Security

Microsoft has released version 1.0 of Security Essentials, the successor to Live OneCare. Originally known as Morro, Security Essentials retains the core features of OneCare, but abandons the additional heft of a firewall, performance tuning, and backup and restore options in exchange for making the program free. Rather than taking aim at full-featured security suites made by Symantec or Eset, the features available in Security Essentials indicate that Microsoft is aiming to compete with basic-but-free security apps.

Microsoft Security Essentials--photos

For the select 75,000 public beta testers who got their hands on the program when the limited public beta was offered in June, there will be few appreciable differences between the beta and the final version. For the rest of the planet, Security Essentials features key defenses that are boilerplate for any respectable security program.

Features

It uses both definition file and real-time defenses against viruses and spyware, and also offers rootkit protection. The program's reputation-based detection and software signature-based detection seem to rely heavily on Microsoft SpyNet, the unfortunately named cloud-based service that compares file behavior across computers running various Microsoft operating systems.

The official version 1.0 of Microsoft Security Essentials looks identical to the popular limited beta version from June 2009.

(Credit: Screenshot by Seth Rosenblatt/CNET)

SpyNet was introduced in Windows Vista and extended to Windows 7, but Microsoft Security Essentials is the only way to access the network on Windows XP. Unlike other security vendors that allow customers to take advantage of the benefits of their behavioral detection engines while opting out of submitting information, there's no way to do that with SpyNet.

You can choose between two SpyNet memberships. Basic submits to Microsoft the detected software's origins, your response to it, and whether that action was successful, while the Advanced membership submits all that plus the location on your hard drive of the software in question, how it operates, and how it has impacted your computer. Both basic and advanced warn users that personal data might be "accidentally" sent to Microsoft, although they promise to neither identify nor contact you. Opting out of SpyNet, however, is not an option in Security Essentials.

Security Essentials benefits greatly from having a simple, streamlined interface. There are four tabs, each with a concise and understandable label: Home, Update, History, and Settings. The program also uses easy-to-grasp labels, imported from OneCare: green for all good, yellow for warning, and red for an at-risk situation.

From the Home window, you can run a Quick Scan, Full Scan, or Custom Scan, and a link at the bottom of the pane lets you change the scheduled scan. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs. The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.

The Update pane manages the definition file updates, with a large action button, and History provides access to a spreadsheet-style list of All detection items, your Quarantine, and items you've Allowed to run. Although it's a basic layout, this no-frills approach to security could prove appealing to computer users who are overwhelmed by more detailed security choices.

Users can choose between two options for SpyNet, but no way to not contribute to it.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Settings window allows users to further customize the program by scheduling scans, toggling default actions to take against threats, adjusting real-time protection settings, creating whitelists of excluded files, file types, and processes, and the aforementioned SpyNet options. There's also an Advanced option which is still fairly basic: here you can set Security Essentials to scan archives, removable drives, create a system restore point, or allow all users to view the History tab.

Security Essentials comes pre-configured to run a scan weekly at two in the morning, when your Microsoft thinks your system is likely to be idle. New malware signatures are downloaded once per day by default, although you can manually instigate a definition file update through the update tab. Attachments and downloaded files will be automatically scanned by Security Essentials.

Help is only available in the form of the standard offline Help manual that comes with all Microsoft programs. There's nothing fancy here.

Performance

I found that it installed in less than one minute, and completed its first Quick Scan in less than 30 seconds. The Full Scan took more than an hour to reach the halfway point, and this was borne out by tests performed by CNET Labs' benchmarks. Microsoft Security Essentials actually sped up the boot time of our test computer by more than two seconds, and it sped up the shut-down time by more than two and a half seconds. However, compared to major security vendors it was significantly slower at scanning--Security Essentials took 2,340 seconds to scan, whereas most scans would clock in between 1,000 and 1,100 seconds.

The program comes with a few options for customization, but not many.

(Credit: Screenshot by Seth Rosenblatt/CNET)

In our iTunes decoding test it scored similarly to its competition, about 7 seconds slower than an unsecured computer. In our MS Office test and media multitasking tests it was faster than some--503 seconds versus 552 seconds for Norton AntiVirus 2010 in the Office test, and 844 seconds versus 876 seconds for Trend Micro Internet Security Pro in the media test.

While running the Full Scan, I noticed that it took up about 86 MB of RAM. However, it felt far lighter, and I was able to perform resource-intensive tasks like uploading photos without any noticeable freezes.

Third-party virus detection efficacy scores were not available at the time of writing, and it's not currently clear whether Security Essentials shares the same detection engine as Live OneCare. However, CNET reporter Ina Fried mentioned that Security Essentials stopped her from accidentally coming down with a case of Koobface.

Conclusion

Microsoft Security Essentials is a lightweight security app that people might turn to for a number of key reasons. It's easy on the system resources, it's easy to figure out how to use, and it comes pre-configured. It only works on legally licensed Microsoft computers, which is understandable but potentially leaves a large segment of the unprotected population still unprotected. You can't opt out of contributing to SpyNet, which isn't understandable at all. Overall, it's recommended for those who want something to set and ignore, but users who want more robust configuration choices or don't want to contribute to the cloud should look elsewhere.

Microsoft plans to release the final version of its free antivirus software soon, according to a note sent to testers late Sunday.

"The final version of Microsoft Security Essentials will be released to the public in the coming weeks," Microsoft said in the note.

(Credit: CNET News)

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Public beta testing of Security Essentials started in June, with Microsoft reaching its goal of 75,000 testers just one day after it issued a call for them.

On a personal note, I've been using the product on several machines since June, and I like the way--unlike other antivirus programs--it doesn't make a spectacle of itself, just quietly doing its thing. I often forget it is running on a machine, yet it did save my bacon a couple weeks back when I almost caught Koobface from a friend on Facebook.

The public beta for Microsoft Security Essentials, the free replacement for Live OneCare, is now closed, but that doesn't mean you've missed your chance to see what it's like.

In this First Look video, we look at the new interface, the new features, and the new limitations of the latest free antivirus to enter the market. Should AVG and Avira be scared? Watch and find out.

A day after making a beta of its free security program available, Microsoft has said it already has the number of testers it needs and has halted new downloads.

(Credit: CNET)

Well, that didn't take long.

A day after making available a free beta of its Microsoft Security Essentials software, Microsoft has stopped offering new downloads, saying it has reached the number of participants it was looking for, at least here in the U.S. The software maker had said it was only looking to initially have about 75,000 downloads of the product, formerly code-named Morro.

"Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time," Microsoft said in a posting on its Web site. "Please check back at later a date for possible additional availability."

Microsoft Security Essentials is the free product that Microsoft promised it would create last year, at the same time the software maker said it was discontinuing its paid Windows Live OneCare product.

The program hits the antivirus basics, including built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection. It's also similar to other free products on the market, such as those from AVG and Antivir.

Download.com's Seth Rosenblatt contributed to this report.

Click on the image above to see Download.com's look at Microsoft Security Essentials.

(Credit: CNET)

Updated June 25 at 12:50 p.m. PDT: Several commenters pointed out a secondary scanning process that runs while a scan is running. While Microsoft Security Essentials uses little memory when not scanning, during a second round of tests it used 60MB to 70MB of RAM, while consuming around 200MB of Virtual Memory.

Updated June 24 at 11:30 a.m. PDT: The 75,000 available slots for testing Security Essentials have been taken. There is no word at the moment whether Microsoft will allow more testers to download the public beta in the future.

Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.

Security Essentials contains all the basic features that users have come to expect from free security software: multiple built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection.

Do you need Microsoft Security Essentials?

It's been a bit hard to gauge user interest at this point. Despite the download limitations, I was able to download the installer onto one computer at 10:15 a.m. PDT, and another at 10:45 a.m. Microsoft has also said that the download cap might be lifted at a later date.

This hands-on will be limited to testing the on-board features since CNET doesn't maintain a virus zoo for security reasons. Also, users should note that Security Essentials will run a Windows Genuine Advantage check before installing. If you're running an illegal copy of XP or Vista, you're out of luck here. The program will run on Windows 7 RC, and there's a separate installer for users with 64-bit operating systems. The 32-bit installer for Windows Vista and Windows 7 was small, weighing in at 4.73MB.

The main interface of Microsoft Security Essentials is streamlined and uncluttered.

(Credit: Screenshot by Seth Rosenblatt/CNET)

If you're familiar with other free antivirus solutions such as AVG or Antivir, Security Essentials will probably strike you as an incredibly similar experience. The program opens with four tabs: Home, Update, History, and Settings. When you first start the program, it will ask you to update the definition files. This was a surprisingly fast process, taking about a minute when tested on two different Windows 7 computers.

After updating the definition files, it will ask you if you want to run a Quick Scan. On both of those Windows 7 machines, the Quick Scan worked true to its name and completed in less than 10 minutes. Quick Scans are good tools if you're worried about major infections, but deep scans are recommended regularly to maintain a higher level of protection.

The Home landing page summarizes your security status, indicating whether your system has been scanned successfully, whether real-time protection is on, and if your virus and spyware definitions are up to date. A pane on the right contains scanning controls, and a pane at the bottom tells you when your next scheduled scan is. There's a link to the scheduler, as well.

Security Essentials' Full Scan took nearly an hour and a half to finish, but only used 4MB of RAM while running.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Full Scan took about 86 minutes, which is a bit long for a deep scan on fairly new, regularly-scanned computers. I didn't think that the program would turn up any risks, but somewhat notably Security Essentials didn't turn up any false positives, either. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs.

The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.

What did impress me was the shockingly small memory footprint. During the most resource-intensive action you can take with the program, the full system scan, it worked itself up to using only 4.6MB of RAM. More often than not, it hung around a few bytes lower, at 3.9MB.

The Update tab tells you your definition file version numbers, when your last update was, and has an Update button so you can force an update check. The History tab shows only files detected as potentially harmful. You can sort files it's detected according to All Detected Items, Quarantined Items, or Allowed Items.

User can customize some, but not all, aspects of the program.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The last tab, Settings, is where most of the customization features reside. A left sidebar list contains options for Scheduling your scans, adjusting Default actions, tweaking Real-time protection, Excluding files, folders, file types, and processes from scans, Advanced controls, and managing your Microsoft SpyNet enrollment.

Yeah, Microsoft actually called something "SpyNet."

SpyNet, apparently, is a telemetry system Microsoft uses to quality-control definition-file updates after they've been sent out. According to the Microsoft news release, SpyNet reports back on the efficacy of old definition file removal and the implementation of new definitions, as well as how detection rates on false positives.

Security Essentials users must participate in SpyNet. The default option, Basic, reports to Microsoft on where a potentially infected file came from, what your action was, what the recommended action was, and whether the action taken was successful.

Security Essentials' SpyNet malware reporting feature.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Advanced membership in SpyNet will send even more information to Microsoft, including the location on disk of your potential infection, how it has affected your computer, and how it operates. For both Basic and Advanced SpyNet membership, Microsoft warns that, "personal information might unintentionally be sent to Microsoft," but that the company "will not use this information to identify or you or contact you."

On the surface of it, this sounds like a standard security software reporting process on malware behavior, although I don't know how deep other programs go into your system behavior. However, it's definitely odd that Microsoft has chosen to call it out in this way.

It's hard to gauge any antivirus program without reliable data on its detection and removal rates. Microsoft Live's OneCare security program has a reputation for low false positives and strong "new" detection rates, but it's not clear how much of Security Essentials is built on or from OneCare. At this point, I'd advise users who are curious about Microsoft Security Essentials to try it out, but I wouldn't recommend it yet as a primary security solution without more field testing.

Updated at 2:40 p.m. PDT with comment on what happens if a user already has antivirus software installed and at 1:45 p.m. with AVG comment.

Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on Tuesday as it phases out its Live OneCare suite in favor of a simpler free consumer security offering.

Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year.

The service works like traditional antivirus products in which client software monitors programs on a PC. When something changes on the computer, such as files being downloaded or copied or software trying to modify files, the system checks against a set of malware signatures in the client program to see if the code matches the signature for known malware. If so, it blocks it from getting downloaded.

If no signature match is found, the system will ping the server-based Dynamic Signature Service to see if any new signatures are available and, if so, it removes the malware. If it appears to be new malware, the Dynamic Signature Service may request a sample of the code in order to create a new signature.

The service updates its anti-malware database constantly and publishes new antivirus signatures to Microsoft Update three times a day, Alan Packer, general manager of Microsoft's Anti-Malware team, said in an interview on Thursday.

"The hope is that people who install Security Essentials and enable auto updates in their Windows configuration will be protected" automatically, he said.

The service also includes new technologies that help protect against rootkits, programs that are designed to hide the fact that a PC has been compromised, and is also designed to run efficiently by scanning when the PC is idle and conserving on memory usage.

If you already have antivirus software installed you probably don't need this service. Security Essentials doesn't detect if you have security software installed but does provide a message upon install that says two antivirus products aren't necessary and could interfere with each other, Packer said.

Microsoft announced in November that it was dropping its Live OneCare service in favor of a slimmed-down free offering designed to encourage more people, particularly those who don't want to pay for it and fear it will slow down their computer, to use antivirus software.

The new service lacks features like managed firewalls, performance-tuning, backup and restore, printer-sharing and multi-PC management that the OneCare service offered.

"We don't see Security Essentials as a direct competitor to other free products and suites," which try to "upsell" users, or get them to eventually pay for a product, Packer said. "We're targeting people who aren't protected" already.

A spokeswoman for AVG, likely the main rival to Microsoft's service, said AVG offers a free Internet security suite that has advantages because it is operating system agnostic and was developed by a company that specializes in security products.

Asked what Microsoft's strategy is for mobile, Packer said he couldn't comment on what the Windows Mobile team is doing.

"In general, the way we look at mobile from a security standpoint is that you are better off preventing the malware from getting on a mobile device rather than trying to run anti-malware or antivirus software," he said. "We haven't targeted mobile antivirus software because we felt that's not the right approach."

Microsoft Security Essentials will be available for download from Microsoft's Web site beginning on Tuesday.

This is what the interface will look like when the service finds that the PC is clean of malware infections.

(Credit: Microsoft)

This screenshot shows what a user will see when Security Essentials finds malware on the PC.

(Credit: Microsoft)

Webroot, the maker of SpySweeper, on Tuesday announced a new security suite for Windows XP and Vista. The product, Webroot Internet Security Essentials (WISE), provides antivirus, antispyware, a personal firewall, along with a few utilities. It includes up to 2GB of online file storage for backup. It does not include Parental Controls.

The product includes Webroot's own Spysweeper and Windows Washer products. Antivirus support comes from a licensing agreement with Sophos. For the personal firewall, Webroot uses a custom version of PWI's PrivateFirewall product. And for online backup, Webroot has partnered with SOS Online Backup.

Priced at $59.95 for up to three users, WISE costs less than Norton Internet Security 2009, but is more expensive than Trend Micro Internet Security 2009 and ZoneAlarm Internet Security 2009. Like Norton, Webroot does provide free online and phone support.

The interface for Webroot Internet Security Essentials should be familiar to existing Webroot SpySweeper users.