Microsoft Security Essentials not quite a must-have
Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.
Security Essentials contains all the basic features that users have come to expect from free security software: multiple built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection.
It's been a bit hard to gauge user interest at this point. Despite the download limitations, I was able to download the installer onto one computer at 10:15 a.m. PDT, and another at 10:45 a.m. Microsoft has also said that the download cap might be lifted at a later date.
This hands-on will be limited to testing the on-board features since CNET doesn't maintain a virus zoo for security reasons. Also, users should note that Security Essentials will run a Windows Genuine Advantage check before installing. If you're running an illegal copy of XP or Vista, you're out of luck here. The program will run on Windows 7 RC, and there's an separate installer for users with 64-bit operating systems. The 32-bit installer for Windows Vista and Windows 7 was small, weighing in at 4.73 MB.
If you're familiar with other free antivirus solutions such as AVG or Antivir, Security Essentials will probably strike you as an incredibly similar experience. The program opens with four tabs: Home, Update, History, and Settings. When you first start the program, it will ask you to update the definition files. This was a surprisingly fast process, taking about a minute when tested on two different Windows 7 computers.
After updating the definition files, it will ask you if you want to run a Quick Scan. On both of those Windows 7 machines, the Quick Scan worked true to its name and completed in less than 10 minutes. Quick Scans are good tools if you're worried about major infections, but deep scans are recommended regularly to maintain a higher level of protection.
The Home landing page summarizes your security status, indicating whether your system has been scanned successfully, whether real-time protection is on, and if your virus and spyware definitions are up to date. A pane on the right contains scanning controls, and a pane at the bottom tells you when your next scheduled scan is. There's a link to the scheduler, as well.
The Full Scan took about 86 minutes, which is a bit long for a deep scan on fairly new, regularly-scanned computers. I didn't think that the program would turn up any risks, but somewhat notably Security Essentials didn't turn up any false positives, either. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs.
The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.
What did impress me was the shockingly small memory footprint. During the most resource-intensive action you can take with the program, the full system scan, it worked itself up to using only 4.6 MB of RAM. More often than not, it hung around a few bytes lower, at 3.9 MB.
The Update tab tells you your definition file version numbers, when your last update was, and has an Update button so you can force an update check. The History tab shows only files detected as potentially harmful. You can sort files it's detected according to All Detected Items, Quarantined Items, or Allowed Items.
The last tab, Settings, is where most of the customization features reside. A left sidebar list contains options for Scheduling your scans, adjusting Default actions, tweaking Real-time protection, Excluding files, folders, file types, and processes from scans, Advanced controls, and managing your Microsoft SpyNet enrollment.
Yeah, Microsoft actually called something "SpyNet."
SpyNet, apparently, is a telemetry system Microsoft uses to quality-control definition-file updates after they've been sent out. According to the Microsoft press release, SpyNet reports back on the efficacy of old definition file removal and the implementation of new definitions, as well as how detection rates on false positives.
Security Essentials users must participate in SpyNet. The default option, Basic, reports to Microsoft on where a potentially infected file came from, what your action was, what the recommended action was, and whether the action taken was successful.
The Advanced membership in SpyNet will send even more information to Microsoft, including the location on disk of your potential infection, how it has affected your computer, and how it operates. For both Basic and Advanced SpyNet membership, Microsoft warns that, "personal information might unintentionally be sent to Microsoft," but that the company "will not use this information to identify or you or contact you."
On the surface of it, this sounds like a standard security software reporting process on malware behavior, although I don't know how deep other programs go into your system behavior. However, it's definitely odd that Microsoft has chosen to call it out in this way.
It's hard to gauge any antivirus program without reliable data on its detection and removal rates. Microsoft Live's OneCare security program has a reputation for low false positives and strong "new" detection rates, but it's not clear how much of Security Essentials is built on or from OneCare. At this point, I'd advise users who are curious about Microsoft Security Essentials to try it out, but I wouldn't recommend it yet as a primary security solution without more field testing.
In : Security
Tags: microsoft security essentials morro antivirus antimalware spyware freeware