Windows 8's inbuilt antivirus flunks EICAR test

The built-in antivirus software in Microsoft's upcoming flagship operating system Windows 8 may need much more work, after a computer security firm found it flunked a basic anti-virus "test." Sophos said the built-in antivirus program in Windows 8's Developer Preview failed to detect the EICAR test virus, an otherwise harmless file that should trigger a response from anti-virus programs. "No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert...," Sophos' Chester Wisniewski said in a blog post (http://nakedsecurity.sophos.com/2011/09/30/windows-8-anti-virus-has-a-long-way-to-go/). Because of this, he recommended early Windows 8 testers to install a third-party anti-virus program for the moment. Ironically, he said it was Windows 8's built-in browser, Internet Explorer 10, that detected the file and warned him he may be downloading something malicious. EICAR - short for European Institute for Computer Antivirus Research - is a string of characters that will trigger a response in anti-virus programs. Wisniewski said he first tried to download the EICAR test file from eicar.org using IE 10. "IE informed me that this was a malicious download and would not allow me to save it. Pass!" he said. He then opened Notepad, Windows' text editor, and pasted the 68-byte EICAR string, and appropriately saved the file. The text file with the EICAR string should have been enough to trigger an alert in the antivirus. "I then tried to click the file and it vanished!?" he said. He then tried another test and inserted a USB memory stick with EICAR.COM preloaded onto it. "When I tried to copy the file from the USB stick to the Documents folder it did so without complaint," he said. "If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I *should* get a virus warning, shouldn't I?" he added. Wisniewski said that in a subsequent test using some sample viruses six to 12 months old, the built-in antivirus captured only 50 percent. "(But it) did successfully pick up quite a few fake anti-virus samples for Mac and Windows, as well as some copies of Linux/RST-B," he asid. He also said it also recorded some events under the Windows Defender category in Event Viewer for the detections it made. Despite the seeming fail, Wisniewski said this is still an early preview of the software. "I am sure many improvements are planned. It's good to see Microsoft is detecting malicious software for the three major platforms," he said. — TJD, GMA News