Microsoft Security Essentials (MSE) (previously codenamed Morro) is a free antivirus software created by Microsoft that provides protection against viruses, spyware, rootkits, and trojans for Windows XP, Vista, 7, 8x, and 10. MSE replaces Windows Live OneCare (a subscription antivirus service) and Windows Defender, which only protects users from adware and spyware. It is geared for home use and is similar to Windows Defender.
Symantec and McAfee, two competing antivirus vendors, responded by claiming that MSE is not comparable with their own offerings. AVG Technologies viewed MSE positively, stating it reinforced the company's ideal of free antivirus software. Reviews were mostly positive, citing its organized interface, low resource usage, and free cost.
Microsoft announced Morro on November 18, 2008. It marked a change in Microsoft's consumer antivirus marketing strategy. Instead of offering a subscription antivirus with a host of other tools—photo backup, and a firewall—Morro would be free for all genuine installations of Windows and simply offer protection against malware. Microsoft Forefront will be offered alongside Morro, with central management tools not present in Morro. A leak of version 1.0.2140.0 revealed the internal name of Morro was changed to Microsoft Security Essentials.
On June 23, 2009, Microsoft opened a public beta to 75,000 people in the United States, Israel, People's Republic of China and Brazil. At the time, Microsoft stated that MSE would be finalized and released before the end of 2009, in 20 markets and 10 languages.
On September 20, Microsoft e-mailed beta testers that the final version of the product "will be released to the public in the coming weeks." The final 1.0 build was released on September 29, 2009. Microsoft is specifically targeting computer users without credit cards, new hardware, and broadband Internet connections.
Hardware requirements are dependent on the operating system. For Windows XP, a processor speed of at least 500 MHz and 1 GB of RAM is required. Under Windows Vista and 7, a one gigahertz processor and 1 GB of RAM is required. Under any compatible operating system, a VGA screen of 800 × 600 or higher, 140 MB of free space, and an Internet connection are also required.
MSE is a basic security suite designed for consumers but based on the Forefront Client Security desktop agent, solely providing malware detection and removal, but lacking Forefront Client Security's centralized management features. It includes the same antimalware engine (dubbed "Microsoft Malware Protection Engine", or MSMPENG for short), and virus definitions that all other Microsoft desktop antimalware products share, including Forefront Client Security, Windows Live OneCare, and Windows Defender (Defender excludes the antivirus definitions which are separate from the antispyware definitions). Before installation, MSE checks for a validated copy of Windows. No registration or personal information is required. The program will disable Windows Defender, as it provides protection against malware, not limited to spyware and adware.
Updates are published three times a day to Microsoft Update. Using default settings, archived files are decompressed, and then scanned. File downloads and e-mail attachments are also scanned. Its Dynamic Signature Service attempts to better identify malicious files by checking for updates if an application exhibits suspicious behavior. Before taking action against a suspect file, MSE prompts for user input. If no response is received in ten minutes, then the suspected malware is handled according to its default action, letting MSE determine what to do with the malware. System Restore points are created before removing found malware.
After Microsoft publicly announced Morro on November 19, 2008, Symantec and McAfee shares fell 9.44 and 6.62 percent respectively. Microsoft shares also fell 6 percent. However, Microsoft claims Morro will not directly compete with other paid-for antivirus software; rather it was "focused on the 50 to 60 percent of PC users who don't have, or won't pay for, antivirus protection, antimalware protection," according to Amy Barzdukas.
Symantec, McAfee, and Kaspersky Lab representatives dismissed Morro as a competitor. Tom Powledge of Symantec claimed OneCare offered "substandard protection" and an "inferior user experience", implying Morro would be the same. McAfee stated "With OneCare's market share of less than 2%, we understand Microsoft's decision to shift attention to their core business." Justin Priestley of Kaspersky stated, "Microsoft continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically."
An AVG Technologies representative stated, "We view this as a positive step for the AV landscape. AVG has believed in the right to free antivirus software for the past eight years." Nevertheless, AVG raised the issue of distributing the software, "Microsoft will have to do more than simply make the product available." Bundling Morro with Windows would likely cause antitrust lawsuits.
After a Microsoft spokesman stated on June 10, 2009, that a beta version of Morro would soon be released, Microsoft shares were up 2.1 percent. Both Symantec and McAfee shares fell 0.5 percent and 1.3 percent respectively. Daniel Ives, an analyst with FBR Capital Markets, stated Morro would be a "long-term competitive threat", though near-term impact would be negligible.
Reviews of the public beta were mostly positive, citing its low resource usage, straightforward user interface, and price point. Brian Krebs of The Washington Post found MSE used 4 megabytes of RAM during testing, even during scans. A "quick scan" took about 10 minutes, and a "full scan" about 45 minutes on an installation of Windows 7.
PCWorld noted its "clear-cut" and "cleanly designed" tabbed user interface. At the top of the main tab, the security status is clearly shown. The other three tabs allow users to manually update MSE, review its history, and change program settings. However, PCWorld found some of the settings to be cryptic and confusing. Settings, such as what to do when malware is found, default to "Microsoft Security Essentials' recommended action". There is no explanation of the recommended action except for in the help file. The editor was also confused because MSE does not mention it automatically updates itself within the interface; some may believe they must manually update MSE through the "Update" tab.
PC Magazine cited MSE's small installation package (about 7 MB, depending on the operating system) and its speedy installation. On the downside, the full installation occupied about 110 MB of disk space, and the initial update took 5 to 15 minutes. The editor also noted the fact MSE sets Windows Update into its fully automatic mode, which automatically downloads and installs updates although it can then be turned off again through the control panel. Installation succeeded on 12 malware-infected systems. Some full scans took over an hour on infected systems; however, a scan on a clean system took 35 minutes.
During an on-demand scan, MSE found 89 percent of malware samples; but only 30 percent of commercial keyloggers. Those results were average, according to the editor. MSE found 67 percent of rootkits. The suite detected half of the editor's scareware samples. The suite's real-time protection found 83 percent of malware and blocked the majority of them. In this test, 40 percent of the commercial keyloggers were found. MSE found 78 percent of the rootkits. The editor expressed optimism MSE would improve during its beta testing period.
Impersonation by Malware
The popularity of the software has led to an appearance of malware abusing its name. In Feburary 2010, a rogue appeared as Security Essentials 2010 sans the resemblance to the real product and. This reappeared as "Microsoft Security Essentials 2011" minus the "Microsoft" on the name seen on the interface. A more dangerous rogue appeared in August 2010. This time it looks like the actual alert officially created by Microsoft and uses sophisticated social engineering to deceive users and download fictional anti-malwares that were never made by the company. Whenever a user tries to launch a program on it's blocklist, it will terminate 156 different apps and will display a popup indicating they have an "Unknown Win32/Trojan" on their computer.
12.http://www.microsoft.com/security_essentials/resources.aspx?mkt=en-us&s=1#mainNav 13.http://blogs.zdnet.com/Bott/?p=1067 14.http://news.cnet.com/8301-1009_3-10268040-83.html 15.http://www.crn.com/security/218101208;jsessionid=U4LHIAVV123U5QE1GHPCKH4ATMY32JVN 16.http://voices.washingtonpost.com/securityfix/2009/06/microsoft_debuts_free_antiviru.html 17.http://www.crn.com/security/212100928;jsessionid=U4LHIAVV123U5QE1GHPCKH4ATMY32JVN 18.http://news.cnet.com/8301-1009_3-10102376-83.html 19.http://news.cnet.com/8301-13860_3-10101652-56.html 20.http://www.guardian.co.uk/technology/blog/2009/jun/11/microsoft-morro-antivirus 21.http://www.pcmag.com/article2/0,2817,2348998,00.asp 22.http://www.pcworld.com/article/167249/microsoft_security_essentials_basic_automatic_protection.html 23.http://voices.washingtonpost.com/securityfix/2009/06/microsoft_debuts_free_antiviru.html