Microsoft Security Essentials: some first impressions (and some FUD)

7180.microsoftsecurityessentials_thumb_0cc8eacd News Microsoft released its new free anti-malware product, Microsoft Security Essentials, this week, and the reviews are starting to roll in.  We’ve been using MSE since the first beta, and have found it to be unobtrusive, simple, and a refreshing alternative from the constant churn coming from some of the other free AV services.  Of course a quiet AV solution that doesn’t catch malware isn’t of much use, but according to some studies posted around the web, MSE is at least on par with the other AV services.

Not that those services are all that happy about it.  In a post the Wednesday on Ars Technica, a Symantec spokesman downplayed MSE:

“Microsoft Security Essentials (MSE) is a stripped down version of their old OneCare product which was poorly rated by industry experts and users alike. From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime. Unique malware and social engineering tricks fly under the radar of traditional signature-based technology alone—which is what is employed by free security tools such as Microsoft’s”

In fact, however, MSE is based on ForeFront Security, Microsoft’s enterprise security solution, and doesn’t rely on the old OneCare technology.  OneCare earned some early bad press that it was never able to recover from, but also a move to a common ForeFront platform allows Microsoft to use the free MSE to gather information on malware in the wild which could then be used to tweak the enterprise offerings.

In a separate post, Ars Technica also posted their first impressions.

Other, more fact inspired reviews have shown good results for MSE.  PC World reports on independent AV researcher AV-Test.org results on MSE, which it called “very good”:

The first test put Security Essentials in the ring against more than 3,700 viruses, Trojans and worms culled from the most recent WildList, a collection of threats actively attacking computers. “All samples were successfully detected and blocked during our on-demand and on-access tests,” Marx said in an e-mail today.

The second test sicced Security Essentials on a much larger set of malware. Of the 545,3444 malware samples in that collection, Microsoft’s software nailed 536,535, resulting in what Marx characterized as a “very good detection score” of 98.4%.

In a follow-up test of adware and spyware detection — Security Essentials also includes anti-spyware scanning — Microsoft’s software spotted 12,935 out of 14,222 samples, for a 90.9% accuracy rate.

A few other MSE details: first, a blog post on the Genuine Windows blog points out that MSE is available only legitimate copies of Windows, and that MSE will check to make sure the copies are indeed genuine, and a post on the Register is reporting “black hat” SEO activity on searches for Microsoft Security Essentials (and, incidentally, Google Wave), according to Websense.  The black hats, trying to take advantage of increased search activity for the products, have flooded search engines to move their more unscrupulous AV products up the search rankings.  A quick check here on Bing and Google show that MSE is in the top of the results, but always good to be careful.

You can download Microsoft Security Essentials directly from Microsoft.