Microsoft Security Essentials: Aiming low?

Microsoft Security Essentials: Aiming low?

Summary: Microsoft has offered a free consumer security product for years, but is it good enough for you? It's certainly better than nothing, but it's way short of the best products.

SHARE:
TOPICS: Security, Windows
67

A recent interview in PC Pro (UK) is raising some eyebrows about Microsoft's goals for Security Essentials, their free antivirus/antimalware program.

The story quotes Holly Stewart, senior program manager of the Microsoft Malware Protection Center, to the effect that Microsoft does not try to be a top-notch solution to compete with established companies in the field, like Kaspersky, Symantec and Bitdefender. Rather they try to block the most important threats and pass their research on to others in the security community.

All this is done in the service of security for the whole Windows ecosystem. The point of Microsoft Security Essentials is not to replace more comprehensive products (many of which are also free), but to set a baseline for security for Windows users. Much better that users run Security Essentials (and the Windows Firewall) than that they run nothing at all.

So there's no real excuse not to run a security program and keep it up to date. Unlike the other free ones, at least Security Essentials doesn't nag you with an upsell.

But better still that users run a product like Kaspersky Internet Security, which protects against a vast variety of threats and is updated many, many times a day. Products like these are the ones that do well in comparisons by labs like AV-Test, which throw hundreds of thousands of malware samples at them, including many for which the products have no specific protection.

AV-Test actually uses Microsoft Security Essentials as the baseline in their scoring system; Security Essentials gets a score of 1.0 and all the others are relative to that.

So it's unfair and beside the point to say that Microsoft designs Security Essentials to be at the bottom of the pack. Microsoft wants the Windows ecosystem to be secure and to be perceived as being secure. The best way to improve protection in this, or any other market, is through competition, and the security field is extraordinarily competitive, far more than perhaps any other major category of software. Not only are there many major players, but market shares are fluid and many products do well in particular countries but not others.

Microsoft's enterprise product (System Center Endpoint Protection) is similarly unambitious, but there's less of an excuse for customers there. Businesses with enough resources to run System Center should be spending money on a better antimalware engine.

The point Microsoft makes about sharing with the other companies is an important one about the security industry. Sharing information about threats has been SOP in the antimalware and other security businesses for a long time. Even if they're not building top-notch product, Microsoft still has massive reach around the world and can make important contributions to security intelligence. This too is in their interest to the extent that it makes the Windows ecosystem more secure.

Remember, the security suite you run isn't the only important step you should take to secure your system. Keeping Windows and your applications patched up to date is potentially far more important (some security products will check to see if you have applied patches and nag you if you haven't, but Windows does this too).

You should also pay close attention to browser plugins, and that means all browsers, not just IE. Many of these can cause problems but aren't necessarily marked as malicious.

Do you run Java? Remove it. Make sure to remove all installations of it, because you may have more than one. If you have to run Java, run only the most up to date version and set your web browsers not to run Java applets by default (this is default behavior in some browsers now).

Even good spam filtering can be important. Many threats are spread by spam, generally through web links in the message, and a good filter will block nearly all of these. 

Don't lose track of the fact that all the commercial security suites do a lot more than antimalware:

  • They usually have a better, more flexible firewall than the Windows Firewall
  • They'll have much better anti-spam protection
  • As I already said, some will flag unpatched programs
  • They include IPS (Intrusion Prevention System) functions, which means that they can block certain malicious behaviors even when the program has gotten through initial checks and executed
  • Many will check the code for web pages before your browser runs it
  • Many include anti-phishing features
  • Many include parental controls
  • Some include other useful security features like password managers and file encryptors

So if you're wondering if you can get away with only Security Essentials (and Windows Firewall) and good practices like prompt patching, you probably can. Configured in this way, and boosted by some common sense, you will block the large majority of attacks you're likely to encounter. You’re still going to be vulnerable to many a real world attack, especially in the early days of that attack, and you'll need that common sense, that ability to recognize the threats that get through. But you're not a sitting duck anymore, like you would be with no AV. The price of being cheap, in this regard, is not what it used to be.

Topics: Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

67 comments
Log in or register to join the discussion
  • Maybe Microsoft is preemptively reducing the risk of legal problems,

    regarding "bundling" and that's why MSE is just "baseline protection". If they went all out, it would probably result in another "ballot" being forced on users.
    wizard57m-cnet
    • MSE is already bundled into Windows Defender

      Windows 8 features MSE integrated into Windows Defender. I've been running it since pre-beta without installing any third party AV software and to date haven't spotted any infection.
      But then again I don't have Flash, Java or Quicktime installed and I keep my system patched so I'm less likely to get infected.
      Dreyer Smit
      • MSE is much better than

        the sold trojas aka Symantec and McAfee.
        Ram U
      • I've been using MSE...

        ...almost since it came out, & have had NO problems whatsoever, nor have any of my clients who use it. I do have Flash, Java (won't TOUCH Quicktime - it's an Apple product with ads, nags & suck system resources like no tomorrow) & almost anything else enabled - still no problems. I do use my head when connected. Obviously, companies should use more robust products, but since I back up my data regularly & fix issues as they arrive, I feel I'm ok - my record proves it. Besides, who wants to be nagged for updates, as stated in the article, "many, many times a day"? Bottom line, if it ain't broke, don't fix it...
        rmazzeo
        • You do know

          Java is the reason for 4 of the top 5 malware in 2013?

          http://www.zdnet.com/watering-holes-join-java-as-a-major-threat-to-corporate-security-says-f-secure-7000021047/

          You have no idea if you have malware. Most malware today never want to be caught or noticed. It wants in, suck you data, gets out.
          paebin2s
        • I also use MSE....

          Rmazzeo, greetings from Atlanta, GA.
          I'm in the same situation you are....using MSE protects all my computers. My final feelings
          about MSE are: it may not have all the " Bells and Whistles " that other antivirus programs have.....but he is super fast in detecting " all Garbage that tries to invade my computers to infect them! ", and if you have a good, tuned computer....I would go as far as saying it is
          faster in scanning my hard drive(s) than some of the best antivirus programs available
          on the Market.
          DagoBert98A1
    • El Wiz: Maybe Microsoft is preemptively reducing the risk of legal problems

      This is a possibility. However, I believe that Microsoft is adhering to KISS with Windows Defender and MSE. If one peruses the AV testing conducted on MSE, it's clear (to me) that Microsoft is placing more importance on keeping false positives low, Google's Chrome browser, notwithstanding, at the expense of best-in-class detection or keeping false negatives low. False positives are a PITA for most users to deal with. (I know that infections resulting from false negatives are also a PITA, or worse, for users.)

      The best-in-class antivirus vendors put a LOT of work into minimizing both false positives and false negatives. False positives can result in Windows failing to boot if an important system file is locked in the vault by the AV. This has happened with a number of AV vendors. In addition, data loss can result. Remember the MS Excel xls file debacle?

      I, personally, believe that the AV industry is deeply unhappy with Microsoft's bundling of Windows Defender in Windows 8. Recall that Microsoft first announced this bundling in mid-September, 2011, and RTM'd Windows 8 with Windows Defender in August, 2012. Then MSE failed AV-Test.org's testing in September, October, November and December, 2012. And, today, MSE/Windows Defender is the baseline for comparison with other products.

      By it's bundling of Windows Defender in Windows 8, Microsoft has threatened the AV industry (which is much more powerful than the AS industry). Therefore, it has become a target of that industry, including the 'independent' testing organizations.
      Rabid Howler Monkey
  • I have not used

    any firewall or av in ages (10years+) and my pc runs fine... common sense goes a really really long way... Ofcourse, I only visit the same 5 or 6 sites every day...

    I guess porn and torrents are the most dangerous... luckily we aren't in the kapaaza days anymore.. If you get your torrents from kickass and your porn from pornhub youll be fine :)
    DJK2
    • Same here.

      Last month I realize that after reformatting 3 years ago, I forgot to install an anti-virus software on my home desktop! I panicked and scaned my computer with avira, malwarebyte, avast, adaware and spybot S&D, but only found a couple of cookies.

      Unless you are not an idiot, the era of computer virus is over.
      Jean-Pierre-
      • " the era of computer virus is over."

        Tell that to the 25000+ members of the Windows Fort Disco botnet.
        anothercanuck
        • The same crowd

          Is that the same crowd that is in love with start button and XP?
          paul2011
          • No.

            Fort Disco infects more than XP. Removal instructions can be found for Win2k thru Win7. From what I have read regarding it it comes from users clicking links in SPAM and Websites, Etc. and seems to be more related to Stupid User Tricks than to what Windows version you are using.

            Thank you for promoting your FUD.
            MWRadio@...
      • Same here Re_

        Jean-Pierre...(vous avez de la chance!!)..... that's French for : you are Lucky!!.
        DagoBert98A1
    • Ironically, porn

      Ironically most Porn sites are pretty clean. They are running a business selling porn and don't want infections scaring off business. They pay people to maintain their websites professionally. now, your local church group...
      mlashinsky@...
      • depends which kind

        There are three general types of porn sites...actually, now that I think about it, this all holds true for the rest of the internet as well.

        The type of porn site you're talking about are the ones that produce their own content and make money by billing viewers directly for it. These sites, as you describe, are the kinds that will be pretty clean as they are indeed making their money by people being able to continue to access them.

        The second type of porn site are the aggregators, which are usually supported by advertising. These vary in quality, especially since they generally run shady advertisements. CBS Networks wouldn't want the stigma of advertising ZDNet on a porn site, so you're basically left with other kinds of shady sites advertising on porn sites. Hence, even if the site itself is clean, the ads may not be - or they may lead to sites that aren't.

        Finally, you have the kinds of sites that offer the paid stuff for free. It's these kinds of sites that are generally incredibly shady and offer plenty of ickiness in exchange for the content they claim to have...which naturally requires a special Flash Player Update...

        I don't understand the connection with a "local church group"...as if churches have the desire and expertise to spread malware. Sure, many of them don't have the staffing to regularly ensure their servers aren't metasploited and serving it up involuntarily, but I'm pretty sure that that's a different story altogether...

        Joey
        voyager529
    • Huh?

      "I guess porn and torrents are the most dangerous"? Huh? Porn is dangerous? Maybe a heart attack after too much [you know]? Unless you mean porn sites. :-)
      Gisabun
  • Sorry, but the commercial firewalls weren't as flexible

    Having used Norton & other commercial products in the past, I have found *fewer* problems with using the built-in Windows Firewall (even back to Windows XP) than using the commercial ones...especially whenever it came time to pay the annual renewal fee.

    As for protection against viruses & other infections, I've found MSE to be just as good, if not better, at preemptively stopping them as well as cleaning up any that managed to sneak through. So, paying over $50/year or paying $0/year for the same performance gives me an easy financial decision to make...
    spdragoo@...
    • Re "the annual renewal fee."

      Our company installed 15 Win 7 computers 3 years ago and bought Symantec Endpoint Protection for all 15. Last month we got a renewal notice--for $550.

      We checked Amazon and were able to get copies of Norton Antivirus downloadable, 1-User, 3-PC for $15 each. So instead, we bought 5 copies of that and installed it on all our PC's except the server (which won't run desktop Norton products) and got SEP-Small Business Edition (or whatever it's called) for $60 for 3 years.

      An annual renewal fee of FIVE to 15 dollars certainly shouldn't bother ANYONE. In fact, when I see a good deal on Amazon, I'll buy two copies--one for the current year and one for the following year. Even though next year it's "a year old", once you do the install within a week NAV (or NIS or Norton 360) will pop up a notice that a free update to the current version is available.
      Rick_R
      • So,

        Are your 15 PCs used by only 5 users?

        "1-User, 3-PC for $15 each."

        I'm always in favor of a good deal, but as a company, you need to be very careful that you are following the letter of the licensing law. You are also using a consumer product (which is why you will get nagged for license renewal) as opposed to a business class product, which is centrally managed and will not nag your users.
        tdogg219
        • Points Well Taken, But...

          It's good to not be afoul of licensing requirements, yes.
          But there is nothing that precludes others operating the other two computers. And being a business environment, it's not as if the other two on each license operate their own separate computers. Correct me if I missed some fine print on that.
          I checked Amazon. Dd you before you posted? The pkges offered were single, not two tier pricing; i.e. home or business. No pricing distinction noted.
          At my writing, you have 6 votes, no flags. Six others coming off sounding as hoity toity as you.
          Aim your criticism at legitimate targets please. After due diligence to establish the validity of the specific issues you took exception to.
          PreachJohn