Microsoft Security Essentials Beta Review

I’ve been poking around in the beta of Security Essentials,  Microsoft’s forthcoming free anti-virus solution, for a couple days, trying to find something interesting to say about the product.

Code-named Morro in 2008 and finally released as Security Essentials (although it is not yet available to U.K. users), the product seems unexceptional in the best sense of the term: It installs and uninstalls easily (provided Windows is genuine); its scan rules are fairly configurable; and scans use a noticeable but not overwhelming amount of system resources on modern PCs. In short, it works but won’t blow your mind.

In fact, there are only really two interesting things about the product but they are worth contemplating for a moment. First, of course, is the price; free does tend to grab your attention. Second, is that Security Essentials scored surprisingly well on early wild list tests, finding absolutely everything thrown at it. And this achievement is not commonly reached by any commercially available security solutions.

Third-party software companies with competing solutions seem to be in two minds about Security Essentials. They scoff at the limited scope of Microsoft’s product, which focuses on signature-based detections (along with some root kit defences) instead of more modern heuristic or behavioural approaches, or more recent browser-based defences against Web threats. But undoubtedly, these companies will also keep an eye on how Security Essentials performs in the marketplace upon its release due to antitrust implications.

Just an Upgrade for Windows?

I don’t think Security Essentials should be viewed as an attempt by Microsoft to corner the anti-malware market. Instead, the product should be viewed as Microsoft’s attempt to raise the lowest rung of the Windows security ladder, effectively elevating the absolute minimum level of security users should expect to get from their systems.

For some time now, Microsoft has explicitly acknowledged that out-of-the-box Windows is not secure, at least the way the bulk of the user base practices computing. This has been true ever since the company released Windows XP Service Pack 2 and the Windows Security Centre – (that little warning on a fresh installation that, among other things, decries the system’s lack of anti-virus protection). In the years since, as new operating systems have come along, Microsoft has done a lot of work to shore up the security of its operating system, with User Access Controls, Data Execution Prevention, improved firewall and so on.

However, the company has made much less headway with regard to how, in reality, many users manage their PCs; i.e that new security is often disabled to foster easier day-to-day management or backward application compatibility.

Microsoft needs a way to protect this recalcitrant segment of its user population with a tool set that is familiar and acceptable; signature-based scans. But for Security Essentials to provide this elevation of the lowest common denominator, the product needs to be installed on every copy of Windows.

I have my doubts that Microsoft will ever pull the trigger and include Security Essentials in a base OS or a service pack update for fear of the backlash. But I certainly see the product appearing in Microsoft Update as an option once it is a little more battle-tested, then eventually morphing into a critical update within a year or so of release. Of course, all of this depends on Microsoft making a concerted effort to ensure its solution gets along well with others.