Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Security Essentials AV - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Security Essentials AV

Microsoft Security Essentials (MSE) hit the streets today (Thanks Kia for the heads up).  So I thought we'd have a quick look at it and let you know how it goes.

MSE replaces the Onecare offering and the free Defender installation standard on Vista installations.  It will provide you with malware detection and removal ONLY.  So do not rely on this as your one stop shop for security.   It does not have the features and functionality that many of the AV vendors provide in their products.  Think of this as the AV as it used to be in 2000 or so. 

There is no central management and updates are taken from windows update services (from the looks of it not from WSUS). 

The install is straight forward.  After downloading it (approx. 8MB), run the installer and follow the yellow brick road.  It does a genuine product check and after installation it will go and update itself.   I had troubles getting it to update when behind a proxy server, but I suspect that was a local issue.  Going direct it updates and applies the latest signatures.  Reportedly there will be 3 updates per day on average. 

Detect rates seem to be quite good.  It seems to have found most of the things on a test malware drive.  I have to check more closely if it missed things and if so why. 

There are plenty of people who don't want to pay for AV, we all have one or more in the family.  This will plug that gap, assuming the Windows version being used is legit.  

 

Mark H

Mark

391 Posts
ISC Handler
I installed the Microsoft program with no problems, and did my first scan. I am going to keep all my other protection programs active though. The BBC on-line news source had an article on the Microsoft Security Essentials.
Anonymous
Anyone seen if this is creating any compatibility issues with mainstream consumer/corporate AV solutions?
Anonymous
I installed it alongside 64bit ESET 4.3.467 AV on Windows 7. No compatibility issues observed, but I did see a significant spike in CPU util during scanning. Also, I had no problems killing MSE service, and processes... Not happy about it.

Jason Fossen had a good article about the beta release a while back:
http://blogs.sans.org/windows-security/2009/06/22/microsoft-security-e

Regards,
Anonymous
Readers should not try a search engine to find the download URL for Microsoft Security Essentials, especially with Google as the search engine results have been poisoned and re-direst to sites hosting rogue security software.

Check article from WebSense at:
http://securitylabs.websense.com/content/Alerts/3485.aspx

Screenshots of poisoned results and malicious pages are shown on this page as well as the report.
toymaster

13 Posts
Readers should not try a search engine to find the download URL for Microsoft Security Essentials, especially with Google as the search engine results have been poisoned and re-direst to sites hosting rogue security software.

Check article from WebSense at:
http://securitylabs.websense.com/content/Alerts/3485.aspx

Screenshots of poisoned results and malicious pages are shown on this page as well as the report.
toymaster

13 Posts
I find this sentence to be very misleading:
"...It will provide you with malware detection and removal ONLY..."

MSE will also scan for viruses. The above, seems to suggest that this product can only look for malware on a system.
toymaster
1 Posts

Sign Up for Free or Log In to start participating in the conversation!