Network News

X My Profile
View More Activity

Microsoft Debuts Free Antivirus Software Beta

Microsoft on Tuesday released a beta version of its new free anti-virus offering, Microsoft Security Essentials (a.k.a "Morro"). My review, in short: the program is a fast, easy to use and unobtrusive new addition to the stable of free anti-virus options available today.

MSE is basically the next generation of Microsoft's Windows Live Onecare anti-virus and anti-spyware service, but without all of the extras, such as a firewall, data backup solution or PC performance tuning (Microsoft announced in Nov. 2008 that it would stop selling Onecare through its retail channels at the end of June 2009).


The toughest part was getting the program installed. MSE can run on Windows XP, Vista or Windows 7 (both 32-bit and 64-bit versions), but it failed to install on an XP Pro system I tried to use as my initial test machine -- leaving me with nothing more than a failure message and cryptic error code that didn't turn up anything in an online search.

Fortunately, it installed without issue on my Windows 7 Beta system. Interested users should note that installing MSE requires that the would-be user's system passes Microsoft's Windows Genuine Advantage anti-piracy tool, which checks to make sure it is being installed on a licensed version of Windows. Would-be users also will need to register for or already have a free Windows Live (or Hotmail) account in order to download the program.

After installation, MSE spends a couple of minutes downloading additional files, and then prompts the user to perform a "Quick Scan." True to its name, that scan took less than 10 minutes on my test system. A full scan, however, took about 45 minutes on a relatively new install of Windows 7.


Anti-virus products are notorious for sucking up system resources, but you'd be forgiven for forgetting this program is even running. It barely used more than 4 MB of system memory for the entire time I tested it, including during scans.

By default, MSE scans archived files (.zip, e.g.), and creates a system restore point before deleting any files that set off alarms. The one scanning option not checked by default is to scan removable drives -- such as USB drives -- for viruses. But users can enable this option.

The program is not just an on-demand scanner: It includes real-time protection, which Microsoft says "alerts you when viruses, spyware and other potentially unwanted software attempts to install itself or run on your computer."

In addition, MSE monitors file and program activity on your computer, and automatically scans all downloaded files and attachments. If it finds something, it will ask you what to do with the suspect file, and if the user takes no action after 10 minutes, Microsoft will decide what to do with the file(s) according to its default actions. Out of the box, it schedules a scan every Sunday at 2:00 a.m., but only if the PC is idle at that time.

A great deal has been written so far about the potential for MSE to unseat established giants in the anti-virus industry. It's too soon to say whether that will happen, or how Microsoft's new offering will measure up in tests against real-life malicious software, tests that are beyond the scope of this review.

Personally, I doubt whether MSE will have much of an impact on the anti-virus market as a whole. If anti-virus industry players fall by the wayside in the coming years, it will be because they either get gobbled up by their (non-Microsoft) competitors, or they fail to adapt to the latest threats.

Each time the issue of Microsoft throwing its weight around in the security space arises, it invariably raises the same issues of trust, privacy and efficacy. Allow me to address a few of the common themes, in the context of MSE:

Microsoft made the operating system, so it's probably best equipped to produce software capable of defending its weaknesses: The truth is, Microsoft is continually defending the weaknesses in Windows. Every month, it ships new patches to fix security and stability problems in its software that it didn't know about until bad guys or researchers unearthed them and proved they were exploitable. What's more, Microsoft is in no more advantageous a position vis-a-vis other anti-virus makers to tell which tricks the bad guys will pull out of their hats next.

Microsoft is responsible for the same buggy software that lets the bad guys break in, so why would you trust them to also do a good job defending your PC against malware?: This is a fair question, but the folks asking this very question probably will never install this software anyway.

And, while I don't believe Microsoft has the time or the inclination to go rooting through users' systems for personal information, the disclaimer for the default "Basic membership" in Microsoft SpyNet that ships with MSE also isn't likely to reassure those who doubt the company's intentions. It reads:


"Send basic information to Microsoft about software that Microsoft Security Essentials detects, including where the software came from, the actions that you apply or that Microsoft Security Essentials applies automatically, and whether the actions were successful. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or to contact you."

Microsoft is only offering this product so that it can gain a foothold in the security software market, after which time it will start charging people to protect their computers whilst strong-arming its competition: Microsoft has said it plans to continue offering MSE for free. And for all of the reasons stated above, I don't believe Microsoft's offering of a free anti-virus product is going to steal too many paying customers away from other products. After all, there are plenty of other free anti-virus products available, including AVAST! Home Edition, Avira's AntiVir, AVG Free, ClamWin, PCTools, and Panda's new Cloud Antivirus offering, to name but a few.

I suspect Microsoft is offering this software for reasons part public relations and part self-preservation: Redmond knows that anything it can do to ensure that there are fewer malware-infested PCs out there is a good thing. And let's face it, for whatever reason -- even with the impressive number of free anti-virus offerings out there already -- a dangerous number of Windows users continue to use the operating system without any kind of anti-virus software installed. At least with its brand recognition, Microsoft has a good chance of changing that reality to some degree.

One final note, if you're interested in trying out this software, you probably want to move pretty quickly. According to ZDNet blogger Mary Jo Foley, Microsoft intends to make this beta available only to the first 75,000 downloaders in the United States, Brazil or Israel.

By Brian Krebs  |  June 24, 2009; 7:00 AM ET
Categories:  From the Bunker , Safety Tips  | Tags: microsoft security essentials, morro  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Accused Spam King Alan Ralsky Pleads Guilty
Next: Critical Security Fix for Adobe Shockwave Player


As a original user of Windows Live One Care (now known as MS Security Essentials) it did not catch the most easiest and known viruses out there, nor did it find spyware which my Kaspersky caught before any damage took place. I compared Windows Live One Care it to my Norton on another computer and found Windows Live One Care pretty ineffective and useless. Its obvious no one is buying MS Live One Care (and probably won't buy MS Security Essentials) as its marginal if that when it comes to providing any real security to desktops and notebooks.

Posted by: Austiniter | June 24, 2009 7:51 AM | Report abuse

Looks like it's a limited beta. I just went to the link provided. I got this:

Thank you for your interest in joining the Microsoft® Security Essentials Beta. We are not accepting additional participants at this time. Please check back at later a date for possible additional availability.

Posted by: AJ2007pa | June 24, 2009 10:19 AM | Report abuse

Nice article. I would have liked it more if it tested M/S' offering on a system hosting real malware so that we could judge it's effectiveness from a reliable analyst.

Posted by: RLMuller | June 24, 2009 10:22 AM | Report abuse

It is not that dangerous to not have anti-virus software as long as you login as a "limited user". All apps work fine and any malware can do little damage since the "limited user" as no rights to install software or mess with OS software.
I have been running for years like this. My kids use it freely. Every once in a while, I do a scan. Nothing is found.
Oh, I do block porn and other sites known for distributing malware using BlueCoat software.

Posted by: david08054 | June 24, 2009 10:30 AM | Report abuse

Sorry, this Microsoft Anti Virus is not for my country, I have Norton is very good and I have not problems. I have a Virus send You ?

Posted by: Maiwald-Werner | June 24, 2009 10:35 AM | Report abuse

This should have been an integral part of MS Windows right from the start of version 1.0.
Took them more than 2 decades to finally do something about it.

Posted by: bart3385 | June 24, 2009 10:42 AM | Report abuse

I'm curious about whether virus writers will spend extra energy writing their programs to get around MSE just so that they can say they beat Microsoft.

Posted by: Booyah5000 | June 24, 2009 11:14 AM | Report abuse

Brian, is there any word about the program's effectiveness when compared to other free antivirus programs?

I don't plan to switch, because I don't really want a Windows Live account. (Or is that just required for the beta download?) If the program were superior to Avira, though, I'd think again.

Posted by: Heron | June 24, 2009 11:26 AM | Report abuse

Just checked and it's not currently available at this time.

Posted by: Krayzcarole | June 24, 2009 12:00 PM | Report abuse

I don't expect Microsoft to unseat anybody in the AV space right now. Judging from some of the comments above about OneCare, it doesn't sound like it's going to do very well on the virus lab benchmarks once it gets tested either. That being said:

1. If there was something that I believed Microsoft SHOULD bundle with Windows, this is probably. For the apathetic subset of the Windows userbase, a substandard solution is in fact better than no solution at all.

2. 4Mb memory footprint? If Microsoft has managed to achieve a genuine technical innovation in terms of bloat reduction in AV products, we can only hope that the other major vendors will take this as a challenge to reduce their memory footprint as well. Assuming that isn't part of the reason why the protection level appears to be substandard. ^_^

Posted by: conspirator5 | June 24, 2009 3:35 PM | Report abuse

Heron said: I don't plan to switch, because I don't really want a Windows Live account.

Bing, me either! If it has merit, why try to tie it to something else that a vast majority clearly doesn’t want! In December, I downloaded OneCare to see what the fuss was about, but really didn’t find anything of great merit.

Microsoft should know how to protect its system the best, but it’s almost way too late to game, and they have lost a lot of credibility. While I haven’t gotten a virus - thanks Brian! - by using a decent anti-virus program, I am also not a child. So, I generally don’t do myspace or even facebook, but those how do shouldn’t have their systems completely hosed because they merely looked at a site. Without the addition of a firewall, I think of it as another MS “patch.”

Posted by: ummhuh1 | June 24, 2009 3:37 PM | Report abuse

What happened MS Forefront? My employer is currently installing it on thousands of PCs.

Posted by: flybly2 | June 24, 2009 3:52 PM | Report abuse

Sending a "damage assessment" report back to Microsoft headquarters is not something new. The Malicious Software Removal Tool that's bundled with each month's patches, does the same thing. That's how MS compiles its semi-annual report on the status of malware.

Also, I find it hard to believe that this thing only takes up 4 MB. The user interface console might only occupy 4 MB but what about the actual processes? What does Task Manager show? Usually the real-time protection consists of 1-3 processes, requiring tens of megs. For example, Symantec AV uses SAVRoam.exe (4,600 KB), RTVScan.exe (75,124 KB), and DefWatch.exe (5,416 KB).

The requirement for Genuine Validation and a Windows Live/Hotmail account is a bad idea if the intent of this product is to reduce the number of infected Windows users. None of the other free antivirus vendors impose such barriers. If your true goal is improving security for the widest possible audience, you shouldn't let other corporate policies get in the way.

Posted by: taskforceken | June 24, 2009 4:47 PM | Report abuse

Like many, I use a multi-layered defense scheme. In this environment, compatibility is a critical consideration. I would appreciate any feedback on whether MSE conflicts with other security applications.

Posted by: shambalad | June 24, 2009 5:38 PM | Report abuse

@taskforceken - I like your point about requiring the anti-piracy check vs. securing users.

btw, you can see in the second screenshot above the exact RAM usage of MSE, as I had task manager running right beside the scan window.

Posted by: BTKrebs | June 24, 2009 5:45 PM | Report abuse

Microsoft CAN'T charge for its AV software. It would be seen as Microsoft selling a flawed OS to force people to buy software to patch those flaws. It'd be like GM selling cars that need to have the brakes adjusted monthly (but only by GM mechanics).

As a free product, it shows good faith that they are trying to proactively overcome problems in a complex product.

As a pay product, it shows corporate greed on a massive scale.

Posted by: filfeit | June 25, 2009 7:35 AM | Report abuse

I'll pass. Microsoft generally produces crappy software. This AV product along with Windows 7 will be no exception. Good luck.

Posted by: tuzoner | June 25, 2009 8:20 AM | Report abuse

What is the best free anti-spyware program? I currently have Webroot Spy Sweeper, but it is not stopping the malware that highjacks my computer and says it is infected and I need to buy their fake product.

Posted by: buffysummers | June 25, 2009 9:13 AM | Report abuse

I really wish they would fix the O/S rather then bury the virus issues in patches and attempted fixes via applications. Instead of spending engineering resources on fluff such as Aero and and all the other crap they stick into Windows they should:
1)fix the kernel to make it virus-proof,
2)work towards a more efficient kernel so applications run faster and you don't need to upgrade your system every "new" release,
3)stop playing games with consumers by disabling critical components (i.e. secpol) on systems.
Having worked on O/Ses for over 25 years, including a stint at MS, our problems with viruses are due to Microsoft's really bad decisions including Active X. MS created this virus problem with Windows and they could have made it go away if they really wanted it to.
How much time and bandwidth is wasted each time MS issues a patch? Is there any other product that required the same level of repair that is not considered a "lemon?" Someone needs to do something to stop this needless madness.

Posted by: lennyp | June 25, 2009 9:30 AM | Report abuse

Buffy ~ go to and download their free scanner. It's reactive, so you run it when you have a problem, but it does a really good job of cleaning up.

And, you're doing a really good job too! I haven't seen a vampire around here in forever. Of course, I stay away from Congress. :)

Posted by: filfeit | June 25, 2009 9:55 AM | Report abuse

Actually,One Care and MS Forefront have done well in tests from both AV-Comparatives: as well as Virus Bulletin (free membership required for access to results):

Unfortunately, I worry that their effort will go the way of Windows Defender. It was a decent tool when Microsoft acquired the program from Giant Software, and I think MS improved it as it became Defender. Today, though, I find it virtually useless compared to Malwarebytes Anti-Malware, Spybot Search and Destroy,and some other freeware tools around. So, it isn't MS technology that I question; it's their focus and continuing commitment to a freeware security solution that I doubt.

Posted by: slgrieb | June 25, 2009 11:51 AM | Report abuse

I don't trust anything Microsoft related when it comes to antispyware. Poor people that have relied on Defender and Live care, only to find out that they are not nearly as reliable as the "Real" antispyware products.

Posted by: Engagement_Rings | June 25, 2009 12:19 PM | Report abuse

FREE as in TRIAL VERSION and USELESS unless we have captured the new virus.

Anti-virus software is only good AFTER the virus has been released!!

My anti-virus software?

I have two systems I use office/home
Unbuntu Linux

Posted by: kkrimmer | June 25, 2009 2:49 PM | Report abuse

re: low memory usage

Brian, thanks for pointing out the Task Manager screenshot. That certainly is an amazingly low footprint given what we know about MS application development.

Although there are occasional exceptions, MS products, along with other vendors, just get bigger and bigger with each new release.

I remember examining the Task Manager on a Win XP machine that was still running Mcafee Virusscan 4.51. It had real time protection and web scanning turned on. There were at least five related processes running, consuming over 200 megs of memory in total. Fortunately, this pig was masked by the system (the user had a Pentium 4 with 1 GB of memory).

Posted by: taskforceken | June 25, 2009 4:12 PM | Report abuse

Most "free" stuff is worth exactly what you pay for it.......NOTHING.

I have professional trustworthy programs that I use to protect me from people who use the free crap. Sure it costs me but I have not been "infected" with anything since I was a stupid novice over 10 years ago.

Posted by: OregonStorm | June 25, 2009 4:16 PM | Report abuse

So let me ask a few questions?

Do we want a security monoculture? no

Will MSE block infected web sites? no

Will MSE block phishing sites? no

Will MSE block hackers? no Windows has a firewall - but a bad one

Does MSE have intrusion protection? no

Will it hook into your IM to prevent yahoo or AIM from becoming an express way for worms? no

Will users think they are getting complete protection from what is only a partial security solution? Yes

Will MSE have support? No

is this a good thing? _______________

written from my mac

Posted by: danx1000 | June 25, 2009 6:46 PM | Report abuse

I received this from a reader via e-mail:

You said in your post:
"It barely used more than 4 MB of system memory for the entire time I tested it, including during scans."

Just let me point out that you didn't have a look at the complete picture. Your task manager only shows the foot print for Morro's user interface (msseces.exe), but not for the scan engine (MsMpEng.exe aka AntiMalware Service Executable).

Right now I'm scanning my Vista computer. The memory footprints are as follows:
msseces.exe : 13 MB
MsMpEng.exe : 88 MB

I saw similar footprints yesterday on a computer with Windows XP during a scan.

Posted by: BTKrebs | June 29, 2009 10:08 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company