Microsoft Security Essentials: What wannabe testers need to know

Microsoft Security Essentials: What wannabe testers need to know

Summary: Microsoft finally broke its silence about its Microsoft Security Essentials (MSE) -- a k a "Morro" -- June 18, after refusing for months to provide any real details on its planned free consumer security replacement to Windows Live OneCare. Here's what wannabe MSE testers and customers need to know.


Microsoft finally broke its silence about its Microsoft Security Essentials (MSE) -- a k a "Morro" -- June 18, after refusing for months to provide any real details on its planned free consumer security replacement to Windows Live OneCare.

Alan Packer, General Manager of Microsoft's Anti-Malware team chatted with me today about MSE. Based on our conversation, here's what wannabe MSE testers and customers need to know:

  • MSE provides antivirus and anti-malware protection for Windows XP SP2, Windows Vista and Windows 7 (including Beta or Release Candidate) systems. It makes use of the same core engine as the Forefront Client product Microsoft offers to businesses, but it doesn't provide the management capabilities that the paid Forefront Client -- or the former Windows Live OneCare subscription offering do.
  • Microsoft is making MSE available for public beta testing starting some time on June 23. It will be available in 32- and 64-bit flavors, downloadable from the Microsoft Connect site. The test version is targeted at users in English-speaking countries, plus Brazil, Israel (and some time later this year), China (in simplified Chinese).
  • The beta will remain open until the final version of the MSE product is released before the end of calendar 2009. (Microsoft officials won't provide any more specific of a date target than that.) The final product will be a free download available directly from
  • Microsoft will be updating and refreshing the beta code regularly in the coming months by pushing updates over Windows Update and other Web mechanisms. MSE isn't Microsoft-hosted, but it does include a Dynamic Signature updating service that Microsoft is touting as "cloud-based."
  • Microsoft plans to offer PC OEMs and system builders the option to bundle MSE on new PCs, but it isn't expecting any of the big PC makers to jump, since they currently make money by preloading competing, paid offerings from third-party providers.
  • Speaking of third-party products, MSE will uninstall Windows Defender if it is present on a user's PC, as MSE is a "superset" of Defender. Upon setup, MSE also will advise users to uninstall other third-party offerings, as running multiple antivirus/anti-malware offerings degrades PC performance.
  • MSE is aimed first and foremost at users who either can't or won't pay for antivirus/anti-malware software. There will be no registration required, no trials with an expiration date or required renewals. But Microsoft is restricting the MSE download (both the beta and final) to PCs running Genuine Windows (which has been authenticated as non-pirated).

Matt Rosoff, an analyst with Directions on Microsoft, wondered whether the Windows Genuine stipulation might prove problematic.

MSE "looks like an adequate protection product, similar to Defender but for more types of malware. However, from early screenshots, it looks like they're going to require Windows Genuine validation for use," Rosoff noted. "That seems to undercut their stated goal with the product: to broaden the base of Windows PCs protected against malware, especially in developing countries."

For more in-depth coverage (and screen shots galore) of what MSE is and how it works, check out my ZDNet blogging colleague Ed Bott's gallery and coverage.

So now that we finally know more (official) specifics about MSE/Morro, what do you think? Is Microsoft doing users a service or disservice in trying to secure the perimeters of the Windows ecosystem via a free antivirus/antimalware product like this?

Topics: Security, Hardware, Microsoft, Operating Systems, Software, Windows


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Happy that the rumors about a "complete-in-the-cloud" service were false

    That was a complete non-starter for me. But it turned out to be false rumors. This is "just" a anti-virus/malare like the competition. Only that it's free.

    Anything which can help curb the infections, I guess. On that not it may actually have helped if they would be offering it regardless of whether the host is pirated or not.
    • It wasn't rumors, it was pure FUD.

      It is odd to me that some people complain about how "evil" MS is, but then turn around and be completely fine with spreading lies, knowing full well that it is pure misinformation.

      Like Zack Whittaker, and his lapdog [i]nizuse[/i]. I wonder if [i]nizuse[/i] will have enough of a spine to admit he was wrong, like Zack did.
  • RE: Microsoft Security Essentials: What wannabe testers need to know

    I think a light weight anti-malware product updating through Windows Update will be great. Forefront is well regarded and I don't see any reason this won't be as well.

    I know the tin foil hat wearing crowd doesn't trust MU, and that's no problem at all - there are many other products out there that don't requre it.
  • Can't Wait!

    I can't wait for this release. I've always been a big fan of OneCare, and the one piece of OneCare that isn't already built-in to Windows 7 is the antivirus portion, but here we are.

    Microsoft is playing it smart too... offering the opportunity for OEM's to include it, but not forcibly tying it to Windows, and the price is right.

    I can see the "Welcome" screen of Windows advertising it right along with Live Essentials as quick and easy downloads.
  • RE: Microsoft Security Essentials: What wannabe testers need to know

    the link that you had to the announcement when MS would make the test beta public isn't working. At least for me...
  • Aww, Poor Pirates

    To Matt Rosoff,

    Now Microsoft is supposed to not only provide people who steal copies of Windows free updates but are expected to give them additional free products?

    Mike Galos
    • In balance, I agree with you

      It may seem strange after reading my other post in this thread, but in balance, I agree with you.

      The contrary position is that of the big picture, i.e. that active malware on some systems affects the rest of us as well. Most email is spam, most spam is sent through infected PCs, and these can be sending out malware as well - therefore, so the argument goes, it's important to protect all PCs, not just those running properly licensed software.

      Even corporates get this, in an age of consumer broadband. Infected consumer PCs can be used as hackers' cat's paws, or be ganged up to mount DDoS attacks.

      However, I agree with you that it's not unreasonable to limit access to onging expenditure to those who have paid for that support. Maintaining an antivirus is an ongoing committment, both in development and bandwidth terms, and the latter load scales up with the number of systems consuming the service.

      Unless you're prepared to accept the vendor bumping some of that hosting load onto everyone else's systems - as some vendors already do, via stealthed torrent clients - Microsoft is going to be spending money on that hosting. It could be seen as unreasonable to expect them to cater for those who have already broken trust by breaking license terms.

      I think we need to know more about how the "cloud" features in all this - in case that's a euphamism for exactly that kind of customer-resourced load balancing.
  • Has Potential

    I will try it. It will no doubt be dumbed down from a configuration standpoint, but will be worth a look. I have long since stopped using the top tier AV products like Norton and McAfee. Too expensive, buggy and are total resource hogs.
  • WGA makes sense

    I don't know why so many people make so much fuss about WGA/Validation. If you're online and complaining about such an issue, there's no reason for your bickering. It's a one-time deal, get over it.
    • Yep, you don't know why.

      It's not a "one-time deal". It's not even just every time you download something hidden behind validation, such as XP's "not a security patch" that is needed before your setting to not Autorun USB storage devices is respected.

      It's the presence of deliberately hostile code within a product, kept from "going off" by the same quality code that has to be fixed so often that we're obliged to swallow updates every month.

      What MS does today, evey vendor will do tomorrow, and that's why activation was so significant. The slippery slope of vendor-user relations dropped a level once it became standard practice to embed user-hostile code in products.

      Clealy there are trust issues with vendors who are prepared to do this, and the trust surface becomes larger and harder to patrol.

      Once it was; I get the use of a particular product for life, you get your one-off payment, and we need never deal with or trust each other again.

      Now I have to trust you to squirt new code into my systems automatically, unless I'm prepared to devote substantial attention to what each patch does, and run the risk of pre-patch exploits. I also have to watch what you do and compare that to what you promised you'd do, and respond to tidal changes in vendor trustworthiness.

      Open Source doesn't fix this by giving me acres of source code to read, by the way. If it addresses the problem, it's by removing the financial incentive for vendors to hold back on value.

      Do you remember when activation appeared in XP, and we were assured that when Microsoft lose financial interest in old products, they will be left to work without activation?

      Well, watch what happens with discontinued products like MS Money, when Microsoft announces activation will no longer be possible after a certain date. Will these products then install without activation, or will they die as soon as they need to be "just" re-installed?

      Do a Google( activation Kafka cquirke ) for a take on the absurdity of activation politics.

      • oh please

        I'm yet to ever have a problem with WGA on my VALID copy of Windows.
        • Which of course means...

          That anyone else's (negative) experience with WGA cannot possibly be for real. It must be nice to be paddling up the river denial.
  • Wow!!! Talk about an easy hack...

    All I have to do is write a virus that first makes windows look like it's pirated (extremely easy to do) and windows will disable it's own defense leaving it open and vulnerable to anything I want to throw at it.... WooHoo!!!

    Great time to be a MS user... Who wouldn't want to be a fish swimmin in a barrel?
    • Have at it then

      let us know when you've got the code ready, shouldn't take you more than a couple hours? Days? Apparently it's "extrememly easy to do".

      Look forward to seeing your skillz! ;-)
    • uh huh..

      Conceptually you're right, but if you want to get
      into the computer in the first place, you'll have
      to jump through some hoops. Once you're in the
      computer all bets are off-- it doesn't matter if
      they've got virus scanners or not. (It's not like
      McAfee or Norton or Symantec ever stood a chance
      against a virus that was already in the computer,
      disabling the scanner)

      In the end, I think that this won't change the set
      of people falling victim to viruses: silly
      uninformed IE users, and stupid kids who think
      that they're smarter than they really are.
  • RE: Microsoft Security Essentials: What wannabe testers need to know

    It seems if non-WGA users want MSE, then they'll find a bootlegged version of MSE, and try to keep up with bootlegged updates. I'm beginning to see Microsoft's thinking: some non-WGA users will give up on the update hassle and purchase a licensed copy of Windows.
  • RE: Microsoft Security Essentials: What wannabe testers need to know

    what if I use mozilla, firefox? will it encompass that too?
  • I use a Mac. I guess I don't need this.

    I don't have to worry about viruses and spyware.
    • Unless you run java

      [1] (Ok, I haven't run the update yet), but when I came across this before the update was pushed, I was surprised that such a vector existed.

      I turned off Java. I don't use it for Web browsing anyway.

      [1] []
      • Patch went out earlier this week...

        Java was patched on the Mac earlier this week - hopefully this will be a non-issue now.