MS no-frills security scanner gets thumbs up in early tests

Security Essentials does what it says on the tin


Microsoft's limited but free-of-extra-charge anti-malware scanner has performed creditably in early tests.

Independent testing lab AV-test.org put Microsoft Security Essentials through its paces, after downloading a beta version of the software following its limited release on Tuesday.

The application, which lacks personal firewall or spam filtering features, is designed to provide consumers with basic protection against Trojans, computer viruses and rootkits.

AV-test.org ran 32 bit versions of the software on Windows XP (SP2 and SP3), Windows Vista (SP1 and SP2) as well as Windows 7 (RC) machines. It discovered thorough protection against malware known to be in circulation and, more impressively, no false alarms, Andreas Marx of AV-Test.org reports.

We scanned a set of WildList malware (on-demand test) and we also tested the on-access guard with the same set of samples. Our set included 3,194 common virus, bot and worm samples from the most recent WildList 05/2009, released about one week ago.

All files were properly detected and treated by the product. That's good, as several other AV scanners are still not able to detect and kill all of these critters yet. (Extensive testing of the entire collection of malware files we have will take a lot more time, but we will do this in the coming days.)

We've also tested the product against a large set of false positives, but none of the clean files were flagged as being malicious - very good.

Preliminary results suggest that Microsoft Security Essentials Beta disinfects infected systems with some aplomb but, as AV-Test.org points out, this feature merits closer testing. One clear shortcoming is that Microsoft's software lacks behaviour-based detection of malware, leaving users reliant on frequent definition updates rather than generic detection of worms and Trojans. But the lack of more advanced features is to be expected in a product that is clearly defined by Microsoft as basic.

The scanner works with the locally installed anti-virus and anti-spyware databases (it doesn't appear to use "in the cloud scanning" methods). It looks like the databases are updated rather frequently (every few hours), but that's just what we saw today. The Microsoft product doesn't offer behaviour-based protection mechanisms (also called "dynamic detection" of malware), however, most other AV vendors have not integrated such technologies in their AV-only offerings either, just in their full internet security suites, but Morro is definitely not a suite.

We've quickly tested the product's anti-rootkit and system disinfection capabilities (when a malware is already installed and active on a system) with a few samples and found no reasons to complain. Morro is able to remove found malware very well, but further tests against larger sets of samples are required before we can come to a final conclusion.

Much in information security, and IT in general, is down to fashion. So is Microsoft Security Essentials more Magnum than Blue Steel?

Morro scan on Windows 7 (courtesy AV-test.org)

Marx reports that the GUI of the product is more akin to Microsoft's corporate anti-malware client, Microsoft Forefront Client Security, than OneCare, its discontinued paid-for consumer security software. ®

Broader topics


Other stories you might like

  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading
  • Microsoft promises to tighten access to AI it now deems too risky for some devs
    Deep-fake voices, face recognition, emotion, age and gender prediction ... A toolbox of theoretical tech tyranny

    Microsoft has pledged to clamp down on access to AI tools designed to predict emotions, gender, and age from images, and will restrict the usage of its facial recognition and generative audio models in Azure.

    The Windows giant made the promise on Tuesday while also sharing its so-called Responsible AI Standard, a document [PDF] in which the US corporation vowed to minimize any harm inflicted by its machine-learning software. This pledge included assurances that the biz will assess the impact of its technologies, document models' data and capabilities, and enforce stricter use guidelines.

    This is needed because – and let's just check the notes here – there are apparently not enough laws yet regulating machine-learning technology use. Thus, in the absence of this legislation, Microsoft will just have to force itself to do the right thing.

    Continue reading
  • Microsoft Surface Laptop Studio: Too edgy for comfort?
    And perhaps too heavy, which is a weighty issue for a machine that turns into a tablet

    Desktop Tourism My 20-year-old son is an aspiring athlete who spends a lot of time in the gym and thinks nothing of lifting 100 kilograms in various directions. So I was a little surprised when I handed him Microsoft’s Surface Laptop Studio and he declared it uncomfortably heavy.

    At 1.8kg it's certainly not among today's lighter laptops. That matters, because the device's big design selling point is a split along the rear of its screen that lets it sit at an angle that covers the keyboard and places its touch-sensitive surface in a comfortable position for prodding with a pen. The screen can also fold completely flat to allow the laptop to serve as a tablet.

    Below is a .GIF to show that all in action.

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading

Biting the hand that feeds IT © 1998–2022