Microsoft Security Essentials - Good Enough?
Ask Bob Rankin
<http://askbobrankin.com/microsoft_security_essentials_good_enough.html>


Microsoft Security Essentials is a free anti-malware application first released in June, 2009. It replaces the subscription-based Windows Live OneCare antivirus service and the free Windows Defender, which only protected against spyware and adware. Does this all-in-one security tool provide enough protection? Let's find out...

How Good is Microsoft Security Essentials?

 Can you dump both your current anti-virus and anti-spyware apps, in favor of Microsoft Security Essentials (MSE)? Reviewers are giving MSE favorable marks, but will it provide robust protection against all types of malware?

Microsoft Security Essentials works on Windows XP, Vista, and Windows 7 (both 32 and 64-bit). It is available in 25 languages and is efficiently designed to avoid hogging system resources, an important consideration in user adoption and regular use. The fact that both virus and spyware protection are rolled into one program is a plus in this regard. Brian Krebs of the Washington Post found that MSE consumed only 4 MB of RAM even during active scans for malware. A quick scan took just 10 minutes in Krebs' test, and a full scan only 45 minutes.

Reviewers' mileage varies, just as yours will. On the downside, PC Magazine reported that MSE takes up 110 MB of hard disk space. If you have a typical 500GB hard drive, though, that's hardly a blip on the radar. PC Mag also found that a full scan on a heavily infected system took over an hour, while the same scan on a virus-free system took only 35 minutes. Apparently, MSE's malware-eradication routines take quite a bit of time compared to competitors. But regardless of the timings, is MSE effective?

The official release of MSE did quite well in the independent lab AV-test.org's tests. MSE found 98.44 percent of 545,034 computer viruses, computer worms and software Trojan horses as well as 90.95 percent of 14,222 spyware and adware samples. It also detected and eliminated all 25 tested rootkits. It generated no false-positive at all. (A false-positive is when a legitimate program is mistakenly flagged as malware.)

In addition to receiving good marks from AV-Test, MSE has been certified by the International Computer Security Association (ICSA) Labs, it received the Checkmark certification from West Coast Labs, and won the PC Advisor Awards 2010 - Best Free Software award.

Even established anti-malware developers give MSE grudging respect - well, two of them do, anyway. AVG Technologies, developer of the free AVG Antivirus suite, stated that MSE is "a positive step for the AV (anti-virus) landscape." Avast Software, maker of Avast Antivirus, allowed that "MSE is not the silver bullet but it is also not the bad sequel to One Care that some claim," according to CEO Vincent Steckler.

Taking MSE For a Test Drive

Want to try MSE for yourself? You can download Microsoft Security Essentials from Microsoft and click to run the installer <http://www.microsoft.com/security_essentials/>. The first thing MSE does is check the validity of the installed copy of Windows. So if you're running a pirated copy of Windows, you're out of luck. MSE will detect Windows Defender and disable it, if it is present. MSE does Windows Defender's job as well as other things.

MSE includes real-time defenses as well as scheduled and manual scans for malware. File downloads and email attachments are scanned as they arrive. Before taking action against a suspect file, MSE prompts the user for input. If no input is received within 10 minutes then MSE takes whatever action is specified in its settings; typically, that would be "quarantine" the suspect file until some human has a look at it. MSE automatically checks for malware definition and signature database updates, which Microsoft is releasing three times a day.

I have a 5-year-old laptop that I use for travel, so I decided to replace my current security software (Avira anti-virus and Windows Defender) with MSE. The installation went smoothly, and during the initial scan, MSE found some malware (Win32/ClickSpring.B) that Avira had not detected.

That's not to say that Avira isn't an excellent anti-virus program. But none of them will detect ALL the bad stuff. So it's not surprising that you'll find one or two nasties if you switch from one anti-virus program to another.

MSE is intended for consumers, not enterprises. It lacks the network monitoring features that Microsoft Forefront Client has, for example. But other than that, MSE seems to be a worthy addition to the free anti-malware arsenal. Aside from the fact that I have reservations about Microsoft muscling into yet another market where there were already several worthy competitors, I have no problem recommending MSE for those in search of free anti-virus and anti-spyware protection.

I should mention that it's almost never a good idea to use more than one anti-virus program at a time. They can interfere with each other, cause false positives to be reported, and will needlessly slow down your computer. On the other hand, it's fine to have one anti-virus program and use a malware scanner such as MBAM (see my related article MalwareBytes Anti-Malware <http://askbobrankin.com/malwarebytes_antimalware.html>) which is NOT always running, to do occasional peace of mind scans.

Copyright 2005 - 2010 - Bob Rankin

(MSE_RankinReview.htm)