Eschelbeck Slams Windows Defender

By Roger on January 25, 2007 8:11 PM | | Comments (2) | TrackBacks (0)

I was a fan of Gerhard Eschelbeck when he was with Qualys. He's been pretty much off my radar sense he took the CTO position at Webroot. Today he comes out swinging against Windows Defender as reported in Information Week.

"If you look at the [Defender] data points, they speak for themselves," says Eschelbeck. "Defender didn't block 84% of the tested malware. That's not the kind of performance users are hoping for." Eschelbeck says that his firm's research team tested Defender against a suite of Trojan horses, adware, key loggers, system monitors, and other unwanted programs, all of which were gathered from in-the-wild threats. Webroot's own Spy Sweeper blocked 100% of the threats.

Hmm, so in tests where they gathered the malware, their own antispyware program detected everything and the competitors didn't do so well. That's quite a shock.

Take a look at Sunbelt Software's response when Webroot and Veritest released results last spring.

Eschelbeck also slammed Windows Defender, and by connection, Vista's security, for infrequent updates. Microsoft currently issues spyware definition updates every seven to 10 days, he says. Webroot, meanwhile, identifies approximately 3,000 new traces of spyware every month. "Users can't wait for a week or so to have their anti-spyware signatures updated," says Eschelbeck.

So Eshelbeck is comparing frequency of updates to number of detections added. Apples/Oranges anyone? Hopefully that is the writer's mistake.

I know nothing about Windows Defender frequency of updates. I do like that it uses an established update channel like Windows Update. However, I prefer my anti-malware apps on the desktop to check for updates hourly.

Categories

Spyware

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Eschelbeck Slams Windows Defender.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/440

2 Comments

BillGross Author Profile Page said:

You can't trust one competitor to honestly evaluate another's product.

But my issue with Defender is that it is written by the people who write the buggy software it is intended to protect.

It's sort of like letting the fox build the hen house.

Warning to Microsoft users: If you are out there in the ether and trusting Microsoft security tools solely, you should just email me your admin password now...

February 13, 2007 6:02 AM
Roger Author Profile Page said:

I'd be surprised if the code base is all that different from what they bought from Giant.

Of course that could be the problem. We see it all the time, when big companies purchase a good product, all innovation ceases.

ps - I've approved your typepad account so it doesn't need to be moderated.

February 14, 2007 2:51 PM

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on January 25, 2007 8:11 PM.

Mystery of the Quicktime Update. was the previous entry in this blog.

GoDaddy Pulls seclists.org is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search