Microsoft to release free security software soon

Microsoft plans to release the final version of its free antivirus software soon, according to a note sent to testers late Sunday.

"The final version of Microsoft Security Essentials will be released to the public in the coming weeks," Microsoft said in the note.

(Credit: CNET News)

Microsoft first announced its plans for the product, then code-named Morro, last November, at the same time the company said it was scrapping its paid Windows Live OneCare product.

Public beta testing of Security Essentials started in June, with Microsoft reaching its goal of 75,000 testers just one day after it issued a call for them.

On a personal note, I've been using the product on several machines since June, and I like the way--unlike other antivirus programs--it doesn't make a spectacle of itself, just quietly doing its thing. I often forget it is running on a machine, yet it did save my bacon a couple weeks back when I almost caught Koobface from a friend on Facebook.

[pentest]

Their time and money would be better spent on trying to build a secure OS.

[Sausagebiscuit]

Dang, Microsoft should really hire you. You seem like you could create a secure OS with talk like that. Anyone call Ballmer yet and let him know about this guy? I mean his comment is just overflowing with quality. Heck, I bet he could replace at least three for four people and save the company money.

[Lennron]

There's no such thing as a secure OS. Not once connected to the internet anyways.

[krypter]

I know, eh? There are so many smart, thoughtful people on the internet who can see the obvious holes in Microsoft's security architecture. MS should find them and hire them, they are so smart.

[Renegade Knight]

@Lennron

Not presently, however it's not hard to do, but would anyone want a "dead" interface with the web?

[santuccie]

@pentest:

Actually, they have already done so. There were only a couple of exploits that surfaced in 2007 which could supposedly reliably exploit known vulnerabilities. As we know, IE7 did not actually implement Vista's ASLR. IE8 does, and criminals have been failing to exploit Vista or any of the test versions of W7 in the wild (obviously, W7's so-called "broken" UAC doesn't mean much, after all). Actually, although this doesn't mean it never happened, I don't distinctly recall having seen any Vista machines infected with drive-by parasites in 2007, either. It's always been Trojans and rogue antimalware. And most of the time, I've found P2P software on the machine along with it.

If you've paid any attention to the responses you have gotten, you would know by now that IIS does NOT get hacked more often than Apache; the reality is quite the reverse (in spite of the fact that Apache isn't that much more prevalent than IIS). That said, every platform is vulnerable to local infection, when the user opens an e-mail attachment (even from a loved one). Using social engineering to get through the Web barriers is half the battle, and skilled coders can couple this with a privilege escalation exploit; that way, the user will never see a red flag in the form of an authentication prompt. And we know that all platforms have known privilege escalation vulnerabilities, with more being discovered all the time (and with that, your "build a secure OS" bit flies out the Window... pun intended).

If you were a penetration tester, you wouldn't continue to deny this, especially after being refuted umpteen times. But you're not; you're just another *nix proponent who thought he could bluff everybody else on CNET. Unfortunately, there are professionals here who know better. And until you can break the spell of religious fundamentalism, you will keep losing debates until someone makes you look so foolish that you can no longer bear to look yourself in the mirror. Quit doing this to yourself, already.

[Lennron]

@ Renegade Knight

Haha! Well, I can't speak for everybody, but as for me? No.

[Jonathan]

Win 7 is secure. Hell even Crapple (Hey if you can use M$) is bundling AV software into 10.6

[Vegaman_Dan]

@pentest:

Please take your computer to a qualified technician as soon as you can. Your keyboard macro appears to be stuck in a loop, making the same comment again and again without changing any time a Microsoft reference is made.

I have to assume it's a hardware or software failure of the computer and not just a brain-dead troll making such comments.

[santuccie]

Seriously!

[crazykillller]

Dude, a secure OS comes with an antivirus. You might say 'It's an Anti-Virus, not an OS' but seriously it conserves your RAM better than any secondary antivirus. Maybe detection is weak but thats why you need an Anti-Virus for security anyway.

[inachu1]

I am sure this will have a shelf life of less than 2 years and will not be supported.
I am not saying i know this but so far how Microsoft has treated other similar software.

[Mark_Anderson]

Examples please.

[sting7k]

That was the thing I liked about LIVE OneCare, it uses barely any resources and doesn't make itself known. Once in awhile the little balloon will pop up saying it's scanning, tuning up, or backing up my files but those processes do not drag my system down at all like Norton and the others used too do. Glad this is coming out soon as my OneCare runs out in just over a month.

[Maclover1]

Negative. Its got problems, hopefully they will sort it out before its RTM...

http://social.answers.microsoft.com/Forums/en-US/msestart/thread/ff286d70-ea06-45bb-b057-6f79ca7a01bb

I have seen this on the 3-4 Vista PC's I put it on. Crazy high CPU for up to 30min after a reboot.

[bananaphonerules]

I've got it on my HP Netbooks without issues....and they've got zero performance.

[bananaphonerules]

I've got it on my HP Netbooks without issues....and they've got zero performance.

PS. that post seems to point to a TWAIN interface causing a conflict (for scanners).
Does TWAIN still exist? Wow.

[shellcodes_coder]

Great move as usual by Microsoft.

[WinNoMo]

Ballmer? Is that you?

[dowell100]

Most people are aware that MS has an 85% desktop OS market share. Anyone can switch if they wanted to, but 85% of them don't want to switch. People always gravitate toward superior products (like not buying a Dodge when they can have a Toyota), and that is why Windows is King.

Of course, there are those who feel the Mac OS is superior, but people simply don't want it. It has been 25 years and that OS, in all its versions, has never had more than 5% market share. Now the Mac itself is the lowest selling product of Apple, which primarily sells music and telephones.

[Gold_Storm_Mac]

@WinNoMo

Good one :)

[sanenazok]

I really liked the backup part of OneCare. It was actually much better than the backup program built into the OS. Oh well off to some free app I guess.

[bookshire]

You like the way it doesn't make a spectacle of itself? I use Vipre Anti-Virus/Anti-Spyware and it's pretty lightweight and unobtrusive. I don't notice it's there either, and $50 a year for an unlimited site license is pretty sweet. This new thing from Microsoft which I have just now heard about it's going to have it's work cut out for it to prove itself against more established competitors.

[WinNoMo]

No it won't. It will be free and soon to be included with every copy of Windows. It will be what IE was to Netscape.

[Maclover1]

I like Vipre, we use it at work, that said. OneCare totally sucked as far as detecting virusus when it came out, but last major tests done on all AV software put OneCare in second place, so this will be a good product, especially so because its free.

[bookshire]

@WinNoMo

There's a bit of a difference there. First, at the time Netscape was one company instead of an entire industry. Microsoft has yet to run an entire industry out of business.

Second there's a HUGE difference between providing a quality web surfing experience and protecting one's self from spyware and viruses. Some programs do the job better than others and if Microsoft is unable to do as good a job and too many viruses or spyware objects go unnoticed by this software then people will look for better alternatives.

[santuccie]

Actually, I'd have to agree with WinNoMo for once. Just like Vista has been shipped with Windows Defender, this could be so if MS wants it to be so. I don't know if they'll make this move, though. Security vendors might find some way to sue them in Europe, where they would have a case in the communist territory. Of course, this might not prevent MS from creating some kind of Windows 7 E (or whatever) for Europe, and go ahead and bundle MSSE in capitalist territories.

@bookshire:

I suspect that MSSE shouldn't be bad at detecting new threats quickly, as it leverages the user network to do so within seconds; a concept used also by CyberDefender, ThreatFire, Panda Cloud Antivirus, and McAfee's Artemis. This helps to close the zero-day gap.

[kojacked]

OMG! Microsoft is gonna bundle this with Windows?!?!?!? Why don't they bundle the Live Essentials suite with Windows too while they are at it? Oh wait...

What a bunch of tools... You are living in the past in order to justify your hate mongering.

[bookshire]

Having just heard about this software myself, I can't comment on if it's good software or not. Maybe it really will turn out to be the greatest thing since sliced bread...or it may crash and burn...or it may just assume a little niche of the market just like every other AV software has.

If it works, I may use it in time. I don't like Microsoft and I don't hate Microsoft (in fact I'm still working on what hate actually is...been ten years and I still haven't gotten it...though I think people throw around the word too casually). My point was people shouldn't assume it will dominate, and they shouldn't assume it will crash. They should wait and see...if it works for them, they should use it. If it doesn't, use something else.

[santuccie]

@bookshire:

You're absolutely right. It's too soon to make any calls on this. I should let you know that I have one of the 75,000 original beta copies, which I just recently reinstalled and then upgraded to the current version. I will state that it seems to be averaging 40-70 MB of RAM usage on my system. This is pretty small compared to the average antimalware suite, which does all its work on the local machine. However, it is considerably heavier than the last version of Panda Cloud Antivirus I tested, which averaged an impressively low 10-20 MB of RAM, and 50 MB during a scan.

I think I like Panda's features better, to tell you the truth. Panda is more "set and forget," in that it defaults to automatic updating while MSSE apparently does not; this could be catastrophic if people don't know about it (and I doubt many people will). Also, Cloud Antivirus lets you restore quarantined objects from a recycle bin, while MSSE uses restore points. Unless you create manual restore points AFTER every installation/uninstallation - which the average user does not do - this could be a HUGE inconvenience. I think I'm going to relay this info to MS, now that I think about it.

Just for the record, I wasn't putting a wager on anything. I was only stating what Microsoft MIGHT do. Cheers!

[kr3bstar]

Thanks for the article, Ina. My current AV subscription will expire in a few weeks and I'd like to give the MS product a try before paying for a renewal.

[curious_trout]

I use Norton's Internet Security 2010. It's not perfect, but gives me some sense of security. However, recently my machine was compromised, so I started running scans using other tools too. One of them was Microsoft's free Protection Scan, which ran on-demand in a window popped up by IE. Unfortunately, this tool appears to have changed and now MS seems to want permanent presence on my system. This change doesn't appeal to me. Soon the majority of the programs running on my PC will be security scanners and a firewall... in addition to the firewall that comes with my Linksys router.

[Maclover1]

Seriously spending money on this software is a total waste of time. Why....

1. No matter what you have something will get buy it if you use your Windows computer unwisely. I have cleaned "Anti-Virus 2009" off of Vista machines that were using the latest Norton, just two weeks ago. The user clicked ok and that was that.

2. Automatic updates, free AV software, UAC = ON, a simple home router that does SPI, will block 99% of all crap. The other 1% is up to you.

[bookshire]

@Maclover1

You know, I agree 100%. So many people out there think that if they install AV software then they can go anywhere and do anything and never get infected.

I haven't had a virus infect any of my computers in over nine years. Partially because of my firewall, partially because of my Anti-Virus, my MOSTLY because I know how to surf the internet in a responsible manner.

[Jonathan]

There are some simple things to secure yourself.

1. Use Firefox with noscript or adblocker.
2. Make sure Windows Update is enabled and set to run automatically.
3. Make sure your firewall is enabled.
4. Make sure whatever e-mail client you have is current and security is enabled.
5. And this is a big one. USE COMMON SENSE. If something pops up saying your system may be insecure, click here to scan....its probably malware.

I've been running widows since 92 with no antivirus software and I've had ONE virus back in 95....called NYB. Otherwise nothing. Simply checking yourself before clicking on something will save your butt.

[Hokulea]

I use NIS 2010 as well. Unfortunately, like every other security suite or AV app, it won't protect you from everything all of the time. I also use other on-demand scanners like Malwarebytes and SUPERAntiSpyware. In addition, I run Secunia PSI to identify outdated and insecure apps installed on my system. Keeping the OS and installed apps up to date with the latest patches and versions averts a lot of security issues.

The best thing to do is not get infected with malware in the first place. Attachments in email have always been a security issue, so I never open them without first downloading and scanning them. If I'm extremely suspicious, I create a new limited user account to view the attachment, then delete the account when I'm done.

While running IE8 in protected mode using Vista is fairly secure, new or unpatched vulnerabilities in ActiveX controls continue to be an issue. Though not 100% secure either, alternative browsers such as Firefox, Chrome, or Opera offer fewer attack vectors. Safe browsing strategies also help, but not all of the time.

I use Firefox with NoScript, Flashblock, and Adblock Plus. While NoScript does a great job of mitigating threats from JavaScript and Cross-Site Scripting (XSS), it takes a little getting used to, as by default it will prevent some websites from working. This behavior can be modified at a very granular level to allow scripts to run for individual domains. While at times it can be inconvenient, NoScript does protect against the majority of drive by downloads.

For many years now, the worst things I've had on my Windows systems have been tracking cookies. Even so, I operate under the assumption that sooner or later my system will be infected by some sort of malware. To mitigate the damage, I encrypt sensitive files and folders. While this won't protect me against keyloggers and rootkits, it's an added level of security that isn't inconvenient. A good backup strategy is also essential.

There are those that advocate using OS's such as Mac OS X or Linux. Since the vast majority of malware is written for Windows, those OS's are relatively more secure. Though they may still have vulnerabilities, there are very few exploits that currently affect them. Since switching to an OS other than Windows is not a viable option for me, I follow best practices and stay up to date on security issues. The threat picture is constantly changing and gets worse everday. I also use Linux live CD's for online financial services and have Xubuntu installed on a older laptop that I use at public WiFi hotspots.

I know a few people that don't use any kind of security software, not even free versions, and one is an avid P2P user. No doubt some of them are unwitting botnet members. Hopefully, for idiots such as these, Microsoft will eventually include something like Security Essentials as part of Windows.

[n3td3v]

Microsoft SpyNet is getting ready for primetime, think of all the statistics they will be collecting on everyone once this launches.

[Vegaman_Dan]

I heard they include a free tinfoil hat in every package just for folks like you. :)

[DragonStab]

AVG Anti-Virus has been free for a long time. Nice user interface too. That and the free Zone Alarm firewall, plus the free Ad-Aware spyware scanner are all I need. Why pay more??

[DragonStab]

Oh, and maybe the free Spybot spyware scanner software as well to catch the stuff that Ad-Aware misses.

[mados123]

I have found that with my clients' computers, the AVG Free does a good job most of the time but it doesn't offer the same protection as the ESET AV that I use. Once the AVG is put to the test by them going to "questionable sites" and even with Firefox being used, some crap that paralyzes the computer gets to it.

[ronpadz]

What happened to MS Defender?

[Jonathan]

MS Defender is MS Security Esentials. Its a beefed up version of Defender.

[Vegaman_Dan]

MSFT has been acquiring different products from different companies, revamping and tailoring them to work internally in the OS and let updates go through normal channels. Defender, Forefront, etc, are all becoming part of this Security Essentials suite from what I've read here on CNET. Who knows what the final product will actually be.

[bikerdad92]

All the stuff out thereis good. But I have found the new Iobit 360 works real great.

[Jack-Bxp]

Strange that as they are scrapping Windows Live OneCare, my friend, who has it installed on his desktop computer, was asked if he would like to renew it - and be charged for it too. I knew about this and let him know about the discontinuation - that they were now gonna be offering a free version instead, which puzzled him too, as why, if they offer a free version, would Microsoft still attempt to charge someone for OneCare ? It makes me wonder, would those who renew their OneCare subscription, really be using the free Microsoft Security Essentials instead - but with the same old OneCare interface - and be charged for this "pleasure" at the same time ? My friend is now using another free anti virus program, but i'd like to know, has anyone else encountered this situation ?

[iceman721]

Cast my vote for Eset Smart Security Suite 4.0 It has a small footprint and is very light on system resources. I have not found anything anywhere that it hasn't detected. It is also not obtrusive and didn't require me to learn a NASA operating manual like Kaspersky (which is great if you can get used to its highly technical nature). Eset is my paid option.

When Windows 7 comes out I will definitely give their free option a try. No one should be able to beat MS at building an Anti-virus suite for their OS. I hope they get it right I'm tired of those d@mn Mac commercials raving about their lack of viruses, malware, etc.

There has never been a better time in history to be a "PC". And for the record I'm not an Apple hater so please don't start! I think both products can suit their users needs its all about what you want.

[tbsteph]

I've been using Essentials on my Windows 7 (RC) since the June beta release. I agree with the article's author, it works will with minimal impact (read annoyance) to the user. I really get a "kick" from commentators who lambast Windows security and Essentials in the same breath. Their logic is overwhelming.

[The_happy_switcher]

From Fake Steve Jobs, hilarious and true:

The company said the operating system will be ready to download from 22 October and after clicking through all the user agreements and restarting your system 85 times it should be ready to install unsuccessfully by Christmas.

A Microsoft spokesman said: "This is a great opportunity for young people to claw at their skulls and scream 'no, no, no, I do not want to load any more ******* updates, you utterly horrifying box full of evil' while trying to arrange cups of coffees and study sessions with their new college pals."

[Hokulea]

@The_happy_troll

While it might be hilarious, it's definitely not true. Which you would no doubt know if you had actually installed it.

It took all of 20 min for me to install Win 7 RC as a dual boot option. Since then it has worked flawlessly.
As a college student, I qualified to pre-order Win 7 Pro for $30. I have no complaints.

[Lennron]

@ Hokulea

"The_happy_troll" HAHAHAHAHAHAHAHAHAHAHA!!!!!! Good one!
Also, I agree. I'm sick of Apple/Linux fans telling me if I would just try their products I would love them; for two reasons.
1: I have a Macbook Pro which I use from time to time stupidly thinking that maybe I'll finally find where all they hype comes from. Needless to say, that's all Mac has ever been, hype. And I've tried multiple versions of Linux and do generally like them, but they don't even hold a match to Windows. (This includes Ubuntu, Red Hat, Fedora, Mint, and Suse.)
2: Practically every single one of them havn't touched Windows since XP SP1. So they're hypocrits trashing Vista and Windows 7 when they've never seen anything but screen shots.
When it comes to Vista and Windows 7 beta and RC, the only problem I've EVER come across is that Vista can run a little slow, yet still runs twice as fast as Mac ever did with the exact same specs.

[Vegaman_Dan]

@The_Happy_Switcher:

Let me get this straight- you are taking your facts from someone who is admittedly making things up for their amusement and poking fun at people who are uninformed / ignorant enough to believe it as fact?

Yeah........ okay, that explains a lot about your comments on CNET. :)

[benqt]

at last..something that's free from Microsoft..hehe.. Gonna try this for sure..

[benqt]

one last note..are there any other free stuffs microsoft offers? sorrybut im such a big fan..and I also want a lot of free stuffs from them :D

<a href="http://hypnosisfearofflying.com">benat</a>

[shellcodes_coder]

lol, you have just used Windows and nothing else...try worldwide telescope, virtual pc etc and they are all free and yes it's written by Microsoft. By the way don't forget to try WorldWide telescope, it's a mind blowing product by Microsoft

[crazykillller]

Windows LiveOneCare and Windows Defender are the most prominent.

[gggg sssss]

The EU is going to be upset when they hear about this. Is AVG in the EU yet? Of course, most of the virus writers that arnt in Chjina are in the EU.

Your gender changes and preferences really make this article legit. Very professional. Good job Cnet.