Last year, Microsoft announced that it was halting development of its highly regarded Windows Live OneCare product (see my review of Windows Live OneCare 2.0) and would instead release a free anti-malware solution codenamed Morro by the end of 2009. Morro, of course, became known as Microsoft Security Essentials (MSE), and as promised it is absolutely free and available to all genuine Windows XP, Vista, and 7 users, and will come in both 32-bit and 64-bit variants (32-bit only on XP).

Put simply, MSE is OneCare minus the stuff that's not related to fighting malware. It doesn't have a managed firewall, can't manage a "circle" of computers on a home network, doesn't help prevent applications from putting icons in the system tray at boot-up, and doesn't have any online photo backup capabilities. What it does have, however, is all good stuff: MSE is small, fast, light, and effective, and since it's built on the same award-winning underpinnings as Microsoft's other security products you know you can trust it. I've been using it since well before the public beta, and I've found it to the be a near perfect security solution.

Let's take a closer look.


Why MSE?

Microsoft created MSE to address a very simple problem: Far too many PCs are unprotected with out-of-date anti-malware products. The company tells me there are a number of reasons for this. First, because many new PCs come with only time-limited security solutions, some users believe they're protected even though the initial subscription period may have ended. Some don't even activate the free, bundled solutions at all. Some--especially those in emerging markets--can't or won't pay for security suites, most of which need to be renewed every year.

Meanwhile, the security landscape is evolving. The impact and severity of security threats is increasing and is becoming more professional, with many malware outbreaks aimed specifically at financial fraud. Security software vendors are constantly adapting their products to meet these evolving needs, but these products are often complex and increasingly address a number of non-security tasks.

So MSE comes into this world and is designed to address the needs of users who are often not protected, for one reason or another. From a broad perspective, MSE works side-by-side with Microsoft's other security technologies, including those built into Windows and accessory products like the Malicious Software Removal Tool, but adding the crucial element of real time protection. It is based on the same trusted and well-regarded security engine that is used by Microsoft's Forefront line of products. It is incredibly easy to install and use. And, perhaps best of all, it is almost completely innocuous: Unlike the OneCare product it replaces, MSE is small and light and runs quietly in the background with a nary a chatty pop-up to be found. Finally, Microsoft has gotten client security right.

Oh, and it's absolutely free. As long as you have an activated, known-good (i.e. "Genuine") copy of Windows XP, Vista, or 7, you're good to go. Microsoft Security Essentials is just part of the package, a perk for users of Microsoft's modern Windows versions. And unlike other free solutions, Microsoft won't use MSE as a vehicle for up-sell. It just does what it does, and it will never prompt you to purchase a Pro version or whatever. There's no registration, no information collection, no annual worry. You install it and forget it, and it keeps you safe.

How it works

As noted previously, Microsoft Security Essentials is built on the same award-winning anti-malware technology Microsoft uses in its other security products, including the Forefront family of solutions and Hotmail. And if you've got some idea that OneCare somehow performed poorly in industry tests, it's time for a refresher: That was years ago, and this technology has actually tested at or near the top of the heap ever since. This is proven anti-malware technology, and Microsoft has an incredibly deep set of live data to build off of.

Speaking of OneCare, let me get one thing out of the way right up front: MSE is comprised of the next generation protection technologies that were originally shipped with OneCare. It is, in effect, OneCare minus the management features and other non-anti-malware functionality that previously shipped in that suite. It has, however, been greatly streamlined and simplified, as we'll discuss in a moment.

Microsoft describes MSE as a "thin layer on a deep technology stack." It's comprised of a user mode service and a kernel mode driver, so it can handle malware no matter where it lives in the system. It's all backed up by a series of web services, including telemetry data through the SpyNet service, Microsoft Update, and a separate signature update service.

Thanks to the 450 million people who automatically download security updates every month from Microsoft Update, the software giant has a unique and gigantic feedback loop from which they can quickly identify new attacks and react aggressively. On the client itself, the MSE real time protection mechanism operates at the kernel level to examine the behavior of unknown binaries and then sandbox potential malware before it can do any harm. And thanks to a new Dynamic Signature Service, MSE can immediately query online to see if there is anything that matches what its seeing on the PC. Because of its kernel mode hooks, MSE can also detect kernel mode rootkits and, in many cases, even clean them out after they've rooted their way into the system.

One of the big complaints about security suites (and to a lesser degree, OneCare) is performance. Real or imagined, many people perceive that security solutions slow down their PCs, so MSE has been architected to be as small and light as possible. Impact on the PC is generally imperceptible, and MSE will actively swap out memory it's not using to further reduce its use of system resources. Scans only occur when the PC is idle, of course, and because MSE can only throttle the CPU to 50 percent utilization, the PC is usable even when MSE is active.

MSE supports several levels of updates. The product itself is updated when needed, periodically, and once installed, these updates are delivered through Microsoft Update (and thus to Windows through Windows Update). The core engine technology is updated monthly, also via Microsoft Update. Microsoft publishes new signature updates three times each day, but of course signatures can also be updated in real time when needed. The best part of all this is that none of it impacts the user at all. You just install it and forget it. MSE will take care of the rest.

Installing MSE

Microsoft Security Essentials couldn't be easier to install. You download the relatively tiny executable from the Microsoft Download Center--its about 4-5 MB for the Vista version, for example--and run through a super-simple wizard-based installer. Basically, it makes sure your PC is genuine and then installs. That's it. On first install, the product will run a quick scan by default. This could take several minutes, but the majority of users can simply shut the application window and get on with life. If all goes well, you'll never see it again.

Microsoft Security Essentials public beta

Continue to Part 2 of Microsoft Security Essentials Review...


 

My rating


Download Microsoft Security Essentials

Microsoft Security Essentials will ship publicly on Tuesday, September 29, 2009. Find out more on the Microsoft web site.