Here's how it works. There is an initial 'public' test. They did so poorly in that test that they didn't even bother following up in 'private' testing. The latter is where I would do a penetration test with various tools and techniques, as well as performance and some other things. It was to improve the effectiveness of their product. So, in short, the suck so bad that they didn't even want to improve their product, which in turn will make them suck indefinitely.
@Blizzard Yeah dude, MSE is pretty bad ass actually. They tend to do very well and you are spot on regarding the false positives. Especially with analyzing files. A lot of these vendors tend to rate positives for all sorts of stupid reasons, like for a poor whitelisting hash feed or unknown authorship.