ie8 fix
madison

The Ed Bott Report

Ed Bott
Home / News & Blogs / The Ed Bott Report

How good is Microsoft's free antivirus software?

By | June 18, 2009, 1:00pm PDT

Microsoft has officially unveiled its long-awaited consumer antivirus offering. Formerly code-named “Morro,” it’s now been christened Microsoft Security Essentials, and it will enter public beta testing next week. If you have a licensed copy of Windows XP (Service Pack 2 or above), Windows Vista, or Windows 7, you’ll be able to download and install the software at no additional charge. No subscription is required for ongoing definition updates, either. The final release is scheduled for this fall. (My colleague Mary Jo Foley has more on what beta testers can expect next week.)

The public beta will be limited to 75,000 downloads, Microsoft says, and the targets are global. The initial beta release is limited to the United States, Israel (where a core development team is based), and Brazil. Next month, the beta will open up for users in China. It’s no coincidence that Microsoft is rolling out early in Brazil and China, which are large-scale vectors of malware infections because of the sheer number of Windows users running without antivirus protection. According to Microsoft, barriers to adoption of paid security software are especially high in developing markets, where internet access is slower and credit cards are unavailable to a large percentage of the population.

Microsoft Security Essentials requires validation, which means it won’t be available to anyone using a pirated copy of Windows. But it won’t require registration or personal information of any kind. In an interview last week, Theresa Burch, director of product management for Microsoft Security Essentials, confirmed that decision in no uncertain terms: “We collect no information from you at all,” she told me. No Windows Live ID, nothing. You agree to the EULA, validate, download, and you’re done.”

Over the past few days I’ve been testing recent builds of Microsoft Security Essentials on two machines, one running a 32-bit edition of Windows Vista, the other running a 64-bit copy of the Windows 7 release candidate. The software I describe in this post is a more recent build than the current beta that has been floating around back channels on the Internet. Here’s my report:

Page 2: Microsoft Security Essentials in action –>

More from “The Ed Bott Report”

Topics

Microsoft Windows 7, Malware, Antivirus Software, Microsoft Corp., Microsoft Security Essentials, MSE, Microsoft Windows, Cyberthreats, Spyware, Adware & Malware, Operating Systems, Viruses And Worms, Security, Software, Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.

Disclosure

Ed Bott

Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.

Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books written prior to fall 2011 have been distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press. As of November 2011, Ed is a partner in the independent publishing company Fair Trade Digital Exchange, which exclusively publishes his books.

On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.

Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMware. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.

Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.

Biography

Ed Bott

Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.

364
Comments
Add Your Opinion

Join the conversation!

Just In

How to Bulletproof Your PC
Mind Tools 3rd Jan
I'm excited about Microsoft's free antivirus program! However Antivirus is not enough protection anymore. I would apply all the free apps listed at
(How to bulletproof My PC. com) My PC friends told me it's the ultimate security!
View in thread
0 Votes
+ -
This is too funny... Conficker
Christian_<>< 18th Jun 2009
Conficker worms & viruses!

wink
0 Votes
+ -
Especially...
wolf_z 18th Jun 2009
...since MS offered a patch *6 months before* Conficker came out to anyone using Automatic patching.

The only people who got infected were the paranoid and the pirates. Talk about irony...
0 Votes
+ -
Or complete idiots that can`t let Windows Update on its default ->ON(nt)
NeoGeneration Updated - 18th Jun 2009
nt
0 Votes
+ -
I know several who didn't get infected.
nucrash 19th Jun 2009
I secured 300+ computers ahead of time.


Oh, and the first iteration of Confickr actually came out days after Microsoft issued the patch. The variant that everyone loves didn't come out until 6 months later.

As for the pirates, only the majority got infected.
0 Votes
+ -
Oh look, the broken record is here.
Hallowed are the Ori 19th Jun 2009
Give it a rest, troll boy.
0 Votes
+ -
Moderators: Why are posts like that allowed to stand?
NonZealot 21st Jun 2009
Can you provide some explanation why Apple blogs are scrubbed clean of all posts that aren't 110% pro-Apple but Apple folk can come, post a spam message like this, and nothing gets done about it? 50% of the replies to this blog are just garbage and it truly makes it impossible to discuss the pros and cons of MSE when every second post is by some anti-MS troll.

Some answers would be much appreciated.
0 Votes
+ -
This is zdnet, they let all sorts post
zkiwi 21st Jun 2009
And what makes you think Apple blogs are scrubbed?

After all, you've posted at length about Apple on Apple blogs. And it's not as though you have a pro-Apple bone in your body.
  • Flagged
0 Votes
+ -
Post about copy and paste and watch it get deleted
NonZealot 21st Jun 2009
Don't you dare make any posts about how WM had copy and paste years ago because your post will get deleted within minutes.

However, feel free to write "Conficker ;)" on every Windows blog and watch it stand. I'm only trying to make ZDNet a better place unless you think that writing "Conficker ;)" was a useful addition to this thread?
0 Votes
+ -
ZDNet..
mail@... 22nd Jun 2009
long ago became a haven for Apple fanboys, and trolls of all sorts. It is impossible to have an intelligent discussion about anything MS related, because every other post is an Apple-head, professing his superior intelligence for owning an Apple, and your ultimate stupidity for not. If you want an Apple, go for it, but leave the rest of us alone!
0 Votes
+ -
Or post anything exposing the inherent weakness of .NET
914four 23rd Jun 2009
...and watch it disappear. It happens to everyone NZ, not just Apple critics.
0 Votes
+ -
Conficker
bendib 26th Aug 2009
NT
0 Votes
+ -
I would hope so!
bendib 25th Jun 2009
If they didn't let all the freaks like me post, I couldn't start a stink on every blog! : )
0 Votes
+ -
Couldn't agree more
jackbond 23rd Jun 2009
The ABM nutjobs will cast the most serious aspersions against Bill Gates or Steve Ballmer, but if you point out that history of violence of open source programmers and advocates, bingo, post deleted. The Linux file system was programmed by a murderer, and there is a long history of open source being used to track the movements of unwitting users for criminal purposes. This post will probably be gone within minutes, but whatever.
0 Votes
+ -
Actually...
jecouch66@... Updated - 8th Jul 2009
I assume you're referring to Hans Reiser. There is no "Linux Filesystem". He was the programmer who developed the ReiserFS, which is one of many filesystems you can choose as your filesystem for linux.

But I do agree with the fact that folks shouldn't be anti-microsoft just because it's Microsoft. I'm using MSE now in a virtual machine, but it's been so long since I've seen a virus I'm not sure how helpful it's going to be. I suspect if you're up to date on patches, you're probably fairly safe. Just keep an eye on those kids and those USB sticks..:)
0 Votes
+ -
RE: How good is Microsoft's free antivirus software?
beijing2008 14th Sep
Took these. Thanks so much! replica chanel bag
0 Votes
+ -
Question re: crucial measure ...
RationalGuy 18th Jun 2009
And on the crucial measure of delivering the fewest false positives, Microsoft stood far ahead of the pack, delivering the fewest false positives of any program tested.

By false positive, do you mean files that tested positive in the AV as being infected that really weren't? Or files that tested as being clean that really were infected?

I care about the former far less than I care about the latter.
0 Votes
+ -
Contributr
The former
Ed Bott 18th Jun 2009
False positives are a real problem, as they scare people, cause unnecessary calls to IT (in business) or to a repair person (for consumers).

MS scored second in accurately detecting files as viruses and first in not detecting clean files as infected. AV-comparatives uses both measures for their ratings.
0 Votes
+ -
False Positives
DaveN_MVP 18th Jun 2009
Not to mention the times various AV products have falsely detected, then quarantined or deleted system files, resulting in unbootable PCs and servers.
0 Votes
+ -
Or my favorite....
JoeMama_z 18th Jun 2009
when it quarantines an exchange or sql transaction log... ugh.

I know I know exclude, but we all know that doesn't always work.
0 Votes
+ -
Nothing more entertaining than ...
msdead 25th Jun 2009
watching a person who thinks the removal of a virus is easy load and AV with out understanding the software an hose their system on a FP.
0 Votes
+ -
Thanks for the clarification ...
RationalGuy 18th Jun 2009
I agree they are both important, and it's good to know that MS is scoring highly in both regards. That's very surprising to me, since the name "Microsoft" doesn't really make the word "security" pop into your head.
0 Votes
+ -
pops into a few
RDrr 19th Jun 2009
security pops into a few heads, as MS had done a lot of work on it... evidenced by MSE
0 Votes
+ -
It should pop into your head.
Cayble 19th Jun 2009
Please don't tell me there are still large segments of the population who just do not seem to get the point that its a given that Windows is really the only significant game in town when it comes to profitable systems to infiltrate. Particularly with some types of attacks that specifically rely on accessing a vast numbers of machines to accomplish their purpose. To put it simply; the only kind of machines there are vast numbers of are Windows based machines, so there is often no other real choice then to target Windows.

Sure, with both OSX and Linux there are some factors in the build that make infection a far more tedious task, but in the end Windows is targeted far far more then OSX an Linux in all its forms are attacked. And the simple fact that so many multiples of hundreds of millions of Windows machines run without any infection (certainly without any infection of negative consequence)on a daily basis says something about the security of Windows based machines. And if there is an OS producer that has a vested interest in keeping the security as high as possible it has to also be Windows due to the above facts.

So yes, even if the anti Microsoft crowd is completely right, then certainly Microsoft must be a company with some of the most serious concerns about security and as the world runs off of Windows it would appear they have been doing a pretty good job. I'm still waiting for this viral scourge that Windows apparently cant turn away. I haven't seen one yet and I haven't heard of one on the horizon.

So, when someone thinks of security in the world of IT, there are some good reasons to have MS pop into your head.
0 Votes
+ -
For-profit AV companies don't mind false positives
Speednet 19th Jun 2009
Anything that scares people into thinking their software is important they love.

I'm talking about companies like Symantec, McAfee, Kaspersky, ZoneLabs, etc. These companies constantly need to remind people that their product is installed, and to justify not only their existence, but the upgrades year-after-year.

Microsoft's anti-malware products have been as close to perfect as I have seen, especially in the past year. They have excellent detection and are for the most part blissfully silent.

Ed, thanks for reminding the Microsoft haters that their outdated rants on OneCare only prove how ignorant and biased they are.

0 Votes
+ -
MS needs to get the word out ...
RationalGuy 19th Jun 2009
After reading this thread, I'm going to give MSE a shot. Based on experiences with OneCare early on, I never gave it a second look. I'll just say it was a very bad first impression.

Just like with the "Mojave" experiment, I think MS needs to start letting people know about the improvements they have made.
0 Votes
+ -
Ms should ship it with 7, but
notsofast 19th Jun 2009
I'm sure that such a move would raise claims of anti-trust and of course they couldn't ship that version to Europe, where they're still waiting for Windows KE (Kernel Edition).

Every new PC should ship with AV software. I'm starting to think Apple should do the same if they continue to increase their numbers. Smart users can avoid most attacks (same goes for smart windows users), but IME most computer users aren't tech savvy...arrogance, ignorance and unsafe computing are a dangerous mix on any OS.

Nevertheless, based on this article, I'm not convinced that MS's solution uses less resources than Norton/Symantec AV. Now if MS has a system where the scans are done during idle periods (not that you can't schedule full scans overnight), then things will get interesting.

Clearly their detection of new attacks looked well above average (which surprises me).
0 Votes
+ -
Apple users...
arminw 20th Jun 2009
need antivirus software like they need a hole in the head. After all these
years, there still is not a self replicating virus out on the Internet that will
run on OSX. So far, the worst thing that has come along is a Trojan or two
that require user interaction and can only infect one computer at a time.
Never has a virus come along for OSX, that spreads like wildfire from
Mac to Mac without human help. Windows users always cite how
expensive Macs are, but they never mention all the baggage that comes
with Windows, including the necessity of antivirus software that bogs
down the performance of the computer. Software that does absolutely
nothing except use up to 50% of the available CPU cycles is worse than
useless.
  • Flagged
0 Votes
+ -
re: For-profit AV companies don't mind false positives
notsofast 19th Jun 2009
Anything that scares people into thinking their software is important they love.

I'm talking about companies like Symantec, McAfee, Kaspersky, ZoneLabs, etc.

I'd ask you for stats, but Ed linked to recent tests on AV softw3are, and clearly Symantec has one of the lowest false positive numbers, while AVG is among the highest.

My experience with AVG's free AV software was that it had a lot of false positives.

I found Kaspersky had too many dialogs from it's firewall, which I found annoying enough to uninstall the program.

I rarely see anything from Symantec's latest offering, unless you count where it notifies me of tracking cookies during a weekly report.

Your argument is logical, but it doesn't match my experience with AV software.
0 Votes
+ -
I'd agree with that assessment...
JCitizen 19th Jun 2009
Ever tried ESET?
0 Votes
+ -
Re: eset
notsofast 19th Jun 2009
I'd never heard of it until just now.
0 Votes
+ -
Eset makes Nod32, not a bad AV. nt
wolf_z 19th Jun 2009
nt
0 Votes
+ -
Oh.. The irony of it all...
Wolfie2K3 19th Jun 2009
Back in the day (circa 1997), I remember Norton AV repeatedly flagged the link from GoldMine to Word as a virus. It was a legitimate set of macros that enabled document automation so you could merge documents in Word using data stored in GoldMine.

Of course, back in the day, Symantec also had a product known as ACT! which they later sold back to Sage. ACT! is/was a competitor to GoldMine.

And they say Microsoft is the only one guilty of anticompetetive practices...
0 Votes
+ -
Terminology
TBone2k 19th Jun 2009
Just to prevent confusion... A situation where a non-infected file is detected as a virus would be a false positive. Where an infected file is detected as clean would be a false negative.

I agree with the sentiment though, false negatives are a lot worse than false positives.
0 Votes
+ -
Contributr
Balancing act
Ed Bott 19th Jun 2009
In exchange for detecting a single type of virus, would you want your antivirus software to delete or quarantine 100 innocent files, some of which might be useful and whose absence might cause performance or reliability problems?
0 Votes
+ -
Re; balancing act
notsofast 19th Jun 2009
Ed, I only scanned the first report you linked to, but from what i could tell, MS was above average at detecting unknown viruses and among the best at avoiding False Positives.

Based on that single bit of info, it appears that MS is balancing things.

With that said, I hope that your tests also compare hits on performance vs other AV vendors.

I like how Norton doesn't scan when I'm doing things, but scans whenever the system is idle.

It seems clear that MS is excellent at what it does, but if performance takes a hit, vs other vendors that are almsot as good, due to scans, then I'll probably stick with Norton (I seem to be able to find free commercial AV S/W (AR) all the time).
0 Votes
+ -
False positive
monei011 21st Jun 2009
If you don't know what a false positive is - JFGI.

You will find plenty of clear explanations on Wikipedia for example.

Don't waste blogspace.

As far as Security software is concerned it is fals negatives that should be your concern.

0 Votes
+ -
RE: How good is Microsoft's free antivirus software?
duncanph 18th Jun 2009
Will it work with Windows Home Server, Server 2003, or Server 2008?
0 Votes
+ -
Contributr
Not officially
Ed Bott 18th Jun 2009
Since WHS and Server 2K3 share a kernel with XP, and Server 2K8 is based on the same kernel as Vista SP1, it might work. But this product was designed as a single-user client product.
0 Votes
+ -
Short of a hacked install
LiquidLearner 18th Jun 2009
I don't really see it working on Server platforms. Microsoft isn't discontinuing Forefront so they'll continue to market that for server protection.
0 Votes
+ -
That's incorrect
Speednet 19th Jun 2009
All the Microsoft client-based AV products install and work just fine on servers.

Yes, even WHS. I happen to know that because i have done it, and it works great.

Anything that installs on Win 2003 will work fine on WHS.
0 Votes
+ -
WHS Support
aemarques@... 24th Jun 2009
I have a WHS machine and I can report that MS Security Essentials does NOT install on WHS - which is a pitty, really...
The only vendor that I know that has specific (and inexpensive) solution for WHS is Avast.
0 Votes
+ -
RE: How good is Microsoft's free antivirus software?
Cylon Centurion 18th Jun 2009
Great article!


75,000 downloads is a little low though... Why do I see this as being a repeat of the Windows 7 beta fiasco?
0 Votes
+ -
It's called Torrents
trance2tec 18th Jun 2009
Just go download it off your favorite torrent site. You can get it right now if you want.
0 Votes
+ -
Like 7
djmik 19th Jun 2009
Like 7, wouldn't it be funny if people got an infection from downloading this from a torrent?
0 Votes
+ -
Not really...
shinji257 19th Jun 2009
I do remember the trojan horse that got inserted into the Windows 7 Release Candidate that everyone downloaded via torrents. I got it 6 days early _legally_ by downloading it from technet. At that point I burned and gave a copy to each person that I knew that downloaded it from a torrent and told them to reinstall. I did a binary comparison between the legit copy and the one got from the torrents and they were different. I only found out about the trojan later.

P.S. - I only gave out discs. Not keys. They had their own license key from the original beta which were reusable for the RC.
0 Votes
+ -
50% cpu utilisation?
Mam00th 18th Jun 2009
Do you have a dual core CPU Ed? Because that would mean
that it fully uses one core and not that it throttles
it's CPU usage.
0 Votes
+ -
50% overall
trance2tec 18th Jun 2009
I'm running an MSE scan right now, and while not running anything else and watching my core monitor, one core is running consistently between 50%-%60... while the other is around 30%.

I have a core2duo. I'm noticing no slowdown in performance on my system what-so-ever either.

I'll continue running Avira as well for the time being, once MSE has been out for a couple months and goes through the crazy testing, providing it passes, I'll definitely be switching over.

MSE is what AV should be, it's super lightweight and out of the way and appears to do it's job.
0 Votes
+ -
Have you noticed load during signature updates?
BillDem 18th Jun 2009
I'd be interested to know what the CPU does during its background signature updates or when it performs scheduled scans in the background. One Care was a pig that brought my old XP Pro laptop to its knees when it would kick in to do a scheduled background scan.
0 Votes
+ -
Nope, no load
trance2tec 18th Jun 2009
I didn't notice any real load while it was updating.

Also, you have the option to set the scheduled scans to only start when the computer is not in use. It's a check box.

One thing is for certain, this is a VERY lightweight program, issues with hogging your system are non-existent.
0 Votes
+ -
Are you surprised?
de-void-21165590650301806002836337787023 18th Jun 2009
When your Anti-malware package kicks off a scan of your system, even if it's running in a lower priority XP process, it can still end up eating your HDD ... particularly on a fast machine with little else going on.

XP didn't have the feature that that dynamically throttles background tasks - that was a feature added in Vista and which the search indexer, windows update, etc., were updated to use (more effectively) in Vista SP1.

Your anti-malware tools shouldn't be doing much at all when they download new signatures - sig's tend to be small and your AV scanner will generally restart, reload the new sig' list and then, if required, will immediately scan for any high-priority malware checks.

Again though, if you're on Vista / Win7, you'll suffer a lot less disruption from (well engineered) anti-malware tools like Morro.
0 Votes
+ -
How to Bulletproof Your PC
Mind Tools 3rd Jan
I'm excited about Microsoft's free antivirus program! However Antivirus is not enough protection anymore. I would apply all the free apps listed at
(How to bulletproof My PC. com) My PC friends told me it's the ultimate security!

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix