The Tech Herald takes Microsoft Security Essentials for a spin. (IMG:MSFT)
Microsoft Security Essentials, formerly known as Morro, is the latest effort from Redmond to protect the masses. While the news leading up to the launch of this free security suite from Microsoft has been mixed, The Tech Herald downloaded it anyway, just to see if it can stand up to the hype.
Note: If you updated from the Security Essentials Beta, the final verion 1.0 is exactly the same with regard to looks and feel. Scan testing offered no major improvement to the previously tested results. We did notice that after updating, the main controls seemed to load faster.
Along with our written review and thoughts, we have included videos showing installation, the initial update and scanning process, a walkthrough of the software and more. Those are on page four of this review.
[Updated on 9-29-2009 1:30 p.m. EST to add noted on version 1.0.]
[Updated on 6-23-2009 7:36 p.m. EST to add video of Rogue AV test.]
Microsoft Security Essentials (MSE) is a free anti-Virus that is “cloud-based” including a basic community layer of protection called SpyNet. As it stands now, MSE will work on XP, Vista, and Windows 7. However, the basic requirements will vary for each operating system.
The Tech Herald reviewed MSE on a Windows XP system running SP3, and all current updates as of 6-23-2009. The system is a Dell with a Pentium 4 2.80 GHz CPU and 2048 MB of RAM.
For testing, the C drive on the lab system has 102 GB total space with 92.7 GB free. The G and H drives, used for the testing of the Full System Scan, are 97.6GB in size each, with 81.1GB and 84.2 GB free respectively. Before installation, the system was used to surf various sites to collect usage related files such as temp files and if the site was malicious, Malware. The sites visited were both legit commercial sites and illegal Warez related sites.
Installing MSE is a snap. Once the software is downloaded and the installation process launched, it checks for a validated copy of Windows and downloads anti-Malware signature updates. The entire process took less than 50 seconds to complete. Once that was finished, you have the option to launch a Quick Scan of the system. This is an optional, but a highly recommended step.
The Quick Scan, which launched after installation, took over ten minutes (10m 38s) to complete. Not the fastest scan in the world, but not that bad either. It scanned 22,973 items in that time.
Using the Custom Scan option to scan only the C drive, MSE more than tripled its previous scanning time, completing the process in 32 minutes and 42 seconds. The Custom Scan examined 269,467 items in all. A Full System Scan was then launched, including all system partitions and registry settings, this took almost two hours to finish (1h 47m), scanning 1,285,083 files.
It’s important to note that a Quick Scan will scan sensitive areas of the C drive only. The Custom Scan was set to scan the C drive as well. However, the Custom Scan took a deeper look at the drive. During the Custom Scan, this deeper look led to the discovery of Adware that was missed during the Quick Scan.
By default, a Full System Scan will scan all of the partitioned drives on the system, plus the registry. This scan will always take longer. The reason that the Full System Scan took as long as it did had more to do with the number of archives (Zip, Gzip, RAR, ISO, etc.), and sheer file volume, than it did with the scanning engine. This deep scan also detected two Trojans and one piece of Spyware. However, it did flag an archive with the RealVNC.exe as a Medium risk.
While not an excuse for such a long scan, as other applications have gone much faster, it does explain the reason. You can use the settings within MSE to limit the file types scanned, as well as how deep the scans go. This will improve scan times, but during our review all software settings remained at default levels.
When it comes to resources, we had no real issues during our test. At the same time, MSE jumped around a bit when it came to resource usage during scanning. In each of the three scan tests, MSE used various amounts of RAM and CPU. Two of MSE’s processes stood out during testing, MSMPENG and MSSECES.
For example, during the Custom Scan, MSE used 94MB of RAM on average. MSMPENG, which used 99MB of RAM at peak and 76MB of RAM on the low end, averaged 82MB while the scan was taking place. MSSECES, during the entire process, remained at 12MB usage.
During the Full Scan, MSMPENG used 129 MB of RAM at peak and 74MB of RAM on the low end, averaging 84MB of RAM usage. MSSECES, as was the case during a Custom Scan, remained at a steady 12MB of RAM usage during the entire process.
CPU usage during scanning peaked at 100 percent, but would jump around. We observed it going from 40 percent to 100 percent, down to 30 percent and then to 73 percent during the Full System Scan. The average CPU usage always remained around the low to mid 40 percent range.
When no scans were running, MSMPENG uses about 72MB of RAM (72,056K) while MSSECES lowered its RAM usage to about 5MB (5,024K). The CPU usage during this inactive period remained at 4-5 percent with the occasional spike into the teens.
Overall, MSE is easy to navigate. There are four main tabs; Home, Update, History, and Settings. The Home tab has a simple to read status monitor. Interestingly enough, this status monitor is an image of a monitor with Green, Orange, or Red displays to allow for quick status updates. On the lower part of the Home tab is a notice detailing the scheduled scan settings. You can launch an on demand scan from this tab as well.
Once an issue is discovered, you will see a large Clean Computer button on the Home tab, which will clean things automatically using the settings you assign by threat level, or you can clean things by hand by selecting show details. [See 2nd video.]
The Update tab is self explaining, aside from the status of the AV and Spyware definitions, there is a large Update button to launch updates. The History tab will show three types of data, based on previous scans. You can view everything at once, items that have been quarantined or items that have been allowed after they were flagged. When viewing quarantined items, you can delete them completely from the same tab if you wish or when viewing allowed items remove their exemption status.
The Settings tab has the most options available. Here you can schedule scans, determine the default actions MSE should take when something is flagged, exclude file types, processes, or drive locations, as well as determine how MSE will scan archives and removable media such as USB drives.
Oddly enough, considering all of the hype from the Conficker Worm, scanning USB devices is disabled by default. Even if enabled, MSE will only scan USB drives on a Full System Scan.
Finally, the Settings tab is where you can select your membership to SpyNet.
SpyNet is Microsoft’s online community that collects information based on two levels of membership. The first is Basic, set by default, which sends information on items flagged by MSE including where the item came from, the actions you opted to take on that item once it was flagged or actions taken automatically, and if those actions were a success.
The Advanced membership into SpyNet includes all of the things the Basic membership includes, but with more details. That extra information includes, the location of where the item was located on the system when it was flagged, the file name, how it operates, and how it impacted your computer. Microsoft warns that personal information might end up in SpyNet submissions, but that it is not used to identify you or contact you.
The help offered by MSE is straight forward and easy to navigate. You have the option of getting help online or offline. Online is default, if you click the word help, which takes you to the Microsoft Security Essentials website, linking to traditional support or community support.
There is also a link in the help area to submit malicious samples to Microsoft. That link leads to a web form and upload area.
As discovered during the scan tests, detection on MSE is solid, it's good to see that the Malware placed on the system during the pre-install browsing session was picked up. After MSE discovered no other infections, those results were checked against two online scanning engines, as well as Malwarebytes Anti-Malware. The secondary scanning showed the system clean.
To add to the detection tests, a password protected Zip file with 50 samples of Malware was loaded on to the system. The samples were all from attachments in malicious email, as well as downloaded from the Internet in the form of fake codec files from video sites.
The password protected Zip was not detected as a threat after scanning it with MSE. However, once unpacked to a folder named Infected, MSE detected and removed every sample, leaving only the folders behind.
Based on the scanning of known Malware, MSE did great on this part of the test. However, as mentioned, this was a test of 50 known samples; so failure would have been inexcusable. With that said, to double check detection, we pointed the test system to a few malicious and newly active domains.
[Note: as of 6-23-2009 the sites listed below are active and harmful. Do not visit them.]
http //browsehistory cn/go php?id=xxxx&key=xxxxxxxxx&p=x
Once this site loaded, as you can see in the image below, the screen filled with gibberish. However, that did not stop the Trojan it serves from attempting to load. MSE flagged this and prompted us to remove it immediately.
[An interesting note, while taking the screen capture for the second image below and editing it, MSE removed the threat automatically, without waiting for us to do it on our own.]
http //cmdnet2 89 80000web com cn/admin
This site attempted to install a file that was flagged instantly with the same recommendations as the previous alert offered.
http //w-transcorp com/so399x/xxxx.php
Once loaded, this site prompted a download of a PHP file. Once the file was downloaded and executed, two versions of the Sailty family of Viruses were installed on the lab system, as well as a Trojan. MSE detected all three.
The final two sites led to Malware that once removed by MSE required a system restart.
Based on testing, the detection offered by MSE is great for a free product. It was far better than we expected in all honestly. Yet, that does not mean it is infallible. New threats, and new methods to expose users to them, appear hourly. A little caution while surfing the Web, and good maintenance routines – like applying system patches and software updates regularly – will offer you far more protection than any AV engine or product.
Not to mention, regardless of how well MSE performs, or any other security application for that matter, it should only be counted as a single layer of protection for the computer.
Still, for a free AV product, MSE impressed us, and this is just the beta. The only downside was the slow scanning. If you can live with that, and are looking for a free security application, then Microsoft Security Essentials is a great choice.
You can download the beta online now. Click here to get it.
Install and scanning:
[Note: The URL in the video below is live and active. It was first discovered on 6-23-2009 during a scan of honey pot logs. It delivers Rogue anti-Virus, designed to scam you out of your money and personal information. In addition it will download and install Malware to the system. Again, DO NOT visit the URL you see in the video as it will infect your system.]
From our Other Sites
This Japanese guy cooks up some pancakesâ€¦nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most [â€¦]
Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.
McLarenâ€™s 675LT will debut at this yearâ€™s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate [â€¦]
Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.
This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western [â€¦]
This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robotâ€™s arm. For a sense of scale the roverâ€™s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASAâ€™s Goddard Space Flight Center.
This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.