 |
| Microsoft Security Essentials Dashboard |
Pros
Spare, simple user interface. Insulates user from confusing details, while making details available if desired. Good ratings from independent labs. Free.
Cons
Protection weaker under Windows XP. Mediocre results in hands-on malware blocking and malware removal tests. Left some threats running after alleged removal.
Bottom Line
If using a Microsoft product gives you a warm, safe feeling you may consider relying on Microsoft Security Essentials for antivirus protection. The independent labs give it good ratings, for the most part. In my own testing, though, it didn't shine. Other free products offer better protection.
Free consumer antivirus protection is the central focus for some vendors. They aim to gain mindshare with millions of users who'll remember them when it comes time to purchase antivirus protection at work. Microsoft already has all the mindshare it needs, so it's not too surprising that the company soft-released Microsoft Security Essentials 2.0 (free, direct) last month with little fanfare.
Technically the product name is still just Microsoft Security Essentials, but the About box clearly shows a version number beginning with 2.0. This version has a few new features. It can automatically ensure firewall protection by enabling Windows Firewall if necessary. In Windows Vista and Windows 7, Microsoft Security Essentials' new network inspection system adds specific protection against network-based attacks. The app also claims better malware-fighting skills, though in my testing it seemed little improved.
Recognition from Independent Labs
When I reviewed Microsoft Security Essentials 1.0 (Free, 3 stars) there wasn't much independent testing data available, so Microsoft suggested I rely on test results for their business-oriented Forefront product. Now that the free product has been around for a while the labs have given it a going-over, and the results are generally good.
West Coast Labs and ICSA Labs certify Microsoft Security Essentials for both detection and removal of threats; West Coast adds certification for Trojan detection. Virus Bulletin has only tested the product four times. It achieved the VB100 protection level three of those four times.
In the latest proactive protection test by AV-Comparatives.org, Microsoft rated ADVANCED+ (the top rating) with very few false positives. In the corresponding on-demand protection test it rated ADVANCED.
Last year AV-Test evaluated a collection of antivirus products under Windows XP and under Windows 7. They rated each product for protection, usability, and ability to repair malware damage, with six points available in each area and a total of 12 needed for certification. Under Windows 7, Microsoft Security Essentials made the cut with 14 points, not far behind the 16 points achieved by top scorers Norton AntiVirus 2011 ($39.99 direct, 4.5 stars), Kaspersky Anti-Virus 2011 ($59.95 direct for three licenses, 3.5 stars), and Panda Antivirus Pro 2011 ($50.95 direct for three licenses, 3.5 stars).
In the Windows XP test, though, Microsoft took just 11.5 points, not enough for certification. It score high for usability but low for protection and repair. Quite a few products scored lower under Windows XP. Norton was the only one to reach 16 points in both tests.
Here's a rather different form of recognition. One fairly widespread scareware threat tries to fool its victims by popping up warnings that seem to come from Microsoft Security Essentials. Imitation may be the sincerest form of flattery, but I'm sure Microsoft doesn't appreciate this particular compliment.
Installation and Cleanup
Installing an antivirus on my thirteen malware-infested virtual machines can be an arduous task. Some products take a long time to install and update; others won't even install due to self-defense by malware. Microsoft Security Essentials didn't give me any trouble; it installed quickly and smoothly.
In several cases, Microsoft Security Essentials' real-time protection system detected active malware right away and popped up a simple warning box with a button offering to clean the computer. There's a link to get details; clicking it also offers a chance to change the disposition for the found threat. Another link opens a detailed description of the behavior and file/Registry traces for each threat. This is handy for experts and testers. Users who don't want to be bothered with details can just click the button and let the cleanup happen in the background.
The real-time cleanup involves a mini-scan that frequently ends with a request to reboot. The product necessarily turns on automatic updates, so if for some reason you've been putting off updates you'll be in for a lengthy session during that first reboot.
At installation, the product schedules a weekly quick scan. You can change the schedule and the type of scan, if desired. By default the scheduled scan restricts itself to using 50 percent of CPU resources. That doesn't affect on-demand scans, though. In testing, a full scan took over 50 minutes regardless of the CPU setting, which is about twice the average of recent products. A repeat scan came in under 25 minutes.
For most found threats, Microsoft Security Essentials simply takes the necessary remediation action, though it will occasionally ask permission to remove low-risk items like adware. At the end of a scan it reports that it finished; you can click the History tab to see what it did.
In my testing, Microsoft detected 79 percent of the malware samples and scored 6.6 points for removal. A couple of threats were still running after it reported successful removal, which isn't good. Ad-Aware FREE Internet Security 9.0 (Free, 4.5 stars) detected 91 percent of the threats and scored 7.3 points, better than most commercial products.
I also test each product's ability to detect and remove commercial keyloggers. Microsoft detected just 50 percent of these and left two of the detected samples running after alleged removal, for a score of 3.2 points. I don't give this test much weight in final scores, since there can be disagreement as to whether a given keylogger is actually malware. Still, I don't like to see a product detect a threat and then fail to remove it.
Microsoft Security Essentials detected 89 percent of the rootkit samples. That's good, but more than half of the recent antivirus products detected 100 percent. Its score of 5.6 points reflects the fact that it left two samples running after alleged removal, one of them with its rootkit technology still active. Microsoft Security Essentials scored 5.9 points for scareware cleanup, far behind the top products. Ad-Aware Pro Internet Security 8.3 ($39.95 direct for three licenses, 4 stars) tops the list for scareware cleanup with 8.4 points. Malwarebytes' Anti-Malware 1.46 (Free, 3.5 stars), a free product, comes in second with 8.1. For details on how I calculate malware removal scores see How We Test Malware Removal.
No comments:
Post a Comment