Security

A look into Microsoft Security Essentials 2012

Scott Lowe takes a detailed view into the Microsoft Security Essentials latest build, still in beta, noting some of the changes and performing some basic testing.

Last month, my TechRepublic colleague Mark Kaelin announced Microsoft's introduction of the latest Microsoft Security Essentials (MSE) beta. As you probably know, MSE is Microsoft's free virus scanner for Windows PCs, providing protection against malware, spyware, and rootkits. I, like Mark, feel that MSE is a great product and I also recommend it to everyone I know. The fact that it's a free product certainly works in its favor! In this article, I'm going to dig a little deeper in this beta product and see what's changed since the most recent production release.

On my main PC in my lab, I have the latest current production release of MSE installed - build 2.1.1116.0. I will be looking at the beta that Microsoft recently announced, which carries a build number of 4.0.1111.0.

The interface

In some collateral material, Microsoft has indicated that the new MSE's user interface has been streamlined, but I have seen little evidence of this in the latest beta. Given that this is a limited beta, it's entirely possible that Microsoft has yet to implement the user interface enhancements. In Figure A, you can see that the beta MSE looks a whole lot like the old one with a couple of exceptions:
  • The tabs in the old version also include small icons which are not included in this beta.
  • The background color scheme has changed from gray with a "netting" image to a gray/blue blend.

Figure A

The new MSE looks a lot like the old MSE (click images to enlarge view)
On the Update tab (Figure B), you can see that I downloaded the latest definitions soon after they were made available. Again, the page hasn't changed at all since the older version that is currently in production.

Figure B

The MSE Updates page
The most notable change to the interface that I've seen so far is shown in Figure C on which you can see the difference between the old History tab (Bottom) and the new one (Top). The primary difference is that some text has been rearranged, but little else has been changed.

Figure C

The MSE History page

For the next few screenshots, I'll be taking a look at the Settings tab. Again, not a lot has changed here except that this beta does not include an option for "Default settings", which was present in the older MSE. In Figure D, you'll see the Scheduled scan page from the new MSE. It's identical to the old version. I ran through all of the drop-down menus as well and verified the lack of change. I'm not really surprised; there's not much to change about a schedule!

Figure D

Settings for Schedule
Here's a screen that's either been "streamlined" or that has yet to be completed in the beta. In Figure E, again, old on the bottom and new on top, the new version of MSE currently has much less in the way of options regarding real-time protection. In this beta, it's all or nothing with regard to real-time protection.

Figure E

Real-time protection options in the MSE beta differ from the older version (for now)
As has been the case for a while, MSE includes the ability to exclude certain files and locations from scanning. Some files contain what could be false positives and if they are quarantined or deleted, some applications could cease to function. You can see this screen in Figure F.

Figure F

Exclude files and folders
Likewise, you can also exclude files with specified extensions as shown in Figure G.

Figure G

Exclude any file types that you wish
Again, in Figure H, you'll see another screen that hasn't changed. This is the screen on which you can exclude specified processes from being scanned by MSE.

Figure H

Exclude processes from scanning

With the exception of some wording changes, the Advanced tab hasn't changed a whole lot either. Here, you can decide how MSE should act when its running or when it's discovered an infection. For example, you can configure MSE to create a restore point before doing anything with a detected item.

Figure I

Configure MSE advanced options
Finally, in Figure J, you'll see that Microsoft has renamed SpyNet to Microsoft Active Protection Services. This is a service to which you can subscribe to help track your actions with regard to detected items. This is a community service that aggregates information from all subscribers in an attempt to help all make better decisions and better protect their systems.

You can choose not to participate or you can choose from two levels of membership:

  • Basic. "Send basic information to Microsoft about software that Security Essentials detects, including where the software came from, the actions that you apply or that Security Essentials applies automatically, and whether the actions were successful. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or to contact you."
  • Advanced. "In addition to basic information, Security Essentials sends more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the location of the software, file names, how the software operates, and how it has impacted your computer. In some instances, personal information might unintentionally be sent to Microsoft; however, Microsoft will not use this information to identify you or contact you."

Personally, I believe it's important to participate in this service at some level.

Figure J

The MSE Microsoft Active Protection Services screen

A little bit of testing

As I said before, I've always liked MSE. It's generally been fast, unobtrusive and complete. I tested the new MSE beta by visiting the EICAR virus test site. I tried in a couple of different ways -- both text and ZIP files via both HTTP and HTTPS and, as soon as I tried to download the EICAR test file, I immediately received a pop up message from MSE indicating that it had taken immediate action against the file and that no further action was required from the user.

Figure K

The MSE popup message
This is an improvement from the older version of MSE, which stopped to ask the user for instructions (Figure L). One of Microsoft's intents with the new version was to provide "Enhanced protection through automatic malware remediation: The Beta program will clean highly impacting malware infections automatically, with no required user interaction." Based on this very limited testing, it's obvious that they're taking steps to deliver on this promise.

Figure L

The same situation, but with the older MSE
In reviewing the History information in MSE, you can see that the product did, in fact, see three separate instances of the EICAR test file (Figure M).

Figure M

MSE history

Microsoft has also indicated that the new MSE will have better performance and new detection capabilities. I haven't been able to adequately test these promises, but MSE has always, for me, been snappy and very complete.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

9 comments
arion30
arion30

Ive always been a fan of AVG, between that and Malwarebytes, I can usually stop or clean any infection anyone in my office gets. and they are both free.

theon
theon

I would like to ask those in the know about compatibility of MSE 2012 in addition to my native security program-BitDefender Total Security 2012? Thanks

wwsbitdept
wwsbitdept

Will this version support Home Server?

robo_dev
robo_dev

I am a happy user of Sunbelt Vipre; I rebuilt a laptop for a co-worker and used MSE (the price is right). It came back two months later, a smoking brick infected with all sorts of nasty buggers. Talked the co-worker into paying the $ for Vipre, so far so good. I recommended Vipre to my boss, and he's happy, and I still work for him. I have Vipre on at least 12 machines at home for the past two or three years, and have had only two minor virus infections. Vipre is MUCH faster and less processor-intensive than the (older) version of MSE. So on a 1.8 GHZ netbook, you can actually surf the web while it's virus-scanning. To be fair, one would need to compare Vipre 2012 to MSE 2012.

greg.williams
greg.williams

I've found MSE to be very good, however I am concerned about the real-time protection settings. I hope the Real-time protection settings are not streamlined and just not fleshed out yet, because I have found it necessary to disable behavior monitoring in certain environments.

Tom T Tuttle
Tom T Tuttle

What you didn't mention is that in this Beta you don't have the ability to tell MSE how you want it to handle the files that it deals with. If you go to a site and there is an issue it will "automatically" send the file into Quarantine. In the past version you were able to set this "Action" status to what was wanted. I went to a site that was a problem and it saw the problem, if I wasn't looking for something I would of never noticed that it caught this. The icon popped up, very briefly, and moved it with no intervention. In the past version you could at least set the defaults to do what you wanted it to.

wfecng
wfecng

it cannot install in win8 dp.

Craig_B
Craig_B

I'm testing out the latest MSE as well and concur with your observations. As a user there doesn???t seem to be many changes, at least on the front end, I???m sure most changes are beneath the surface.

jetsethi
jetsethi

It looks like it's just as easy as always. I wouldn't expect anything less. Ever since the days of Windows Live OneCare In a blog post a few days ago, here on TechRepublic( I believe it's "10 technologies that are just plain broken" by Eric Kei) it was mentioned that MSE is one of the few consumer-grade anti-virus programs that doesn't do more harm than good.