In association with heise online

24 October 2009, 00:30

Microsoft anti-virus software dawdles over updates

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom No, 10 day-old signatures are NOT up to date and do NOT offer adequate protection.
Under certain circumstances, Microsoft's recently launched Security Essentials (MSE) security solution fails to download updates for several days, despite new anti-virus signatures being available on the server. As a result, the software no longer offers adequate protection against new malware. These are the results found in tests run by The H's associates at heise Security for the latest edition of the computer magazine c't.

The tests showed that, despite being connected to the Internet, under certain circumstance MSE fails to download updates for up to seven days. The phenomenon was reproducible, occurring, for example, on a laptop which was regularly placed in sleep mode by closing the lid. On resuming from sleep mode every day, MSE assured the user, even after more than an hour online, that anti-virus and spyware signatures were up to date and that the user was protected.

Taking a closer look at the date, however, revealed that these signatures were often several days old. A search of Microsoft's website showed that the company had since released several update packages containing new signatures. The computer was therefore not properly protected against dozens of known hazards which Microsoft itself classified as 'severe'.

MSE appears to have just a few, fixed times at which it checks whether new signatures are available to download. If it sleeps through these times, on waking it fails to correct this omission — at least as long as the signatures are not more than one week old. For up to six days the application appears to regard its signatures as sufficiently up to date, after which it finally switches its status to a warning yellow and attempts to download updates off-schedule. To add insult to injury this test is also delayed, so that for the first quarter to half an hour after resuming, even 10 day-old signatures are shown as being up to date, giving the user a wholly false sense of security.

Microsoft has been unable or unwilling to confirm this behaviour, let alone to promise that they will fix it.After two weeks of communication, the software giant's point of view boils down to this: “those who do not get updated signatures downloaded to their PCs for 6 days will still be protected by the very latest definitions through the Dynamic Signature Service.”

Microsoft's optimistic assessment does not appear to be borne out by the facts. Tests by c't regularly show that the protection offered by anti-virus software diminishes rapidly where new signatures are not downloaded. Anti-virus software using two-week old signatures typically detects just 30 to 50 per cent of new malware. Nor is the "Dynamic Signature Service" quite what it's cracked up to be. When tried running 20 pieces of malware, for which MSE did not have signatures, on a system running MSE, not a single one triggered an alarm and all 20 were able to infect the system.

See also:



Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit