Microsoft Security Essentials?

Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare.

The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If you already have antivirus software installed you probably don’t need this service.” That doesn’t sound much like an essential to me!

The other amusing aspect is that the name is “Microsoft Security Essentials” which is plural. Anti-virus is only one aspect of security.

All jokes about the name aside, Microsoft hopes that their free solution will get people who currently do not use antivirus software to install the Microsoft offering. Given the numerous choices for free antivirus software out there, I do not see how this will be effective, but more power to Microsoft for trying.

I addressed the potential impact of Microsoft entering the antivirus industry at the Virus Bulletin conference back in 2006. Back then I predicted that this would have little impact on the market and it has had little impact, except for pricing. OneCare introduced a 3 PC pricing model that some other vendors have followed. OneCare was almost free and I don’t see a free offering changing the landscape much.

I am reminded of an ad I once saw for Shoei motorcycle helmets. The ad said “If you have a $10 head wear a $10 helmet.”

At ESET we are confident that an abundance of consumers will continue to choose a quality product based upon the track record, performance, effectiveness, and support, rather than simply choosing what is free.

The word “Microsoft” makes this a news story, not much else does though.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Alex

    Hi there
    I will agree and disagree with you.
    First, Morro is not free. To use it, you need to buy OS first. So MS customers just received more for their money, what can be better?
    Second, Morro is a low-end product. So it is not intended to compete with full-scale commercial security suites. I’m not comparing the speeds of sportcar and bike due to fact they both have wheels. Each one have it’s use, and suits best for it.
    And third, I (as an experienced user) will not replace my current AV to this new MS product. I personally don’t have enough trust in beta version of first MS maybe-good security solution. But new users now have more options to choose, and Morro will be a good product to start from.

    Good luck,
    Alex.

  • binyo66

    AFAIK, Microsoft had entered the AntiVirus industry back in DOS era (it was called MSAV). MS just re-entered it.

  • Dave Brant

    I use Eset NOD32 AV protection and will continue to do so. However, for my dad who refuses to buy software (he uses only free apps), this is a good thing, since right now he doesn’t have an AV application installed.

    • http://www.smallblue-greenworld.co.uk David Harley

      Fair enough. From that point of view, it’s a good, responsible act for any vendor to supply a free product for the use of people who wouldn’t actually pay for one. (This is one of the reasons we provide a free web-based service.) As long as he doesn’t expect more from the product than it’s actually likely to deliver.

  • Randy Abrams

    I’m not sure why your dad would use Microsoft Antivirus if he isn’t using AVG, Avast, or Avira, which are all good products too and are also free.

  • R

    AV-Test: Windows Security Essentials ‘Very Good’
    Though I have not been directly involved with Morro (or any other anti-malware products), I am excited to see Morro (Microsoft Security Essentials, http://www.microsoft.com/security_essentials/) reach the next stage of development by releasing as a Beta package.

    I personally think that Microsoft Security Essentials is a significant step forward in helping make the Internet a safer and more trusted experience for the average user. That may seem strange, given how long the industry has been around and given that there are already several free antivirus solutions available, for those that have even a slight technical interest in finding them.

    I’ve shared my experience and opinion in the past about how the business anti-malware industry drives vendors to optimize towards businesses and away from consumers, so I won’t dig into that, but I do think there are some key points worth reviewing.

    1. Barriers exist for “home user” protection. Unfortunately, many barriers to quality PC protection remain for consumers, both in mature and emerging markets where many threats originate. If you are the “free IT support” for your family and friends, then you already know what I’m talking about.

    My Mom’s PC came bundled with trial security bundle where different components were fully enabled for some months, while other protections were partially enabled and yet other components required an upgrade to be enabled. Bottom line? Customers are confused by trials and annual subscription renewals, in many cases believing their PCs are covered when in fact their subscriptions have expired and they are not protected.

    And also, let’s be frank, certain members of my family are just never going to pull the trigger on some of the online subscriptions that are available, even if they could figure out which ones are legitimate and which ones are actually disguised malware or unwanted software. And upgrades or updates? Please.

    2. Threats continue to grow and evolve. E-mail threats continue to grow and evolved and since many of these are now blended threats involving web sites and some aspects of social engineering, they are even becoming more platform agnostic. By some measures, over 97% of e-mail messages sent over the Internet fall into the “unwanted” and unsolicited category.

    Of course, since my Mom and yours are more aware of security issues than they were 10 years ago, malware developers have begun heavily leveraging “fake security software” and social techniques to target consumers and get them to voluntarily deploy their unwanted software. By providing an easy to find, easy to deploy solution from a known brand like Microsoft, Microsoft Security Essentials can help provide some basic, well, essentials to help fight this issue.

    3. Too Many Users Need More Protection. Ultimately, the evolution of threats and the barriers for home users combine to create a situation where many users need more protection. This is not just a threat to those users, but represents a threat to the broader ecosystem when these systems are at risk of catching and spreading malware.

    Key Principles
    I’ve talked with the product teams about their driving principles and I think they are spot on for what home users need:

    Essential Features that are necessary to enable a safer and more trusted Internet experience.
    Real-time and scan detection and cleaning
    Live Kernel Behavior monitoring (leveraging technology acquired from Komoku)
    Improved anti-stealth functionality – (‘rootkit revealer’ style scanning)
    Rootkit removal
    Standalone boot scanning (boot to a preinstall environment to scan while completely inactive)
    Frequent Dynamic Signature updates
    Dynamic update capability (no wait for next “full signature” release)
    Heuristics with pre-execution program emulation
    Ability to quickly address false positives with the dynamic update capability
    Easy to Get, Easy to Use
    Will be easy to find from a trusted location on microsoft.com
    No cost, not trials or expirations
    Smart default configurations including a dark hours update schedule
    Daily updates
    Quiet Protection
    Lightweight design, tuned for performance
    CPU throtting
    Fewer interruptions – no “information only” UI, only when action is needed
    Deep and Broad Research Team
    Led by Vinny Gullotto (long time personal colleague back to our days at McAfee)
    One of the best, most experienced anti-malware research teams in the industry, built up by Vinny over the past few years. Truly, though Microsoft has been in this space a short while, the team members that Vinny has assembled have been helping make the Internet safer for pretty much forever.
    Final Comments
    Let me emphasize that this is just a Beta, so hopefully there will be warts. Yes, I say hopefully, because the purpose of a Beta is to get a lot of folks engaged to find those warts and report them so that they can be fixed before the product is released. Having said that, my next step is to install Morro on my home computers tonight and see if I can talk my Mom through installing it on her home machine 2000 miles away. Those two experiences should give me some great feedback that I can feed to the Microsoft Security Essentials team to help improve the Beta for final release. I’ll likely share those experiences with you here on the blog.

    I also ask you to try it out and share your thoughts and feedback with me. I have a fair amount of product management experience and I’m happy to distill your various feedback down into some core requirements and then deliver it directly to the product team.

    This is that latest in a series of steps over several years that I think is helping make tangible progress for making the Internet safer and more trusted for many users:

    Lots of security improvements in Windows XP SP2. Remember the days before pop-up protection was introduced into IE6 in XP SP2? Remember when you kept the personal firewall turned off?
    Windows Defender. Breaking ground for Essentials, Defender helped raise the bar even it it’s Beta stage.
    Defense-in-depth security features in Windows Vista and the upcoming Windows7. Say what you want about Windows, security researchers and data are showing that it raised the security bar.

  • Jack Wang

    If downplaying is Eset’s only strategy, I think it shows that ESET is not taking competition seriously, or simply trying to feel good in its niche. I do think ESET NOD is a good product, but it’s also a premium product with no “free” version. The last time I wanted to get a full version once my trial expired, I also found out it too expensive, so I switched to Avira free. Maybe it’s time ESET start charging less so it may be a viable “upgrade” from Microsoft Security Essentials, esp. in the day and age of “Freemium”.

    As much as one likes to make fun of Microsoft, one can learn from Microsoft itself, whose Office 2007 was released in a more affordable Home and Student version to compete against OpenOffice.org.

    • http://www.smallblue-greenworld.co.uk David Harley

      Actually, like many vendors, we have a free web-hosted scanner (ours is at http://www.eset.com/onlinescan/) and free trial versions (at http://www.eset.com/download/index.php). Personally, I’ve no problem with vendors who provide free versions for home users, as long as those users realize that what they’re using is unlikely to have all the features of the for-fee version by the same vendor, and will not be fully supported.

      Clearly, a limited but free version is a viable marketing strategy that gives users who aren’t prepared to pay for full-strength product more security than they would have otherwise.

      Clearly, it’s also possible to learn from Microsoft: Adobe clearly have. :) However, Microsoft’s position is rather different to ours: security software is a pretty small component of their product range. Actually, I think there’s a bit more to their long-term strategy than has been evidenced so far, but I’m not prepared to downplay that -or- panic over it.

  • http://vomitcomet.blogspot.com Steve

    Free products are great for the cheap or for people who legitimately can’t pay, but to me, Nod32 has been worth every penny I’ve paid for it in the last few years. I’ll be renewing for another 2 years very soon, and I’m happy to do it. I’ve used a few different AV products over the years, and this one is by far the best, nothing else even comes close.

  • http://www.eset.com/threat-center/blog David Harley

    Thanks, Steve. I don’t often approve comments that say how good we are: not because it isn’t true (;-)), but because it’s hard to convince some people that we don’t write those comments ourselves. But in the context of this thread, I think you make a good general point. When you use a good free anti-virus package, you certainly get more than you pay for. But in general, you’ll get more features and support from a for-fee product.

  • Jimmy

    I am using NOD Smart Sec. latest version and yes it is doing very very well 4 me, but honestly I’ve been hearing a lot about MSE.

    I have friends who r using it, i live in Egypt and i bye all genuine, i’ve been following u around a little David, u r honest and not raciest :P so why shouldn’t i use it and it is for free and can catch Trojans Nod can’t?

  • http://www.eset.com/threat-center/blog/ David Harley

    Hi, Jimmy. I’d like to think that I’m honest and not racist, and no-one has ever accused me of being racy. :)

    I’m not saying that you shouldn’t use MSE, if it meets your needs (and assuming you meet the criteria, of course: there are usually restrictions on who is allowed to use free products – I can’t say anything about the MSE beta, since it wasn’t made available to people in the UK). I would hope that you’d get more comprehensive protection from a paid-for product like ESET Smart Security, but I wouldn’t presume to decide for you whether the cost outweighs the benefits.

    As for catching Trojans, I think you’ll probably find that all products detect some malicious programs and miss others. I don’t think you should expect AV to catch all malware, however much you pay for it. When you pay for a product, you’re paying for good but not infallible detection, which you will also get from a good free product (I’m not talking here about the not-so-good free products, let alone rogue anti-malware products). But what you’re less likely to get from a free product is multiple layers of protection, and active support.

  • brad

    security essentials is really great i think the anti virus industry’s are being unreasonable they say we need web protection and a fire wall well we do but the browsers like fire fox ie8 protect us from those sites 99% of the time!!!! and yes we do need a fire wall but we can get a free fire wall from comodo its the best fire wall there is and its free! so you know what i don’t want to here any body talking bad and ripping Microsoft apart. it only makes the people look bad that do it. and norton is losing money! badly there offering free movie tickets with the buying of there product.

  • brad

    i love free products like avira i really don’t like avg it dose not give rootkit protection also security essentials has detected all 3200 threats on PC world. and with a zero false positive rate that’s really good for a beta i think security companies are in for a real challenge. Norton i think is hurting because there giveing free movie tickets with the buying of there product. i think eset is really good and they can pull it off but security essentials is hard to beat. with a zero false positive rate.
    http://www.pcworld.com/article/167325/microsoft_security_essentials_the_first_test_results_are_in.html

  • Jake

    What about running MSE alongside NOD32 4? I’d love to have multiple scan engines on the desktop, assuming they’ll play nice.

  • Vic

    “Given the numerous choices for free antivirus software out there, I do not see how this will be effective, but more power to Microsoft for trying.”

    I’d say this is completely incorrect, given that most PC users aren’t that tech-savvy and won’t go out to find their own anti-virus programs unless their Windows Update tells them to download something.

    I, personally, would not switch away from NOD32, as I believe it’s the best anti-virus program out there, but a free version from Microsoft that is available straight from a notification of Windows Update will help a lot of PC users.

  • DaE

    Well, I think MSSE is a very good software as I had use it before (currently using Eset Smart Security 4). It detects viruses and thrests i purposely downloaded from the internet. But I go back to ESET because of the startup time. MSSE starts up a bit (really a bit) slower than ESET. However, believe me, ESET and MSSE have no difference (for me) in performance. I had use many types of security software, to name A FEW: Kaspersky Internet Security, AVG Internet Security, ZoneAlarm, Vipre, F-Secure, Twister antivirus, Avira, Ad-Aware, Panda. I think the best is Eset but MSSE is still in my consideration.

  • Andre Hildinger

    I had NOD32 for a while and I convinced my boss to buy for the company I work.
    At first it was very good. NOD could remove conficker from our network withour problems.
    But since some MONTHS ago we got another virus (and we knew we had it) and NOD couldn't remove it…
    So after those months, NOD still couldn't remove it.
    My colleague then tried to use Security Essential… and… Voilà!
    Security Essentials removed it and found that conficker was not completely removed from the system…
     
    So be careful with your words.
     
    After this fact I was unhappy with NOD, but after I read this, I got even unhappier, since you are criticising something that is probably better than your product and it's free.

    • Randy Abrams

      Actually, I didn’t criticize Microsoft at all. read the post again and you will see that I said nothing critical of Microsoft. If there is any specific point you take exception with then let me know. As for MSE removing something that NOD32 didn’t, it is very common with all products that they will detect and or remove something another does not. One or two or 20 samples is not nearly enough to draw conclusions as to the comparative overall effectiveness of any AV product.

  • Dragos Enculescu

    I had a bad situation. At the beginning of the year, after the holidays, it was a virus in company. All the PCs are protected by NOD AV Business Edition, which says that all are OK. The virus was 100% present, because the company IP was almost in all the black lists. All mails send by workers were returned with well-known message “550 rejected …”.
    So, like Andre Hildinger says, not all that like fine is also wonderful.

  • neighborlee

    ” All jokes about the name aside, Microsoft hopes that their free solution will get people who currently do not use antivirus software to install the Microsoft offering. ”

    ^ Really ?; If that is their true goal, they need to go back to the drawing board , and here is why: ;

    I ‘ve tried to get help from Microsoft for three days now, all culminating this morning in the direction of supposedly needing to download some antivirus scan tool called vipre .

    I’ve used various free antivirus offerings because well I have generally felt they were adequate. I decided after going through varius headaches with uninstall problems, that I would give MSE a try given well, that its from the ‘big M!’.

    Boy was I wrong it would seem, as though a one hour session with a lovely indian speaking individual yielded both frustration ( that thick accent of theirs, hampered by a imperfect english grammar usage !) whereby he was unable to fix it so MSE would install, and on top of that this morning I get a call saying that the tech rep would not be able to call me ( 7:30 am mind you ) because their lines were broken ???

    I thought , ok sure she spoke well but again,- very hard to understand her sometimes and Im almost sure we had a communication problem, but no problem here as I was called back at appointed time by escalated rep .

    He, in his slightly arrogant tone ( indian rep again ) told me that while other virus programs ( in this case antiVIR free version ) were easily able to install on my computer, came with high ratings from various view sites and updates upon installation and found I had no virus’s,- that dont you know its all about ‘virus definitions’ leading to MSE’s inability to be able to just simply install.

    If MSE is SO SURE it can’t install, then why can’t it just tell me why, and on top of that why isn’t there a log file indicating the exact directory &/or file where I need to look to find the problem, so that I can then install.

    Now Im told I need to run a safe scan using VIPRE, which btw might take 4-6 hours. Am I to believe this is really necessary or just a waste of time .

    I dont recall the website, but I’m almost sure that a Micrsoft forum post made it clear that since onecare ( which yes no longer exists as it were) has no 64bit scanning app that I should use ESET,- which I did and it found no infection at all; yet Im supposed to run a VIPRE scan that might take 4-6 hours as its done in safe mode blah.

    I and my friend , for these reasons and others ( Why can’t Microsoft just get rid of the clearly imperfect registry?) are going to, as soon as we humanly can, switch to MacOSX and never look back, and cross our fingers that experience is better. At least theoretically we wont ever again have to worry about Anti-virus programs and the headaches associated with them .

    I remember a day when I could call tech support and get someone who spoke perfect english without a heavy accent, and my experience was near perfect, but those days are clearly over now that companies find huge profit in outsoucing. That is fine, but this computer user and at least one of this friends, is oursourcing their OS hopefully very soon to a different company entirely and hoping for a better experience.

    While I yearn for that day, I will simply follow through with this safe-mode VIPRE scan, and remember harshly if it fixes it, the hastle I went through to get there and that at the end of day, it was not worth it but that I had no choice short term ;)

    cheers
    nl

  • herman hewlett

    I use vista and every time i turn on my computer it wants to run a complete disk check!,when i miss the 10 sec. window and let it do a full scan,it still does the same thing on start up! DON'T want to dump VISTA,but this is a PAIN
    Any help is appricated!!!!

  • Randy Abrams

    Herman, the blog is not used for product support. Vista is a Microsoft product, not an ESET product. There are numerous Microsoft support forums where your question is appropriate, the ESET blog is not such a forum.

  • Fizool Chand Eset

    Can Using ESET and Microsoft S.E. cause any conflict?

    • David Harley

      I don’t know of any specific, known conflicts, but running two AVs in tandem always has the potential to cause significant problems. In any case, I’d expect running them both on-access to have a noticeable and negative effect on performance without a corresponding gain in security.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

2 articles related to:
Hot Topic
22 Jun 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.