Free anti-virus products have been around almost as long as viruses themselves, but for much of that time were viewed as second-class solutions, unable to deliver the protection afforded by more commercial implementations. That all changed in 2009, with the introduction of Microsoft Security Essentials (MSE) which, for the first time, gave Windows users fully supported anti-malware tools from a big name vendor.
An immediate hit, particularly with home users, Microsoft Security Essentials continues to be developed, with the latest version (v4.0) released in May this year followed by a minor update (4.1) in August. It can also be used to protect small business systems, although alternative business IT security products are likely to be a better fit.
Something for nothing
Still described as an anti-virus program, MSE has, over the years, been extended to protect against trojans, spyware, rootkits and other threats. Moreover, in addition to a scanner to identify and deal with existing infections, MSE offers real-time protection, automatically searching for and blocking potential malware before it can do any harm. Suspect files can either be ignored, quarantined for further investigation or removed altogether, with such action taken automatically in most cases.
Platform support has been extended over the years with 32-bit and 64-bit implementations now available which can be used to protect Windows PCs running XP, Vista or Windows 7. Windows 8 isn’t supported, but that isn’t an issue as the upcoming new platform comes with an implementation of Windows Defender as standard, enhanced to deliver much the same level of protection as MSE. More than that, it has an almost identical look and feel, making it hard to tell the two apart.
MSE proved both quick and easy to install. All we had to do was browse to the Security Essentials website and choose either the 32-bit or 64-bit download for the version of Windows we were using. The automated setup program then took 2-3 minutes, with much of that time spent checking for the latest updates both to the application itself and the signatures used to identify potential malware. An initial full scan of the PC was then run, taking around 15 minutes on a new Windows 7 install.
Unfortunately, with no easy way of automating the installation, business users would have to manually download and configure the software separately on each PC which, on a large network, would be a time consuming task. Neither is there any way to manage MSE or deal with suspect files centrally, and no way to co-ordinate updates, each copy of the program downloading its own anti-virus signatures and other updates directly over the Internet.
Note also that compared to even budget security products what you get with MSE is a very basic solution. There’s no phishing protection, for example, and although it will check to make sure the Windows firewall is enabled, the Microsoft application can’t interact with it to automatically block traffic from suspected malware sites.
Another issue is how the product is licensed. Although “free” for home use, the Microsoft Security Essentials license limits business use to installation on no more than 10 PCs. Admittedly there’s no actual enforcement of this limit, but if you have more than 10 users Microsoft will direct you towards its, far from free, System Center 2012 Endpoint Protection product instead.
Putting it to work
The user interface for Windows Security Essentials is deceptively simple with the current security status shown by colour coding of the display. Green is good—even when malware is detected, assuming it can be dealt with—while red indicates a possible malware infection requiring some kind of intervention.
Controls are minimal with the most obvious a large button then allows scans to be started manually. For the most part, however, the program looks after itself and requires little user interaction.
By default a basic (quick) scan is scheduled to run every Sunday at 2am, although this can be altered to suit. New updates, if available, are also downloaded before scheduled scans and, unless otherwise configured, processor usage limited to 50% to lessen the impact if the PC is being used.
Real-time protection is also turned on by default and system restore points can be created before anything is deleted. Alerts are issued when something suspicious is detected, added to which Security Essentials will, unless otherwise instructed, report back details of what’s happened to the Microsoft Automatic Protection System (MAPS) to help in the fight against future malware attacks.
Lastly it’s possible to specify particular files, types of files and background processes to exclude from scans, both to enhance performance and cope with applications erroneously identified as malware.
It all works pretty invisibly until something nasty is found, at which point you’re alerted straight away with, if you’ve chosen to quarantine suspect files, the option of seeing what’s been detected before deciding what to do about it. Choices here are deletion or, if you think it’s a false alarm, allowing the quarantined items to be restored to their original locations.
How good is it?
Testing anti-malware products is always problematic. We started out by downloading the standard Eicar test files which were swiftly detected and dealt with by the Microsoft software. We then tried more complex malware samples most of which were identified and blocked successfully, as was a real Trojan infection which occurred during our testing. One or two did get through the real-time defences, but were picked up later.
Elsewhere MSE does well in independent tests, regularly receiving VB100 awards in tests conducted by Virus Bulletin. That said, it is mostly out-performed by alternatives in independent evaluations, especially when it comes to cleaning up infections.
Other tests also echo our experiences with the product when it came to performance. On a new Windows 7 system a full scan took around 15 minutes and a quick scan less than two, but as the PC was used those times increased substantially. Indeed a full scan of a much used PC infected with a real virus took almost an hour!
You get what you pay for
Microsoft is the first to admit that Microsoft Security Essentials is more of a consumer than a business product. It’s not the most exhaustive solution when it comes to identifying malware but it does provide a good level of basic protection and is well worth installing. Especially given that users few bother to licence the anti-virus software bundled with new PCs once the free trial period has expired.
Business users on the other hand are likely to be hampered by the 10-user limit and the lack of central deployment, monitoring and management facilities so essential on larger networks. Those same organisations may also want the added protection offered by alternative products, with plenty to choose from, both free and paid for, from Microsoft and other, specialist security, vendors.