SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Partner content
Story image

How does MSFT Defender compare to ESET?

By Contributor
Tue 11 Aug 2020
FYI, this story is more than a year old

Article by Chillisoft CEO Alex Teh.

In the past year, we have had a lot of feedback from the market about the use of Microsoft Defender as an alternative to ESET. According to Gartner, Microsoft Defender with ATP is now a product that deserves to be in the leader quadrant. Users that have Windows 10 machines are now getting Microsoft Defender for free with the O/S and they have the option of upgrading to Microsoft Defender ATP by buying enterprise licenses (EL3 or EL5). We have noted that Microsoft has been aggressively pushing their EL licensing throughout the Microsoft channel.

After many years since entry into the endpoint security market, has Microsoft Defender become such a good product? In our opinion, no. Despite the fact that Defender has a comparable detection rate with ESET, it has remarkably higher false alarms and terribly slows down the machines that run it. SMBs that don’t have malware analysts to investigate false alarms and that don’t keep the pace of buying new computers every three years should be aware Microsoft Defender is an option they can ill afford.

To prove it, let’s have a detailed look on the latest report1 by AV-Comparatives published on July 15, 2020. This first half-year report of the Business Main-Test Series of 2020 consisted of three tests: Real-World Protection Test, Malware Protection Test and Performance Test.

The AV-Comparatives’ Real-World Protection Test mimicked online malware attacks that a typical business user might encounter when surfing the Internet. The latest test comprised 767 test cases of drive-by exploits and URLs that pointed directly to malware executables. The number of missed samples ranged from zero (the two security solutions that detected all the cases both generated a high number of false alarms) to 27; the average number of misses was six. ESET Endpoint Protection Advanced Cloud with ESET Cloud Administrator detected all but three cases and generated no false alarm. The number of false alarms ranged between zero and 41.

The Malware Protection Test considered a scenario in which the malware pre-existed on the disk or entered the test system via some other way than directly from the Internet. In this test, ESET belonged to the group of four vendors with 99.9% Malware Protection Rate – the second-best score in the test – and to the group of nine vendors with the best “Very low” False Positive Rate.

Microsoft Defender reached comparably excellent detection rates with ESET (just two misses in the Real-World Protection test and 100% detection in the Protection Test) – but at the cost of a much higher number of false alarms. Compared to ESET’s zero, Microsoft had eight false alarms in the Real-World Test, which put it at 13th position among the tested vendors. In the Protection Test, Microsoft did not belong to the group of nine vendors, including ESET, with “very low” (i.e., 0-5) number of false alarms. Microsoft’s Defender fell into the group of four solutions with 6-25 false alarms.

Tab. 1. Results of the Real-World Protection Test (March-June 2020) by AV-Comparatives

It’s easy to create a security solution that excels in detection if false alarms are not considered a problem. Ultimately, labelling every single sample as malicious would guarantee the 100% detection rate in any test. However false alarms pose a huge problem, especially for SMBs who don’t have the right resources.

Each false alarm may require an administrator to spend around 30 minutes to investigate. One can then deduce that with eight false alarms, around four productive hours are wasted on investigations that lead the IT administrators down a rathole.

Besides detection rates and false alarms, the impact of security solutions to the performance of the machines they run on is also important for SMBs. We must consider how much of that machine’s computing, and processing power are taken up by the endpoint. The Impact Score of the endpoint is important as New Zealanders, in general, try to extend the life of each machine as long as possible; in many instances they are kept longer than the global industry standard of 3 years.

An excellent Impact Score ultimately affects the user experience and hence reduces the cost of expensive replacements of the endpoint. Besides, slower machines also mean lower worker productivity.

In their most recent Business Test, AV-Comparatives conducted two performance tests: the first being the recognized PC Mark benchmark and the second being a proprietary test consisted of a set of common operations. The test machines were what AV-Comparatives called “low-end machine configuration”: Intel Core i3 CPU system with 4GB of RAM.

In the PC Mark Test, the machine without any security software installed was assigned a baseline PC Mark Score of 100; the scores in this test ranged between 98.9 and 92.5 for the machines with a tested security software installed. ESET Endpoint Security was found the second most lightweight security solution with the score of 98.7. (The winner in this category, K7, seriously failed in both False Positive tests, so ESET Endpoint Security may be considered the fastest among leading security solutions.)

Microsoft Defender’s impact on performance was found much heavier; with the score of 96.8, it ended up in eighth place.

In the proprietary Performance Test, the tester measured to what extent the security solutions slowed down the machine performing select standardized operations: File copying; Archiving and unarchiving; Installing/uninstalling applications; Launching applications; Downloading files; and Browsing Websites. ESET, along with three other vendors, achieved the best score of 90. Microsoft, along with three other vendors scored a meagre 75; only four security solutions slowed down the testing machine more than Microsoft Defender.

Combined, ESET achieved “Impact Score” 1.3, an excellent result confirming that ESET Endpoint Security has only negligible impact on performance. Microsoft, on the other hand, again proved it’s a resource hog – see the table below.

Tab. 2. Results of the Performance Test within the Business Security Test, H1 2020, by AV-Comparatives

ESET’s dominance over Microsoft in Performance Tests doesn’t depend on whether the test machines are “low-end” or “high-end”. In their previous Business Test (August-November 2019), AV-Comparatives used test machines with Intel Core i7-8550U CPU and 8GB RAM. The results in both Performance Tests were similar, with ESET outperforming Microsoft in both tests.

In summary, although Microsoft Defender has gained market share and made some advancements in their offerings, it is not a silver bullet.  There is often much more to consider when choosing an endpoint solution. Besides performance, other factors such as having local support from highly trained and certified personnel, as well as getting the appropriate service levels required to keep businesses secure, are also crucial in ensuring customers are happy in the long run… These have been the key parts of ESET’s and Chillisoft’s proposition in the New Zealand market for 21 years.

Related stories
Top stories
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Migration
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
Remote Working
Successful digital transformation in the hybrid work era is about embracing shifting goalposts
As organisations embraced remote working, many discovered they lacked the infrastructure needed to support history’s first global load test of remote work capabilities.
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Cybersecurity
NCSC advisory highlights poor security configurations
The GCSB's National Cyber Security Centre (NCSC) has released a cyber security advisory identifying commonly exploited controls and practices.
Story image
ChildFund
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
Malware
New vulnerabilities found in Nuspire’s Q1 2022 Threat Report
“Threat actors are quickly adjusting their tactics and these exploits tend to get industry attention, but the threat posed by older and attacks still persists."
Story image
Phishing
Google reveals new safety and security measures for users
Google's new measures include automatic two step verification, virtual cards and making it easier to remove contact information on Google Search results.
Story image
VPN
Palo Alto Networks says ZTNA 1.0 not secure enough
Palo Alto Networks is urging the industry to move to Zero Trust Network Access 2.0 because previous versions have major gaps in security protection.
Story image
Nozomi Networks
Nozomi Networks, Siemens reveal software integration
Nozomi Networks and Siemens have extended their partnership by embedding Nozomi Networks’ software into the Siemens Scalance LPE local processing engine.
Story image
SaaS
Rubrik Security Cloud marks 'next frontier' in cybersecurity
"The next frontier in cybersecurity pairs the investments in infrastructure security with data security giving companies security from the point of data."
Story image
Artificial Intelligence
Updates from Google Workspace set to ease hybrid working troubles
Google Workspace has announced a variety of new features which will utilise Google AI capabilities to help make hybrid working situations more efficient and effective.
Story image
BeyondTrust
BeyondTrust integrates Password Safe solution with SailPoint
BeyondTrust has announced the integration of BeyondTrust Password Safe with SailPoint identity security offerings.
Story image
Cybersecurity
BlackBerry offers Kaspersky replacement cybersecurity for the channel
BlackBerry advises that users of Kaspersky software in Australia and New Zealand undertake a rigorous risk analysis of their current security posture.
Story image
Supply chain
Jetstack promotes better security with supply chain toolkit
The web-based resource is designed to help organisations evaluate and plan the crucial steps they need to establish effective software supply chain security.
Story image
Cybersecurity
Noname Security partners with Netpoleon to target API issues
Specialist API security firm Noname Security has appointed Netpoleon as its distributor in Australia and New Zealand.
Story image
Qualys
Qualys updates Cloud Platform solution with rapid remediation
The new update is designed to enable organisations to fix asset misconfigurations, patch OS and third-party applications, and deploy custom software.
Story image
Digital Transformation
How to modernise legacy apps without compromising security
At a time when digital transformation has become central to business, even the most important applications come with a ‘use-by’ date.
Story image
Tech job moves
Tech job moves - Datacom, Micro Focus, SnapLogic and VMware
We round up all job appointments from May 6-12, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Ransomware
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Ransomware
Cybersecurity starts with education
In 2021, 80% of Australian organisations responding to the Sophos State of Ransomware study reported being hit by ransomware. 
Story image
Artificial Intelligence
AI-based email security platform Abnormal Security valued at $4B
"A new breed of cybersecurity solutions that leverage AI is required to change the game and stop the rising threat of sophisticated and targeted email attacks."
Story image
SaaS
Maintaining secure systems with expectations of flexible work
Most office workers feel they've proved they can work successfully from home, and as much as employers try, things aren't going back to the way they were anytime soon.
Story image
Application Security
What are the DDoS attack trend predictions for 2022?
Mitigation and recovery are vital to ensuring brand reputation remains solid in the face of a Distributed Denial of Service (DDoS) attack and that business growth and innovation can continue.
Story image
Artificial Intelligence
How to ensure ethical deployment of AI implementations
The increase in automation and machine technology such as AI and machine learning has unlocked a whole new level of scale and service to organisations. 
Story image
Remote Working
How zero trust and SD-WANs can support productive remote working
The way people connect with applications and data has changed, users are remotely accessing resources that could be stored anywhere from a corporate data center to the cloud.
Story image
Phishing
KnowBe4 celebrates reaching 50,000 customers worldwide
KnowBe4 has reached the milestone of 50,000 customers, adding nearly 2,500 in the first quarter of 2022 alone.
Story image
Sift
Sift shares crucial advice for preventing serious ATO breaches
Are you or your business struggling with Account Takeover Fraud (ATO)? One of the latest ebooks from Sift can provide readers with the tools and expertise to help launch them into the new era of account security.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
Cybersecurity
CyberArk launches $30M investment fund to advance security
CyberArk has announced the launch of CyberArk Ventures, a $30 million global investment fund dedicated to advancing the next generation of security disruptors.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from IronNet
Michael Ehrlich joins us today to discuss the history of IronNet and the crucial role the company plays in the cyber defence space.
Darktrace
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Workato
Workato unveils enhancements to enterprise automation platform
"The extra layer of protection with EKM, zero-logging, and hourly key rotation gives customers a lot more visibility and control over more sensitive data."
Story image
Artificial Intelligence
ForgeRock releases Autonomous Access solution powered by AI
ForgeRock has officially introduced ForgeRock Autonomous Access, a new solution that uses AI to prevent identity-based cyber attacks and fraud.
Story image
Apricorn
Data backup plans inadequate, data still at risk - study
The Apricorn 2022 Global IT Security Survey revealed that while the majority organisations have data backup plans in place, data for many are at risk.
Story image
Cybersecurity
Hard numbers: Why ambiguity in cybersecurity no longer adds up
As cybersecurity costs and risks continue to escalate, CEOs continue to struggle with what their investment in cyber protection buys. Getting rid of ambiguity becomes necessary.
Story image
SaaS
Absolute Software expands Secure Access product offering
Absolute Software is enhancing its Secure Access product portfolio, enabling minimised risk exposure and optimised user experiences in the hybrid working environment.
Story image
Digital Transformation
Physical security systems guide the hybrid workplace to new heights
Organisations are reviewing how data gathered from their physical security systems can optimise, protect and enhance their business operations in unique ways.
Story image
Cybersecurity
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Cloud Security
Aqua Security createa unified scanner for cloud native security
“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security."