Microsoft Security Essentials 1.0 (Morro MSE Free Anti-Virus)

I could be wrong but I think MS will do the right thing and have it as a download on their site. They will get enough users downloading their AV/AM. I like the simple interface also. It disables MS defender when you install it. Runs great with SBIE and OA pro. I'm using Avira as my primary on-demand scanner as of now.

Ice

 

As far as I can make out, the application itself will update as part of the Windows update schedule , as part of an on demand Windows update, or through the help menu drop down update feature - Select "Upgrade Microsoft Security Essentials".

These updates / upgrades are of course seperate to signaature updates.

I cant see why it wouldnt update to the beta - at the moment, it reports that its the latest version 1.0.2140.0

In terms of the system tray icon - I think its okay - it follows the aesthetic of the new Windows 7 icons for sound, network, action centre etc - being white and plannar (eg - not 3D like Prevx, Returnil etc)

Puss

 

.
This is a complex situation. Yes, there may be some negative impacts, but there will certainly be a very great positive impact. At the moment there are many novice users who don't understand the need for antivirus - they have no AV installed or don't realize that the AV subscription has expired and it is no longer updating. I see this all the time on customers' computers. Malware has become so bad that the overall health of the internet has to be considered a priority. Having functional AV installed by default on all Windows machines is necessary in the war against cybercrime. Unfortunately, I don't think that MSE will have as much penetration as possible simply because people will actually have to download and install it. Those who are currently clueless about the need for and availability of free AV will be just as oblivious of MSE. There is also the issue of OS validation. Those who are using pirated copies of Windows (or who object to validation) won't be able to use it. It would really be best if it were included with Windows, but current politics apparently won't allow it.

 

Good points there Victek, especially regarding the overall health of the internet as a priority.

 

That's what she said. Thank god the signature and overall detection updates apart from the engine are not bound to Windows Updates - that wouldn't be too good...

 

I have been looking at how the signature update works. Until the whitepaper is released in a few days, we wont know all the detail, but from what I have read, MSE uses a Dynamic Signature Service (DSS).

When MSE detects that a file is making suspicious actions (such as unexpected network connections, attempting to modify privileged parts of the system, or downloading known malicious content) and there is no virus signature for it, MSE will send a profile of the suspected malware to Microsoft's servers. If there is a new signature for it, one that has yet to be sent out to the MSE client, MSE will be told how to clean the file.

It should be emphasized that this communication will only occur for malware found that is not in the current signatures.

MSE's engine is identical to the one that ships with Forefront Client Security; in fact, Microsoft uses the same engine for all of its security products. Thus, engine updates to MSE will be delivered at the same time as they are delivered to Forefront. Signature updates, on the other hand, can be delivered at different times and frequencies than Microsoft's other security software. New virus signatures for MSE will be downloaded automatically on a daily basis.

Puss

 

Hi RedPuss,
See my earlier post:
https://www.wilderssecurity.com/showpost.php?p=1488471&postcount=31

MS says daily signatures will be issued 3 times a day. Which again is very good ( for a free product ). Plus they have DSS.

 

Missed that!

I imagine there will be tens of millions of users of MSE within a few days of release. I have noticed it uploads unknown malware samples (after asking) for analysis, so I would think, with a huge user base, the detection should get better and better quite quickly.

I have high hopes for this AM.

Puss

 

Thanks! Good Stuff
Ice

 

Here's another one.
How good is Microsoft's free Antivirus Software? by Ed Bott

http://blogs.zdnet.com/Bott/?p=1067&tag=nl.e589

 

It wouldn't make sense to maintain different scan engines, so I think it's pretty safe to assume they are all the same (Windows Defender, Morro, Forefront).

I could be wrong, but wasn't the dynamic signature feature already included in Windows Defender? Community based stuff...

It's really strange. MS is clearly heading to get #1 in every test within 6-12 months. Why ditch OneCare prematurely? Maybe because it got a bad name from the early reviews (2007) and MS will launch a paid version later after getting a good reputation in the tests?

MS already stated that MSE won't be directly bundled with Windows, they had enough anti-trust trouble.

On the other hand, I think the professional malware writers will have no problems to bypass MS's detection. As soon Morro gets popular, the malware authors will put top priority on bypassing Morro's detection with every new variant they release. Let's see how much manpower MS will put up against this - for free.

 

I have a feeling that the banks are endorsing MS for this free product.

 

Thanks for sharing your thoughts with us Stefan!
About Defender's engine, I've tried to clear up my memory and with the help of Wikipedia I think 'we' are right. Originally Defender (beta 1) was based on Giant Antispyware, when they released beta 2 in February 2006 they switched to a new engine. Interesting is that Live OneCare gone RTM in February/March 2006. It would make very much sense they use the same engine for Defender and Live OneCare since that moment on.

The community based stuff was added to Defender since beta 2 If I recall right, at least it was there since the final version witch appeared in fall 2006.

Indeed the Live OneCare brand has a bad smell to lots of people. Also I didn't see much corporate environments that did use Forefront myself. Probably Microsoft aims at two things:

1. At first they try to recover, or at least improve, their name in terms of security wise software (see how they tried with IE 8 for example);
2. Secondly, I think when Morro will become a success corporates might choose for Forefront as well. They can quite easily become one of the bigger names this way.

 

Free or not , Microsoft does have the manpower to put up against malware writers. It will be up to them if they'll do it for free and how long.

Microsoft SpyNet , which is included in Windows Defender , is different from this "dynamis signature update" . Microsoft releases updates for its antivirus and antispyware engines a few times per day but Windows Defender doesn't get them automatically . Windows Defender updates by itself once or twice per week. The other updates are just place on MS sites to download and install manually if you need the newest updates . Like Symantec in the previous years with their Live Update and Intelligent update services.

 

Can someone using the Vista/7 32 bit version of MSE kindly post the MD5 Hash for the installer?

 

First Review of MSE

PC Mag already tested and reviewed Microsoft's Security Essentials (Morro). Go to admit, they're fast:

http://www.pcmag.com/article2/0,2817,2348996,00.asp

 

Well, if it's true that installing MSE 1.0 forces Windows update into full automatic mode (ref. PC Magazine), I won't be giving it a try.

 

Well, I always use fully automatic updates and often launch the updates myself if I see the icon in the tray, and that's what I said.

 

If that's the worst thing that can be said about it , then it's not too bad.

 

And I'd always heard Defender was crap?

 

The free ones are generally crippled in some way.

 

Remember to ask your customers if they want fries with that.

 

Have to agree with you on this.
I do the updates but do them manually.
Who knows?
By forcing auto updates they could turn on something else, like the Security Center which I've had disabled for many moons now.
Thanks but No thanks MS!

 

I would find that unacceptable also.