aSymmetrics

Size matters

With a download of only 4.8MB I was actually expecting a web installer (one which would download the rest of the software once running, much like DirectX's web installer and Windows Live setup), but it seems that pretty much everything is in it. Extracted there's no more than 13MB (x64 version) on your computer, really impressive for a piece of Microsoft software.

Edit (October 24): Could've known that it should be more, if only the definition files. The folder Microsoft\Microsoft Antimalware in the common profile directory (%allusersprofile%) contains of the definition update plus a backup of the previously downloaded definition files, totalling to a rough 93MB. The (textfile) logs have grown to about 9MB in less than a month.

Update (November 9): Quite remarkable: MS Security Essentials has already taken a steady lead in a poll held by Lifehacker on the five best antivirus applications.

 

Installation process

You are required to have a activated/genuine Windows version installed (this will be checked prior to installation). The installer also recommends to remove any other malware protection suites, good call, because running two of these buggers might well render your system unusably slow, not to mention the two programs clashing every time when on-access protection is enabled in both.

SetupThe online update did take some time, and I don't have the slightest idea where the definition files went (my bad, I'll check it out later).
 
 

On-deman scan

In the initial on-demand scan nothing was found: only the system partition is checked I'm sure. I saw it scan through some tarballs and UPX-compressed executables, so archive scanning is pretty much covered I guess. Already identified and hence renamed files by other virusscanner (Avira command-line), like .Vxe (from .exe) were evaluated as well, so the on-demand scanner is probably not restricted by file extensions. From the Spartan user interface one cannot really gain too much information about this, which brings me to the user interface.
 
 

Invasiveness

Main WindowApart from a single context menu item is added for files and folders and a systray icon, I recon you won't see much of the program during normal use. As said, the main window has a Spartan look. Analogously, the set of options is minimal, which doesn't have to be a bad thing at all, as long as it doesn't stem from a philosophy like 'security though obscurity'.

I didn't like the setup of the threat alert window, as it shows a list with merely colums for description, alert level, recommended action and status (whatever that status might indicate is unclear to me). How about another column to directly see the file in question? Further descriptions of the items are very general and do not exactly contribute to clarity of what you're actually dealing with. An online database with more specific information about the possible threat, as more and more antivirus companies have set up, is available but is in most cases (I have seen) no more than a 'thesaurus' at best, so that one can look up more information about the threats through a manual search for the names given to them by other antivirus companies (aliases). For example, when looking up the IP scanner item, the only information it gave was "Aliases: not-a-virus:NetTool.Win32.Portscan.c (Kaspersky); Win32/NetTool.Portscan.C (ESET); PortScan-Angry (McAfee)". Furthermore, you have to specify the desired action in the column 'Recommendation', which isn't that intuitive I'd say...

Threats Detected
Medium level security threats identified on my system were things like an IP scanner and remote access software such as UltraVNC. Of course the occasional key generator (oops) was seen as a backdoor.

Another not-so-nice experience I had was that while writing this review the 'Potential Threats' window suddenly got refreshed and then failed to show the previously indicated high-level threats: they were quarantined automatically, even though the default settings are merely to recommend an action! What's more, all the actions I specified in the previous window (allow, allow, allow...) were reset: imagine what extra work it would cost if the list was some 100 items long (which can easily happen with those false positives).
 
 

Intuitiveness

Threats SummaryGetting these files back was also a bit counter-intuitive. When you go to the History tab, with the radio button "All detected items" active, no action can be taken at all, apart from viewing the insignificant information from the 'Possible threats' dialog mentioned earlier. As soon as you activate the "Quarantined items" radio button, checkboxes appear in front of the items allowing recovery or permanent removal. Overall I can say I'm quite confident that nobody will really experience this as a typical Microsoft application, especially because of its user interface. I would have liked if Microsoft had chosen to use a Management Console window (as is used for Services, Task Scheduler, Event Viewer etc.), but I guess some people have grown used to this kind of GUI through that vague "Windows Defender" thingy.
 
 

Target group

Overall I'm not really convinced that Microsoft will get a large share of the malware protection market through introducing this piece of software, but there is of course the big difference that this product is free for both personal and commercial use, unlike most other free antivirus suites. It might not come with a firewall, but for businesses this is rarely a problem, as most set up their own firewall and/or proxy server.

Update
As Microsoft has unique insights in its own OS, it might be that speed optimization is best in this suite. This is only speculation, and I sure did experience some delays already. I'm sure some tests will show up soon about this.
 
 

Detection ratio

I just found a Dutch article with some reactions to the product by other antivirus software companies ("not impressed", "even less than OneCare", "they needed another year for this?", "no competition at all", "good of Microsoft to focus on developing countries" etc.), but the tests done by AV-Test.org, one consisting of 3732 malware items (100% score) and one of 545,000 (98.44%) seem to be really positive. A possible downside to the product is that it does not include a heuristics engine (but this in most cases also means less false positives and less system resources).
 
 

Resources

Furthermore, this focus on developing markets, hence older computer systems, has shifted focus primarily to keeping the system load as low as possible, next to being a free product of course. Perhaps it is to outclass Avira in this, further tests will probably give some insights in this. The Task Manager shows two processes concerning MSE, taking up 59.352KB (MsMpEng.exe) and 4.776.KB (msseces.exe), which is pretty much, especially considering the high hopes given by a mere 13MB in the installation folder. But of course what really matters in the resources used is the additional processor and harddisk usage.

More specifically, concerning the above 2 processes, "Msseces.exe is the front-end GUI of MSE(Microsoft Security Essentials). (...) MsMpEng.exe is the back-end of MSE (Microsoft Security Essentials). It is important to remember that this process is actually used by both Windows Defender and MSE. When you install MSE, then Windows Defender is automatically turned off and MSE uses this process." (source).
 
 

Issues

RejZoR describes two issues he has found in Security Essentials, both of them of significance: first, update checks are only performed every 24 hours, which - with the current dynamics of the malware scene - practically leaves huge gaps between optimum protection.

And it gets even worse. Although I did experience it myself already (but I thought it was due to my crazy proxyish solution I currently have), now the German renowned magazine C't confirms it: MSE sometimes refuses to download updates, for up to 7 days, even though new updated definition files are available. Bad stuff, very bad.
Source: http://www.heise.de/security/meldung/Microsofts-Antiviren-Software-verschlaeft-Updates-837599.html (English translation)

Update (November 11): Thanks to a command-line tool that comes with MSE, you can take matters into your own hands and force a daily update (or multiple times a day). Just use the Windows Task Scheduler. Read how to set up automatic MSE signature updates.

Update (November 17): AddictiveTips.com just released a tool to solve this update problem, especially when one has chosen to disable Windows Update (normally needed to retrieve MSE updates). Grab MSE Update Utility here.

Secondly, the program scans within archives on-access, which gives a huge overhead. However, one seems to be able to untick the option in the advanced settings dialog. RejZoR however argues that this option only applies to the on-demand scanner, while unticking it will NOT disable archive scanning for on-access protection.

Source: http://my.opera.com/rejzor/blog/microsoft-security-essentials-problems-and-what-has-to-be-fixed
 
 

Conclusion

The virus world has a new competitor, and given it's Microsoft's, hence will at least appear to be popular in the eyes of many within little time, I just wonder how long it will take until viruses will render this piece of software null and void... For now, we have the obvious malware showing up that pretends to be the Security Essentials software. Before you walk into such a trap yourself, here's the official link to download the it: http://www.microsoft.com/security_essentials/

If anything, I do encourage you to try this piece of software, if only for a couple of weeks, because even though at first the user interface doesn't seem to really make sense, you'll find out you just don't need it. Lately, most antivirus software producers got the hang of this 'users don't need to be bothered with any info until there's actually a virus', Microsoft does implement this philosophy quite nicely. There's no need - nor the availability - to configure the software to your needs, it feels quite light/not so resource-thirsty, and is completely free.

HistorySettingsSpyNet