In the two years since its 2009 launch, free malware protection tool Microsoft Security Essentials (MSE) has become the world’s second most popular security package – a big change for a company regularly criticised for how it managed Windows’ security.
While much of that may be down to the cost, compared with much of its competition, it’s also a well-designed anti-malware tool with both antivirus and anti-malware capabilities.
Available for Windows XP (Service Pack 2 and higher), Windows Vista and Windows 7, and in both 32- and 64-bit form, Microsoft Security Essentials is part of the Genuine Windows programme, and can only be used on consumer PCs.
Small businesses do have an exemption, and can run it on up to 10 machines; any more than that and you need to use Microsoft’s Forefront Endpoint Protection tools. It’s a small download, the latest beta version is 9MB for 32-bit machines, and 11MB for 64-bit.
Microsoft has done its best to keep MSE unobtrusive. There’s no obvious slowdown when it runs, and all you see is a tiny task bar icon that shows whether your PC is protected or not. Right-click to launch a configurations tool and to run scans – with a choice of quick, full or custom.
Installation is quick and easy, with MSE replacing Windows’ built-in anti-spyware Microsoft Windows Defender. Once installed it downloads an updated set of malware definitions from Microsoft’s update servers and scans your PC, before starting up real-time protection.
That first scan is relatively quick, and took less than five minutes on our test laptop. A small icon in the task bar is the only sign that MSE is installed and running, and it changes colour depending on the risk to your PC.
Green is, of course, good and yellow means that it’s time to run a scan.
MSE will automatically run a quick scan once a week, although we’d recommend changing the default 2am on Sunday to a time when your PC is likely to be turned on. You can limit the amount of CPU that MSE will use for a scan (the default is 50%), and you can also make sure it won’t scan if you’re using your PC. We’d recommend leaving real-time protection on – it won’t use too much power or add significant latency to downloads, and will reduce the risk of downloading malware inadvertently.
Other tools built into MSE let you tune it to exclude specific files and locations from scanning, as well as specific file types and even specific processes. You’re better off not changing these configurations, since it’s impossible to predict how malware may disguise itself or what zero-day attacks they might use. A custom scan will check specific files, folders, or drives, while a full scan will check everything on your PC. We’d suggest sticking with quick scans for everyday operation, which look for common malware and check system files.
The advanced options in MSE’s Settings tab enable you to include removable drives in scans, to protect flash drives as well as your system disks. You can turn off archive scanning (although we’d recommend leaving it on, since it’s able to detect malware wrapped in several layers of zip compression). Other options enable you to set system restore points automatically before making system changes, including deleting, running or quarantining detected malware.
You’re also able to set how long MSE will keep quarantined files before automatically deleting them. Use the History tab to see and remove quarantined malware, with links to online information about the malware so you can decide whether to delete a file or not.
So how can Microsoft give a tool like this away for free? While it doesn’t advertise it, MSE is part of Microsoft’s Forefront suite of security tools, based on the Forefront Endpoint Protection client used on enterprise desktops. When MSE detects malware it reports back to Microsoft, giving the company a wider view of the security landscape than it would get from just its enterprise security software. With millions of free copies of MSE, Microsoft’s paying customers get a more responsive and more secure set of tools, and we all get better security.
The reporting system Microsoft uses is its Active Protection Service (previously known as SpyNet). You can choose whether to be part of it, but if you don’t, you won’t get full protection from MSE, since it won’t detect and alert you if unknown software has been download or is being run.
Basic membership gives you additional protection in return for sending Microsoft details of downloaded and detected software, while Advanced membership sends more details, including how the software runs, what filenames it uses and where it installs.
The process should be anonymous, but there is a slim possibility that personal information could accidentally be sent back as part of reporting malware behaviour – something to consider when signing up for the Active Protection Service.