Sophos claims Windows 8 anti-virus “has a long way to go”

By Tom Warren, on 30th Sep 11 2:15 pm with 51 Comments

Security software firm Sophos has claimed that Microsoft’s updated anti-virus solution for Windows 8 “isn’t ready for prime time yet.”

Senior Security Advisor at Sophos Canada, Chester Wisniewski, tested Windows 8′s anti-virus software against a number of malware threats recently. Wisniewski criticized Microsoft’s lack of virus warning messages in Windows 8 during a test of the new software. Wisniewski tested Microsoft’s inbuilt Windows Defender software with the basic EICAR test file which produced an error at launch but failed to provide a virus warning. “I was very confused and began to wonder whether Windows 8 really had anti-virus at this point,” said Wisniewski in a blog on Friday.

He went on to test various other real world malware samples and concluded that Windows 8 captured around 50% of the malware samples tested. Wisniewski tested Mac, Linux and Windows malware to assess whether Windows 8 detected cross-platform malware. “It did successfully pick up quite a few fake anti-virus samples for Mac and Windows, as well as some copies of Linux/RST-B,” he says. “It also recorded some events under the Windows Defender category in Event Viewer for the detections it alerted me to.”

Windows 8 virus warning

Wisniewski notes that Windows 8 is an early preview but claims it obviously needs work. “While Windows Defender caught some samples, it isn’t ready for prime time yet,” he said. “It’s good to see Microsoft is detecting malicious software for the three major platforms,” he added.

Microsoft is planning to overhaul its Windows Defender product for Windows 8. Microsoft will deliver a set of malware signatures via Windows Update. Defender will now include real-time detection and protection from malware using a file system filter. Defender will also interface with Microsoft’s secure boot technology in Windows 8. Windows PCs with UEFI-based secure boot will be able to take advantage of Microsoft’s Windows security to ensure firmware and firmware updates all remain secure. Microsoft is able to achieve this by loading only properly signed and validated code during boot.

Microsoft is also adding SmartScreen filtering for Windows. Microsoft has extended its browser technology to Windows as a whole. Windows 8 will now protect end users by checking applications and URLs against reputation-based database.

  • Anonymous

    Pfft.
    Unless you’re a moron, chances are you don’t even need AV software anyway.

    • FuzzyLogician

      That is unfortunately a very naive comment.  Most consumers are not tech savvy (like… at all) and will fall victim to viruses, malware, etc.  Think of the computer as a car.  Almost everyone knows how to drive, but most people don’t know anything about their car besides which pedal to push to make it go and stop.  It’s the same situation with computers.  Most people know only what they need to know, and that’s it.

      You’re welcome to think that it’s the responsability of users to go out and learn and make themselves more aware (and I don’t disagree), but that will never happen.  It’s also a common criticism of Windows that it is less secure than other environments.  If Microsoft wants to eliminate that assumption, they need to prove that Windows 8 is secure from the get go.

      That being said, Microsoft’s built in security may eliminate the need for Sophos, making Sophos’ claims/testing biased, but to a certain point, that’s irrelevant. 

    • Anonymous

      If I’m thinking of a computer as a car, then the same people who don’t give way to me because they don’t understand basic road rules are the same people who don’t understand that downloading “naked_babe_pictures.exe” is a bad idea.

      I understand what you mean; hell I’ve had to pull up my family members from making stupid mistakes on computers. If you ask me, using a Windows machine should require that you take some sort of test in the same way that you’re tested for your competency to handle a motor vehicle before you’re let loose on the roads.

      Thanks for replying to me though, I basically agree with what you said and it’s 12:30AM where I am so my initial comment was probably a bit blunt :)

    • FuzzyLogician

      Haha, yeah I agree with you.  I’m currently doing an internship at a high school’s technology department.  I sometimes just can’t believe how rediculous the “problems” are that faculty and staff come up with.

      I completely agree that users should be required to take some kind of competency test =P

    • deathmore34

      You can still get viruses from surfing websites

  • Frylockns86

    They can diss all they want, but I think we can all agree…. It’s better than nothing. *cough* Windows XP *Cough*

  • http://thommck.wordpress.com Thom McKiernan

    I just tested creating an Eicar file and I got a notification from the Action Center saying
    “Detected threats are being cleaned, No action necessary”.
    The file was deleted.
    Hardly unsurprising that an anti-malware company is spreading false information about a competitor

  • Candid Calum

    “Security software firm Sophos has claimed that Microsoft’s updated anti-virus solution for Windows 8 ‘isn’t ready for prime time yet.’”

    Around a year before Windows 8 is released to consumers? OH NOES!

    • http://www.winrumors.com Tom W

      Indeed, anti-virus vendors get scared when MSFT improves their security.

    • Anonymous

      I advise all my family and friends to use MS security essentials.  I still remember when it came out being shocked at how little footprint it had on the computer.  And it provides good enough protection for consumers.  Honestly, I think commercial AV products for consumers will go extinct.  Macafee and Norton will have a hold on the enterprise for a long time to come though.

    • http://www.facebook.com/people/Pedro-Roque/100000194503830 Pedro Roque

      +1 Everyone in my family is now using Windows Securiry Essentials, as are a lot of my customers.

      I don’t see the need for 3rd party AV software for regular use, with Win7. The need from 3rd party AV, for me, is more because of the managment tools for deploying and manage large instalations.

    • J A

      …and now is not the time to do any kind of anti-malware testing. I guess they just want to get in the news with such a lousy move. WinDefender in Win8 will at least on par with MS Security Essentials since it is essentially the same application, which already kicks a** compared to others including sophos’ solution, just renamed. This article should not even exist on any website.

    • http://twitter.com/paint99 Larry

      So a security company says that Windows security isn’t up to par, in other words they said “buy our product no matter what Microsoft says.”

    • Anonymous

      We should be asking Sophos why their product fails to catch the Chrome Spyware while MSE caught it correctly.

    • BucksterMcgee

      Hahahahahahahaha. Awesome.

      But seriously, glad Chrome was finally removed from my machine, it’s felt more and more like crapware for awhile now.

  • Anonymous

    Having been using my win7 system without any antivirus installed for more than 2 years now and I dont have a sigle virus on my system.. once in a while I check  myu stystem to see if I’d catch something but it always comes back to nothing..
    Antivirus are just a wast of money,memory,processing power and time.. just be care which websites you visit and you will be fine.

    • http://twitter.com/OldCongress Gamer

      Same here, all I had was windows defender + system restore if anything happens.

  • Anonymous

    Is there any OS they say doesn’t need their crappy AV software? They’ve been scaremongering about Mac viruses for the last 10 years to sell their software.

    Now they want some traction in the Windows market where they have no chance. So, what do they do? Start scaremongering… Over a product that’s not even released yet.

    Go away Sophos. Nobody wants your crap.

  • Grannyville7989

    Last time I checked, the version of Windows 8 that’s available to the public is the DEVELOPER PREVIEW! I don’t think it’s fair to give an opinion of the system until it is, at least, in the release candidate stage.

  • http://twitter.com/APSN910 Aaron Stark

    Why even post this?  No shit Windows 8 needs work, could it be because it’s still in alpha release.  Sophos and Wisniewski are a joke…………….like most Canadians.

    • http://www.winrumors.com Tom W

      Don’t shoot the messenger :) I’m trying to remain unbiased in my writing.

    • http://twitter.com/APSN910 Aaron Stark

      I’m just joking, maybe it was a little mean…….my bad.

    • Guest

      “…………….like most Canadians”

      A joke is someone who makes a generalized negative statement against an entire country’s citizens, most of whom he’s never met.

    • http://twitter.com/APSN910 Aaron Stark

      BS, I’ve met every single Canadian.

    • Entegy

      No you haven’t, I haven’t punched you for making dumb jokes. I’d remember that.

    • Anonymous

      Hey, Canadians are awesome

  • Grs_dev

    @Sohpos… Really now! Really?

  • Grannyville7989

    Didn’t Sophos also complain about Security Essentials shortly after Microsoft released it?

  • http://www.andrewtechhelp.com/ Andrew Tech Help

    This coming from a company who’s business might be threatened if Microsoft improves their security.

    Here’s a Fact: A system running Microsoft’s Windows Defender are going to be 100% more secure than any Vendor’s anti-virus that has expired because the 30/60/90 day trial period is up.

    • rsgx

      MSE is just about the best anti-virus I’ve had on my PC’s.

    • http://www.andrewtechhelp.com/ Andrew Tech Help

      agreed! MSE is also the best anti-virus that I’ve ever had on my PCs. Windows Defender in Windows 8 is just MSE renamed to Windows Defender and pre-installed! It’s going to be great!

  • EdS

    Really!  A product that is a year from release isn’t complete?  We just replaced the shipping version of Sophos at our organization since we started getting a slew of malware infections and the the Sophos processes were pegging out processor time…  It was just like how Symantec claims MS has problems, but they didn’t deliver a good product at the time.  I remember how my mom used to say, “People in glass houses shouldn’t throw stones.” 

  • Guest

    That’s shocking!  A competitor is says it’s competition isn’t ready for prime time…… I’m sure they have the best intentions….yeah…

  • http://twitter.com/mcakins McAkins Online

    hahaha! Don’t you just love these scaremongers and virus-writers?! They are seeing their bread and butter going the way of the Dodos!
    Gone are the days they pester us with jumps-ups and pop-ups and what have you, just that you may know they are there consuming our resources and grinding our systems down with all the extras they bring along. God, I hate commercial AV systems. Since I moved to Microsoft Security Essentials my life have become peaceful.
    When are they going to learn I don’t care about their notifications and pop-ups! Average users don’t have a clue what to do with them. Yeah, so I went to booby-trapped site that what’s to download a trojan. Fine for you for catching it and preventing from infesting my system. Do I need to know that. I only want to know if you can’t prevent that infection so I may know I am infected.

    MS is going the way of zero notification, zero distractions thus. I was shocked the other day to see how much updates have been downloaded and installed by MS without the need for me to install manually and reboot my system. Kudo’s Microsoft. That is what I am talking about! Computer have reached appliance stage. They are part of us now, I don’t want to spend time maintaining it. I bought my fridge, my TV and installed it once. I don’t spend the whole time looking at them wondering if everything is OK with them. If we can attain this with computers too all the best.
    If I feel like diving into my device in my spare time, I don’t mind looking at how many viruses have been prevented etc. But please spare me the details of those jumping and scary pop-ups Mr. Soho AV.

  • Tuxplorer

    Sophos is a joke of a company. I won’t touch any security software other than Windows Defender or MSE ever again. Almost all third-party antivirus softwares are worse than viruses.

    • phil jay

      Integration is the keyword.. And I believe MS knows how to integrate antivirus with its OS

  • http://www.facebook.com/ben.joynes Ben Joynes

    “Company says competitors product is inferior to their own”

    Really? I was expecting them to come out and announce that it was a very competent anti-virus and there would be no need to buy Sophos.

  • http://twitter.com/SCGreyWolf GreyWolf

    You can’t see it, but my eyes are rolling.

  • Dcat2k

    I agree with most everything stated in these replies, but in the end I’m glad that this was reported now. We know where the report comes from and we take it with a grain of salt, but better now then after release. Sometimes there are some truths said in corporate warfare.

  • http://twitter.com/efjay01 Ef Jay

    Can anyone say “not even beta code”? Maybe they should wait until its RTM before trying to cast doubt on  W8′s antivirus capabilities.. Essentials currently kicks their butt, doubtful its going to get worse.

    Running scared, Sophos?

  • Emi Cyberschreiber

    Wow all its based in a preview release!

    i saw a video about someone reviewing Windows Defender… and wow… he was like “i cant trust microsoft… its jut… i cant, i would rather use other security software” and i wanted to leave it there, but its the only video i have found… and guess what? it wasn’t infected, BUT it only left some startup items, and some ítems in system that Malwarebytes detected but they werent running in system or something.

    and sophos should take care more about their security software…. really, last time i saw it, it sucked! so they should rather talk about others, improve their product.

  • Guest

    They are also heavily censoring the comments on the blog. I wrote an initial critical but completely respectful comment. Indeed, more respectful than one they subsequently approved. But apparently it was too embarrassing for them and wasn’t approved. I then purposely did a positive one, which was immediately posted.

  • http://twitter.com/laserfloyd Lewis McCrary

    An A/V company rating MS on their A/V.  Of course they’re going to say it has a long way to go. ;)

  • Anonymous

    Another reason to switch to Mac. Not a single virus!

    • Guest

      False. Again.

    • deathmore34

      Macs do get viruses, and ironically I have sophos installed on my mac.

      Now then, I swear Windows 8′s defender is actually Security Essentials, which among many computer users including myself find it the best AV regardless of price, unlike AVG and all the others MSE actually removes the viruses instead of vaulting them because the “Free” AVs cant remove them perminantly so that you can buy the full version ( I had AVG free running, and it said file was too big to remove, I later got a free trial to the whole security package and it removed them, then after i switched back it gave me the same old “its too big”).

      Sophos was one of the companies saying MSE wouldn’t succeed and look now, it’s widely used and actually works.

    • http://www.mainstreetchatham.com/ JimmyFal

      Tell that to the 5 of my customers that all had Macs that were infected back in May. And I don’t even have that many Mac customers AT ALL. So if 5 of mine got infected, something tells me there is more to come.  The same guys that put that one out have warned of more to come this fall. Welcome to the popularity show.

    • Anonymous

      Sorry, but that is not true. I have a Mac and have seen various security issues :)
      The idea that Mac is virus-free is one of the stupidiest rumors that’s going around the internet.

  • notePAD

    MSE is security itself. Ditched all my commercial AVs. Not seen a threat since. Thank you MSE, and it’s free. Hurray!

  • Guest

    here’s the sad part about this: no MS response. Google or Apple would have had a blistering reply up in hours. MS might get around to posting one in a day, or week, or quite possibly never.

    Outside of Frank Shaw, MS has lost its balls.

  • http://www.mainstreetchatham.com/ JimmyFal

    Update Windows, Adobe, and java. After that you’d have to be trying pretttttty hard to get infected.