virus flagship product, Live OneCare, was amongst the four applications that failed the certification process.
Sure, it’s a tough procedure which is why the VB100 certification is treated with such respect throughout the IT security industry. To pass the process, an anti-virus package must be able to detect every single one of the numerous ‘in the wild’ viruses pitted against it. What’s more, it must be able so to do without generating a single false alarm when faced with a set of totally clean files to scan. One would like to think that AV vendors submitting their products for such testing would have done their homework and be pretty certain of an ability to pass, to save themselves from embarrassing news releases such as this one. Unfortunately, that does not seem to have been the case with the G-Data AntiVirusKit 2007 v.17.0.6353, McAfee VirusScan Enterprise version 8.1i and Norman Virus Control 5.90 all of which failed.
And, of course, Microsoft itself with Live OneCare.
John Hawes, a technical consultant with Virus Bulletin, is equally bemused as I with the whole affair, commenting “with the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now. Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".
What makes the matter worse for Microsoft and McAfee for that matter, is the Virus Bulletin strict ‘no re-testing’ policy. This is a one strike and you are out game, and there is no second chance. And there’s no escaping the security criticism of the Live OneCare line up, as competing vendor Webroot has also revealed that in its own tests of the Windows Defender anti-spyware component it failed to block a staggering 84% of a sample containing 15 of the most common in the wild malware variations. This could be down to the weekly rather than daily definition updates, which really isn’t good enough in a world where the bad guys have development houses to match the good guys it terms of code turnaround. Of course, let's not forget that Webroot has built a business on selling anti-spyware solutions so is hardly an independent and neutral observer.
Microsoft has responded to the criticisms by stating it is “looking closely at the methodology and results of the test to ensure that Windows Live OneCare performs better in future.” So that’s OK then…