Click here for our Microsoft Security Essentials photo gallery
(Credit: Chris Duckett/ZDNet.com.au)
Microsoft has released version 1.0 of Security Essentials, the successor to Live OneCare. Originally known as Morro, Security Essentials retains the core features of OneCare, but abandons the additional heft of a firewall, performance tuning, and backup and restore options in exchange for making the program free. Rather than taking aim at full-featured security suites made by Symantec or Trend Micro, the features available in Security Essentials indicate that Microsoft is aiming to compete with basic-but-free security apps.
For the select 75,000 public beta testers who got their hands on the program when the limited public beta was offered in June, there will be few appreciable differences between the beta and the final version. For the rest of the planet, Security Essentials features key defences that are boilerplate for any respectable security program.
It uses both definition file and real-time defences against viruses and spyware, and also offers rootkit protection. The program's reputation-based detection and software signature-based detection seem to rely heavily on Microsoft SpyNet, the unfortunately named cloud-based service that compares file behaviour across computers running various Microsoft operating systems.
SpyNet was introduced in Windows Vista and extended to Windows 7, but Microsoft Security Essentials is the only way to access the network on Windows XP. Unlike other security vendors that allow customers to take advantage of the benefits of their behavioural detection engines while opting out of submitting information, there's no way to do that with SpyNet.
You can choose between two SpyNet memberships. Basic submits to Microsoft the detected software's origins, your response to it and whether that action was successful, while the Advanced membership submits all that plus the location on your hard drive of the software in question, how it operates, and how it has impacted your computer. Both basic and advanced warn users that personal data might be "accidentally" sent to Microsoft, although they promise to neither identify nor contact you. Opting out of SpyNet, however, is not an option in Security Essentials.
Security Essentials benefits greatly from having a simple, streamlined interface. There are four tabs, each with a concise and understandable label: Home, Update, History and Settings. The program also uses easy-to-grasp labels, imported from OneCare: green for all good, yellow for warning, and red for an at-risk situation.
From the Home window, you can run a Quick Scan, Full Scan or Custom Scan, and a link at the bottom of the pane lets you change the scheduled scan. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customising the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs. The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.
The Update pane manages the definition file updates, with a large action button, and History provides access to a spreadsheet-style list of All detection items, your Quarantine, and items you've Allowed to run. Although it's a basic layout, this no-frills approach to security could prove appealing to computer users who are overwhelmed by more detailed security choices.
The Settings window allows users to further customise the program by scheduling scans, toggling default actions to take against threats, adjusting real-time protection settings, creating whitelists of excluded files, file types and processes, and the aforementioned SpyNet options. There's also an Advanced option which is still fairly basic: here you can set Security Essentials to scan archives, removable drives, create a system restore point or allow all users to view the History tab.
Security Essentials comes pre-configured to run a scan weekly at two in the morning, when your Microsoft thinks your system is likely to be idle. New malware signatures are downloaded once per day by default, although you can manually instigate a definition file update through the update tab. Attachments and downloaded files will be automatically scanned by Security Essentials.
Help is only available in the form of the standard offline Help manual that comes with all Microsoft programs. There's nothing fancy here.
It installed in less than one minute and completed its first Quick Scan in less than 30 seconds. The Full Scan took more than an hour to reach the halfway point, and this was borne out by tests performed by CNET Labs' benchmarks. Microsoft Security Essentials actually sped up the boot time of our test computer by more than two seconds, and it sped up the shut-down time by more than two and a half seconds. However, compared to major security vendors it was significantly slower at scanning — Security Essentials took 2340 seconds to scan, whereas most scans would clock in between 1000 and 1100 seconds.
In our iTunes decoding test it scored similarly to its competition, about seven seconds slower than an unsecured computer. In our MS Office test and media multitasking tests it was faster than some — 503 seconds versus 552 seconds for Norton AntiVirus 2010 in the Office test, and 844 seconds versus 876 seconds for Trend Micro Internet Security Pro in the media test.
Running the Full Scan took up about 86MB of RAM. However, it felt far lighter, and we were able to perform resource-intensive tasks like uploading photos without any noticeable freezes.
Third-party virus detection efficacy scores were not available at the time of writing, and it's not currently clear whether Security Essentials shares the same detection engine as Live OneCare. However, CNET reporter Ina Fried mentioned that Security Essentials stopped her from accidentally coming down with a case of Koobface.
Microsoft Security Essentials is a lightweight security app that people might turn to for a number of key reasons. It's easy on the system resources, it's easy to figure out how to use, and it comes pre-configured. It only works on legally licensed Microsoft computers, which is understandable but potentially leaves a large segment of the unprotected population still unprotected. You can't opt out of contributing to SpyNet, which isn't understandable at all. Overall, it's recommended for those who want something to set and ignore, but users who want more robust configuration choices or don't want to contribute to the cloud should look elsewhere.