Has Microsoft shot itself in the foot with Security Essentials?
Posted on 4 Feb 2010 at 11:11
Davey Winder explains why he thinks Security Essentials could fail, despite being a decent product
Back in 2007, Microsoft was humiliated when its Live OneCare antivirus product failed to pass VB100 certification, spawning jokes about “OneCare” being an apt name if pronounced with a strong French accent.
However, the security world changes fast, so when AV-Comparatives published its tests a few months later, OneCare performed better than Kaspersky Anti-Virus 6.02 and AVG Anti Malware 7.5 (not that an 18% detection rate was anything to boast about). In 2009, Microsoft ditched OneCare and replaced it with a free, totally revamped offering: Microsoft Security Essentials.
“Free” and “revamped” are both important here: free is important because anything that gets some kind of security onto more PCs has to be a good thing. I know there have been free AV offerings around for years, and that some of them are actually quite good, but I’m not your Man on the Clapham Omnibus, and average Windows users are far more likely to install a freebie from Microsoft than hunt down a third-party application.
Indeed, part of the rationale for launching Security Essentials was to mitigate the current malware epidemic by getting protection to those who need it most – people in developing countries; people on low incomes; people who might otherwise be tempted to click on a rogueware pop-up for a free online scan.
If this were merely a “stripped-down OneCare”, as some security folk have suggested, it would all be for nothing
All of which makes the “revamped” bit more important because if this were merely a “stripped-down OneCare”, as some security folk have suggested, it would all be for nothing. It’s been suggested by those who probably know better that Security Essentials is OneCare rebranded, and it uses exactly the same core engine – no different and no better.
My main concern isn’t that this is a bad piece of security software, since my testing so far suggests that it’s actually pretty similar in performance to the other free offerings. The simplicity of the product is refreshing and helps it to remain unobtrusive, both as far as system resources and user attention are concerned. Sure, it lacks the bells and whistles of fully fledged commercial suites, but the basic detection methodology it employs is solid enough.
The engine that powers Security Essentials isn’t brand-new – which would require years of real-world testing to mature – but rather one that’s been field-tested already in Microsoft’s enterprise-level Forefront product, which has been receiving decent reviews and has achieved ten VB100 passes. I’m concerned that it lacks basic email AV functionality, less so by its lack of a firewall since the Windows built-in firewall is adequate for average users (especially the new and improved one in Windows 7).
I tested Security Essentials against my private malware zoo of some 1,000 examples captured from the wild, and it detected every single one and blocked them all. I understand that AV-Test.org has undertaken similar tests with a WildList zoo of 3,732 malware samples, and again, Security Essentials found and blocked them all. On an XP machine using a full zoo of more than half a million samples it manages a detection rate of 98.44% with no false-positives, which isn’t to be sniffed at.
Spyware testing was less impressive with a 90.95% success rate, but what really let down Security Essentials is its inability to dynamically detect newly released threats. AV-Test.org admits that the same applies to most antivirus-only products, most of which lack the heuristic detection mechanism you get in full-blown security suites. Security Essentials has a relatively small memory footprint, consumes few system resources, and is pretty much silent in day-to-day operation.
One care sounds like a shampoo product
interesting analysis. We all tend to take AV effectiveness at face value and blind faith-until the inevitable happens. How many users have actually tested the responsiveness of their AV?
Microsoft and security don't seem very compatible at the moment, with the holes in their browsers, how can we be sure this is a viable product?
I followed your example and sampled the Anti virus and malware test files at http://www.eicar.org/anti_virus_test_file.htm . I am running the so called mediocre AVG 8.5+ firewall.+google chrome. As it says on the site "Good scanners will detect the 'virus' in the single zip ARCHIVE and may be even in the double zip ARCHIVE. Once detected the scanner might not allow you any access to the file(s) any more"
I was pleased that AVG resident shield picked up all the tests.
By blackcat on 4 Feb 2010
Installed And Using
Installed this on my mother's Laptop she bought, works well and for basic facebook and genral net surfing I do not see a point in buying a subscription to comercial AV software.
By Deathtaker27 on 4 Feb 2010
Are you Serious???
Are you serious about commercial products not being effected?
Take a look at your local high-street to see the massive discounts that companies such as Symantec are offering on their products.
By 00lissauers on 4 Feb 2010
"Microsoft and security don't seem very compatible at the moment, with the holes in their browsers, how can we be sure this is a viable product?"
Well you could try reading the article, DW found it to be pretty effective.
I'm considering moving over to it. I have used AVG for ages but version 9 has an annoying habit of continually accessing the hard disk - this is on my XP machine. For now, I've stopped it by renaming the offending component, but its hardly ideal.
By rjp2000 on 5 Feb 2010
I have read the DW article thoroughly and followed the previous articles on One Care and the Morro developments with interest. It seems pretty effective but only as a’ lightweight security ’ application for users in developing countries with pirated computers or people on low incomes who cannot afford the subscription of an recognized robust AV. DW states that he won’t be abandoning his current AV suite any time soon for MIS – I wonder why?
Big Bruv at Redmond will be watching you as can't opt out of contributing to the SpyNet cloud-based service that compares file behaviors across computers running various Microsoft operating systems. It has abandoned the additional firewall, performance tuning and backup and restore options in order to make the product Freebie and get foothold in the competitive AV market.
By blackcat on 5 Feb 2010
I have incorrectly stated in a previous thread that MIS aim is for 'pirated copies' of windows in the developing world. Obviously this is impossibility as pirated copies would not be allowed to install it. I should have written ‘Microsoft altruism to provide a minimum level of security for users with genuine copies of windows in developing countries’
But then again- since when has validation stopped pirated software users' getting around’ WGA. So unintentionally Microsoft may be providing a free service to pirate users.
By blackcat on 5 Feb 2010
who cares about people with pirated copies of windows? It's hardly microsoft's job to consider people who are breaking the law. I'm as liberal as the next person but that's a farcical comment.
Also all this stuff about people not seeking out a free antivirus. don't be so patronising. you guys recommend avira personal till you're blue in the face, so stick to your guns. It's not rocket science is it? If you can install iTunes you can install this for goodness's sake.
Plus 20 seconds on google will yield up simple guides to killing the splash screen and nag screen - which is where the family computer guy comes in.
By gavmeister on 8 Feb 2010
MS don't care about pirate windows
Do we really think MS care about pirate windows in developing/undeveloped economies. If they did they would be handing over the market to linux!
Once the market has developed and become dependant upon windows, then they will start charging. Remember the 90's?
By darkhairedlord on 9 Feb 2010
Small Business Loves Free Antivirus
The amount of businesses that use the free av products from one user and up, licenced or not seems prevalent in our area. There seems little regard to how good or legal it is just because it is free.
By DigitalM on 29 Apr 2010
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
- Yes, I write down my passwords
- How to make money from apps
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Dell profits slide 79% amid buyout talks
- Forget cloud subscriptions: users prefer standard licences
- McAfee: cloud storage could help spread viruses
- Analysts question Windows 8 as UK PC shipments slump
- Google pools storage across Gmail and Drive
- Ofcom accused of killing off VoIP competition
- ShoreTel dock turns iPhones and iPads into desk phones
- Bill Gates says iPad users "frustrated"
- Intel Silvermont promises three-fold boost for tablets
- Customers fume as BT introduces IP sharing