Microsoft Security Essentials version 4.0 running on Windows 7
|Initial release||29 September 2009|
|Operating system||Windows 7 (built-in as Windows Defender in Windows 8 or later)|
|Platform||IA-32 and x64|
|Available in||33 languages|
|Type||Antivirus and network intrusion detection system|
Microsoft Security Essentials (MSE) is an antivirus software (AV) that provides protection against different types of malicious software, such as computer viruses, spyware, rootkits, and trojan horses. Prior to version 4.5, MSE ran on Windows XP, Windows Vista, and Windows 7, but not on Windows 8 and later versions, which have built-in AV components known as Windows Defender. MSE 4.5 and later versions do not run on Windows XP. The license agreement allows home users and small businesses to install and use the product free-of-charge. It replaces Windows Live OneCare, a discontinued commercial subscription-based AV service, and the free Windows Defender, which only protected users from spyware until Windows 8.
Built upon the same scanning engine and virus definitions as other Microsoft antivirus products, it provides real-time protection, constantly monitoring activities on the computer, scanning new files as they are created or downloaded, and disabling detected threats. It lacks the OneCare personal firewall and the Forefront Endpoint Protection centralized management features.
Microsoft's announcement of its own AV software on November 18, 2008 was met with mixed reactions from the AV industry. Symantec, McAfee and Kaspersky Lab—three competing independent software vendors—dismissed it as an unworthy competitor, but AVG Technologies and Avast Software appreciated its potential to expand the consumers' choice of AV software. AVG, McAfee, Sophos and Trend Micro claimed that the integration of the product into Microsoft Windows would be a violation of competition law.
The product received generally positive reviews praising its user interface, low resource usage and freeware license. It secured AV-TEST certification in October 2009, having demonstrated its ability to eliminate all widely encountered malware. It lost that certification in October 2012; in June 2013, MSE achieved the lowest possible protection score, zero. However, Microsoft significantly improved this product during the couple of years preceding February 2018, when MSE achieved AV-TEST's "Top Product" award after detecting 100% of the samples used during its test. According to a March 2012 report by anti-malware specialist OPSWAT, MSE was the most popular AV product in North America and the second most popular in the world, which has resulted in the appearance of several rogue antivirus programs that try to impersonate it.
Microsoft Security Essentials automatically checks and downloads the latest virus definitions from Microsoft Update which is updated three times a day. Users may alternatively download the updates manually from the Microsoft Security Portal website. On September 30, 2011, a faulty definition update caused the product to incorrectly tag Google Chrome as malware. The issue was resolved within three hours. MSE originally ran on Windows XP, Windows Vista and Windows 7, although versions 4.5 and later do not run on Windows XP and Microsoft stopped producing automatic definition updates for Windows XP on July 14, 2015 (however, manual definition updates are still available for Windows XP users who run older versions of MSE).
MSE is built upon the same foundation as other Microsoft security products; they all use the same anti-malware engine known as Microsoft Malware Protection Engine (MSMPENG) and virus definitions. It does not have the personal firewall component of OneCare and the centralized management features of Forefront Endpoint Protection.
MSE provides real-time protection, constantly monitoring activities on the computer, scanning new files as they are created or downloaded from the Internet. It quarantines detected threats and prompts for user input on how to deal with them. If no response is received within ten minutes, suspected threats are handled according to the default actions defined in the application's settings. Depending on those settings, it may also create System Restore checkpoints before removing the detected malware. As a part of real-time protection, MSE reports all suspicious behaviors of monitored programs to Microsoft Active Protection Service (MAPS, formerly Microsoft SpyNet) by default. If the report matches a newly discovered malware threat with an unreleased virus definition, the new definition will be downloaded to remove the threat.
Hardware requirements for the product depend on the operating system; on a computer running Windows Vista or Windows 7, it requires a 1 GHz processor, 1 GB of RAM, a computer monitor with a display resolution of at least 800 × 600 pixels, 200 MB of free hard disk space and a stable Internet connection.
On November 18, 2008, Microsoft announced plans for a free consumer security product, codenamed Morro. This development marked a change in Microsoft's consumer AV marketing strategy: instead of offering a subscription-based security product with a host of other tools, such as backup and a personal firewall, Morro would offer free AV protection with a smaller impact on system resources. Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft, announced that Morro would not directly compete with other commercial AV software; rather it was focused on the 50 to 60 percent of PC users who did not have or would not pay for AV protection. By 17 June 2009, the official name of Morro was revealed: Microsoft Security Essentials.
On June 23, 2009, Microsoft released a public beta to 75,000 users in the United States, Israel, China and Brazil. Anticipated to be available in 20 markets and 10 languages, the product was scheduled for release before the end of 2009; the final build was released on 29 September 2009.
Almost a year after the initial release, Microsoft quietly released the second version. It entered the technical preview stage on July 19, 2010, and the final build was released on December 16, 2010. It includes Network Inspection System (NIS), a network intrusion detection system that works on Windows Vista and Windows 7, as well as a new anti-malware engine that employs heuristics in malware detection. Version 2.0 integrates with Internet Explorer to protect users against web-based threats. NIS requires a separate set of definition updates.
Sixteen months after the release of version 2.0, Microsoft skipped version 3.0 and released Microsoft Security Essentials 4.0. A public beta program started on November 18, 2011, when Microsoft sent out invitations to potential participants without announcing a version number. The first beta version was released on November 29, 2011, and the final build on 24 April 2012. Microsoft subsequently initiated a pre-release program that provides volunteers with the latest beta version and accepts feedback.
On February 21, 2014, version 4.5 entered beta stage. On the same day, Microsoft announced that starting with this version, Windows XP would not be supported. Older versions would continue to receive automatic virus definition updates until July 14, 2015 (afterwards the users of older versions may continue to manually update definitions using Microsoft's site).
The latest version of 4.10 was released on November 29, 2016. It was version 126.96.36.199 for Windows Vista and Windows 7. This update fixes a bug that was introduced earlier in version 188.8.131.52 which removed the “Scan with Microsoft Security Essentials" entry from the right-click context menu on files and folders.
Support for MSE has officially ended for Windows Vista and Windows XP. Older versions still function on those systems and definition updates remain available. Although support for Windows 7 ended on January 14, 2020 and MSE is no longer available to download, Microsoft will continue to update virus definitions for existing users until 2023.
Microsoft Security Essentials does not run on Windows 8 and later, which has its own security subsystem, Windows Defender. On September 13, 2011, at the Build conference in Anaheim, California, Microsoft unveiled the developer preview of Windows 8, which had a security component capable of preventing an infected USB flash memory from compromising the system during the boot process. On September 15, Windows 8 developer's blog confirmed that Windows Defender in Windows 8 would take over the role of virus protection. In an included video, Jason Garms of Microsoft showed how Windows Defender is registered with Action Center as an AV and spyware protection tool, and how it blocks drive-by malware. On March 3, 2012, Softpedia reviewed the consumer preview of Windows 8 and noted the similarity in appearance of Windows Defender and Microsoft Security Essentials 4.0 Beta. According to Softpedia, Windows 8 Setup requires Microsoft Security Essentials to be uninstalled before upgrading from Windows 7.
The product's license agreement allows home users to download, install and use it on an unlimited number of computers in their households free of charge, as long as each computer has a legitimately licensed copy of Microsoft Windows. Since October 2010, small businesses have also been allowed to install the product on up to 10 devices, but use in academic institutions and governmental locations is forbidden, as is reverse-engineering, decompiling or disassembling the product or working around its designed limitations.
MSE requires no registration or personal information to be submitted during installation; however, the validity of the operating system's license is verified during and after installation using the Windows Genuine Advantage system. If said license is found to be invalid, the software will notify the user and will cease to operate after a period of time.
The announcement and debut of Microsoft Security Essentials was met with mixed responses from the AV industry. Symantec, McAfee and Kaspersky Lab, three competing vendors, claimed it to be inferior to their own software. Jens Meggers, Symantec's vice president of engineering for Norton products, dismissed it as "very average – nothing outstanding". Tom Powledge of Symantec urged his customers to be mindful of what protection they chose, bearing in mind that OneCare offered "substandard protection" and an "inferior user experience". Joris Evers, director of worldwide public relations for McAfee stated "with OneCare's market share of less than 2%, we understand Microsoft's decision to shift attention to their core business." Justin Priestley of Kaspersky stated that Microsoft "continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically."
Avast Software said that it had an ambivalent view towards the product. Vincent Steckler, Avast Software CEO said "MSE is not the silver bullet but it is also not the bad sequel to One Care that some claim." A representative of AVG Technologies stated, "We view this as a positive step for the AV landscape. AVG has believed in the right to free antivirus software for the past eight years." However, AVG raised the issue of distributing the software product and said, "Microsoft will have to do more than simply make the product available," adding that integration of Microsoft Security Essentials with Microsoft Windows would be a violation of competition law. McAfee, Sophos and later Trend Micro affirmed that an antitrust lawsuit would surely have followed if Microsoft had bundled the product with Windows.
The announcement of Microsoft Security Essentials affected the stocks of AV vendors. On November 19, 2008, after Microsoft announced codename Morro, Symantec and McAfee shares fell 9.44 and 6.62 percent respectively. On 10 June 2009, after announcing an upcoming beta version, Microsoft shares rose 2.1 percent. Symantec and McAfee shares, however, fell 0.5 and 1.3 percent respectively. Daniel Ives, an analyst with FBR Capital Markets, said that Microsoft Security Essentials would be a "long-term competitive threat", although near-term impact would be negligible.
The public beta version received several reviews, citing its low resource usage, straightforward user interface and price point. Brian Krebs of The Washington Post reported that a quick scan on a Windows 7 computer took about 10 minutes and a full scan about 45 minutes. Ars Technica reviewed it positively, citing its organized interface, low resource usage, and its status as freeware.
Nick Mediati of PCWorld noted MSE's "clear-cut" and "cleanly designed" tabbed user interface. He did, however, find some of the settings to be cryptic and confusing, defaulting to "recommended action", with the only explanation of what that action is to be found in the help file. He was also initially confused because the user interface failed to mention that Microsoft Security Essentials automatically updates itself, rather than having to be manually updated via the Update tab; an explanation of this feature was included in the final release.
Neil Rubenking of PC Magazine successfully installed the beta version on 12 malware-infected systems and commented on its small installation package (about 7 MB, depending on the operating system) and speedy installation. But the initial virus definition update took between 5 and 15 minutes, and the full installation occupied about 110 MB of disk space. Rubenking noted that the beta version sets Windows Update into fully automatic mode, although it can be turned off again through Windows Control Panel. Some full scans took more than an hour on infected systems; a scan on a clean system took 35 minutes. An on-demand scan test Rubenking conducted in June 2009 with the beta version found 89 percent of all malware samples: 30 percent of the commercial keyloggers, 67 percent of rootkits, but only half of the scareware samples. The product's real-time protection found 83 percent of all malware and blocked the majority of it: 40 percent of the commercial keyloggers and 78 percent of the rootkits were found.
On 7 January 2010, Microsoft Security Essentials won the Best Free Software award from PC Advisor. In December the same year, it secured the Bronze award from AV-Comparatives for proactive detection of 55 percent of new or unknown malware, the Silver award for low false-positives (six occurrences) and the Bronze award for overall performance.
In October 2009, AV-TEST conducted a series of trials on the final build of the product in which it detected and caught 98.44 percent of 545,034 computer viruses, computer worms and software Trojan horses as well as 90.95 percent of 14,222 spyware and adware samples. It also detected and eliminated all 25 tested rootkits, generating no false-positives. Between June 2010 to January 2013, AV-TEST tested Microsoft Security Essentials 14 times; in 11 out of 14 cases, MSE secured AV-TEST certification of outperforming AV industry average ratings.[a] Microsoft Security Essentials 2.0 was tested and certified on March 2011. The product achieved a protection score of 2.5 out of 6, a repair score of 3.5 out of 6 and a usability score of 5.5 out of 6. Report details show that although version 2.0 was able to find all malware samples of the WildList (widespread malware), it was not able to stop all Internet-based attacks because it lacks personal firewall and anti-spam capabilities. In an April 2012 test, version 2.1 achieved scores of 3.0, 5.5 and 5.0 for protection, repair and usability. Version 4.0 for Windows 7 SP1 (x64) was tested in June 2012 and achieved scores of 2.5, 5.5 and 5.5 for protection, repair and usability. In October 2012, the product lost its AV-TEST certification when Microsoft Security Essentials 4.1 achieved scores of 1.5, 3.5 and 5.5 for its protection, repair and usability.
In AV-TEST's 2011 annual review, Microsoft Security Essentials came last in protection, seventh in repair and fifth in usability. In the 2012 review, it came last in protection and best in usability; however, having lost its certificate, it was not qualified for the usability award. In June 2013, MSE achieved the lowest possible protection score, zero.
Microsoft has drastically improved MSE's detection over time and in the very latest tests done by AV-TEST during February 2018 MSE has achieved 100% detection of all malware samples in both the "Protection against 0-day malware attacks, inclusive of web and e-mail threats (Real-World Testing)" and "Detection of widespread and prevalent malware discovered in the last 4 weeks (the AV-TEST reference set)" categories, earning it AV-TESTS's "Top Product" award.
On 29 September 2010, a year after its initial release, Microsoft announced that MSE had more than 30 million users. The Security Industry Market Share Analysis report of June 2011, published by OPSWAT, describes it as one of the most popular AV products in the world, with 10.66 percent of the global market:5 and 15.68 percent of the North American market.:4 The same report shows Microsoft as the number one AV vendor in North America with 17.07 percent market share,:3 and the number four AV vendor worldwide.:2
John Dunn of PCWorld, who analyzed the report, noted that the tendency to use free AV software is something new: "After all, free antivirus suites have been around for years but have tended to be seen as the poor relations to paid software." He named Microsoft Security Essentials as an influence on PC users to adopt free AV software.
A September 2011 OPSWAT report found that MSE had further increased its market share to become the second most popular AV product in the world, and remained the most popular in North America. OPSWAT reported in March 2012 that the product had maintained its position, and that Microsoft's market share had improved by 2 percent worldwide and 3 percent in North America. Seth Rosenblatt of CNET News commented on how the product's share rose from 7.27 in 2010 to 10.08 in 2012, stating that "use of the lightweight security suite exploded last year".
The popularity of Microsoft Security Essentials has led to the appearance of malware abusing its name. In February 2010, a rogue security package calling itself "Security Essentials 2010" appeared on the internet. Designated TrojanDownloader:Win32/Fakeinit by Microsoft, it bears no visual resemblance to the Microsoft product. It reappeared in November 2010, this time calling itself "Security Essentials 2011". A more dangerous rogue software appeared in August 2010. Designated Rogue:Win32/FakePAV or Unknown Win32/Trojan, it closely resembles Microsoft Security Essentials and uses sophisticated social engineering to deceive users and infect their systems, under the guise of five different fictional anti-malware products. It also terminates and prevents the launch of 156 different programs, including Registry Editor, Windows Command Prompt, Internet Explorer, Mozilla Firefox, Opera, Safari, and Google Chrome.