Eschelbeck Slams Windows Defender

I was a fan of Gerhard Eschelbeck when he was with Qualys. He’s been pretty much off my radar sense he took the CTO position at Webroot. Today he comes out swinging against Windows Defender as reported in Information Week.

“If you look at the [Defender] data points, they speak for themselves,” says Eschelbeck. “Defender didn’t block 84% of the tested malware. That’s not the kind of performance users are hoping for.” Eschelbeck says that his firm’s research team tested Defender against a suite of Trojan horses, adware, key loggers, system monitors, and other unwanted programs, all of which were gathered from in-the-wild threats. Webroot’s own Spy Sweeper blocked 100% of the threats.

Hmm, so in tests where they gathered the malware, their own antispyware program detected everything and the competitors didn’t do so well. That’s quite a shock.
Take a look at Sunbelt Software’s response when Webroot and Veritest released results last spring.

Eschelbeck also slammed Windows Defender, and by connection, Vista’s security, for infrequent updates. Microsoft currently issues spyware definition updates every seven to 10 days, he says. Webroot, meanwhile, identifies approximately 3,000 new traces of spyware every month. “Users can’t wait for a week or so to have their anti-spyware signatures updated,” says Eschelbeck.

So Eshelbeck is comparing frequency of updates to number of detections added. Apples/Oranges anyone? Hopefully that is the writer’s mistake.
I know nothing about Windows Defender frequency of updates. I do like that it uses an established update channel like Windows Update. However, I prefer my anti-malware apps on the desktop to check for updates hourly.


  1. You can’t trust one competitor to honestly evaluate another’s product.
    But my issue with Defender is that it is written by the people who write the buggy software it is intended to protect.
    It’s sort of like letting the fox build the hen house.
    Warning to Microsoft users: If you are out there in the ether and trusting Microsoft security tools solely, you should just email me your admin password now…

  2. I’d be surprised if the code base is all that different from what they bought from Giant.
    Of course that could be the problem. We see it all the time, when big companies purchase a good product, all innovation ceases.
    ps – I’ve approved your typepad account so it doesn’t need to be moderated.

Comments are closed.