Tuesday, June 23, 2009

Microsoft Security Essentials: First Impressions

Hey folks, in case you were living in a cave, Microsoft's Security Essentials (formerly code-named "Morro") is now live and available for download.

As it went live at 11:00am Central Time I couldn't help but snag it the minute it went live... and wanted to throw out my first impressions and continue to update this post as I put the free anti-malware client through its paces in my lab.

Lab Configuration:
  • Host: Linux Ubuntu 9.04 running Sun VirtualBox
  • Host OS: Windows 7 RC build
  • Memory: 2Gb
  • Disk: 20Gb
  • This is the only anti-malware client on this [virtual] machine
After jumping through the hoops to download the BETA, and actually reading the EULA and software agreement (which is pretty standard, by the way... no giving up your first-born), I got the client installed and working just fine. I grabbed the available version (6/21/09, Ver. 1.0.1407.00) and installed it immediately.

First thing I noticed is how utterly tiny this client is, at just over 4.7Mb, that's astounding! Maybe this isn't everything that my monstrous Kaspersky install is on my laptop... but this is pretty impressive if it can deliver. On disk, after installation the Microsoft Security Essentials directory is just 8.67Mb, with 38 files in 6 folders... again, not too bad. As far as system resources are concerned, the msseces.exe process runs in the context of the currently logged-in user (as is expected with Windows 7 controls) using ~0% CPU and just 3.468Kb of memory. With such a small footprint one has to immediately wonder... is this thing even effective? I'm going to find out.

One thing that those of you who are used to complex anti-malware packages will notice is the distinct lack of advanced features... this is, after all, a very simple anti-malware client. Simple being the operative word here... so you can't expect much for free... or can you? There is the option of Real-Time protection which enables itself after the first auto-update and there is an auto-update features, since the goal is to reach those who would never remember to do it manually. Overall first-impressions are... "yea, it's simple".

Looking at the settings one thing did strike me though... the participation in Microsoft SpyNet (which is apparently a carry-over from the Windows Defender tool) has a Basic or Advanced membership. I can't quite tell exactly what the advanced membership buys you (the user) or why it shouldn't be the default... as it appears that it would help the SpyNet folks pin-point the malware more closely. One thing I did notice is that there is this interesting clause, which I can't imagine worrying anyone...
"In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you, or to contact you."
That unintentional gives away something that I think needs to be further investigated. What types of information is being sent over? How can analyzing malware unintentionally lead to disclosure (or harvesting, accidental or not) of your personal information? I'd venture a guess that as malware collects information on YOU, it may inadvertently pass that information on when it's captured, but I can't say for sure.

Here's how I'm laying out my tests for the coming week or so...
  • Using Security Essentials I'm going to find and download some "questionable content" from the dirty underbelly of the Internet...
  • I plan on comparing SecEssentials performance in detection and raw stopping power against that of my Kaspersky installation protecting another VM...
  • I'm also planning on comparing "Morro" or Security Essentials against some of the other things out there including PrevX (if they ever get back to me)...
Look for more coming soon... so far, so good. Do you have the BETA installed? Have you given it a test-run and found anything interesting? Be the first to comment here... let's hear your reactions if you're willing to share!


Nick Owen said...

Thanks for this - I may try this on the wife's computer if I can't get her to switch to Linux :).

Ryan said...

so far it seems pretty cool but I haven't had a chance to test it so I look forward to what you see.

Rafal Los said...

@Ryan - actually... check the follow-up post out here (http://preachsecurity.blogspot.com/2009/06/microsoft-security-essentials-road-test.html), let's just say MSE didn't do so well in my simple lab test.