Microsoft defends Bing against AV-TEST claims

April 23, 2013 // 11:09 a.m.

Tags: #anti-malware #anti-virus #av-test #bing #google #malware #search-engine #security

Microsoft and anti-virus testing organisation AV-TEST are once again at loggerheads, this time over claims that the Bing search engine is allowing five times as much malware through to clients as its rivals.

Microsoft most recently came to blows with independent testing organisation AV-TEST when its Security Essentials consumer and Forefront Endpoint Protection enterprise security applications were ranked lowest out of any available packages. It was a rating that gave Microsoft's Joe Blackbird cause to question the group's testing methodology while claiming that customer telemetry revealed far better results than uncovered by AV-TEST's empirical testing.

Now, the two are fighting once again - this time over claims that Microsoft's Bing search engine is failing to protect its users. In a recent review of search engine anti-malware filtering (PDF warning,) AV-TEST ranked Google as the most pro-active at filtering out harmful results followed by Microsoft's Bing - but what appeared to be a good result for the company was shattered by the disparity between the two: in testing, Bing allowed five times the volume of malware through than Google.

The testing saw AV-TEST review 10.9 million search results provided by each engine, with Bing returning 1,285 infected with active attack code compared to just 272 for Google. While both are vanishingly small percentages - Bing's result equates to just 0.012 per cent, while Google's was a tiny 0.0025 per cent - AV-TEST was clear: Google is doing significantly better at protecting its users than is Bing.

Microsoft hit back at AV-TEST's latest results in a blog post published on Friday. As before, the company is bringing the group's testing methodology into question. 'One thing is clear given the information we have: AV-TEST’s study doesn’t represent the true experience or risk to customers,' claims David Falstead, senior developer lead for the Bing search engine. 'In other words, the conclusions many have drawn from the study are wrong.'

Falstead's claims come from AV-TEST's use of the Bing API tom retrieve the search results, rather than using the Bing website directly like an average user. 'By using the API instead of the user interface, AV-TEST bypassed our warning system designed to keep customers from being harmed by malware.'

This time, AV-TEST concedes that the company may have a point. Speaking to ITworld, AV-TEST chief executive Andreas Marx admitted that the search results were downloaded directly after being retrieved through the Bing API, bypassing the warning. However, he claims that Microsoft's own admission that around six per cent of its users bypass the warning and visit potentially infected sites anyway means that 'a lot of people' could still fall victim to the issue.

Marx has said that his group will revise the report to take into account Microsoft's concerns, and may look at changing its methodology in the future to make the results more clear - a victory for the software giant, but one that may come too late to save Bing's reputation given the number of sites that ran the original results with anti-Bing headlines attached.

QUICK COMMENT

View this in the forums

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU