Microsoft: Security Essentials provides "baseline" protection

Microsoft Security Essentials has been having a tough time with AV tests for quite some time and now, Microsoft has finally admitted that the security software is not sufficient to protect users from high-level threats.

Security Essentials was launched back in 2009 to provide reliable protection from viruses and malwares to Windows users for free. It has become the most used anti-virus software for Windows since then. Microsoft has actively supported this software and has also integrated it within Windows 8 as part of Windows Defender. However, consistent failures in clearing AV tests have raised concerns from users in recent times. 

Holly Stewart, senior program manager of the Microsoft Malware Protection Center, has told Dennis Technology Labs in an interview that Security Essentials is intended to provide "baseline" protection and recommended that users install an anti-virus on top of it for better security from advanced threats.

Stewart said,

"It’s not as efficient to have one kind of weapon. Like anything you must have that diversity. It’s a weakness to just have one."

She has revealed that, feedback received from Security Essentials is shared with other anti-virus companies in order to create overall better security and expects MSE to stay at the bottom while doing so. According to Stewart, "baseline" does not translate as bad but rather a high quality basic protection to those users who choose not to buy another anti-virus for their Windows PCs.

Complete summary of the interview can be found at Dennis Technology Labs' affiliate site PC Pro.

Source: PC Pro

Report a problem with article
Previous Story

Rumor: Microsoft to launch iPhone cash trade-in program Friday

Next Story

Glitch in Apple Maps directs drivers onto a runway in Alaska

75 Comments

Commenting is disabled on this article.

Has anybody tried the new Bitdefender for W8? Is there any significant difference with BT Internet Security?
A single license costs $75 while I can get Bitdefender Internet Security with 3 licenses for $50.
TIA

I use MSE and Malwarebytes with windows 7, and Defender plus Malwarebytes ,with Windows 8. My experience has been good, very good.
Unobtrusive, fast scans, and effective; my experiences with other Anti-Malware solutions have been very unsatisfactory....
By the way Windows comes with a Firewall, a very good one.

This is really a shame. I used to love MSE because it was efficient and maintenance-free. It was my AV of choice for family/friends who never would manually update their AV. Now it's downright terrible - I've seen no less than 4 serious infections get right past it on other people's machines. I wish an AV vendor would make a dedicated, AV-only, maintenance free, no-questions asked, and effective product - rather than the bloatware AV "suites" that tack on useless feature after useless feature. The closest thing I've found is Bitdefender Free - just wish had some more options to customize. That, along with Malwarebytes Antimalware and Secunia PSI gives excellent protection with minimal maintenance. (PSI keeps all your vulnerable software updated automatically - frequently overlooked is that malware typically uses Flash/Java vulnerabilities for privilege escalation)

I don't run any anti-virus at all, yy system is imaged and I restore it monthl, add any major changes or programs I want to keep and re-image. Every six months I will re-scan just for piece of mind. I've used this system for ten years can count on one hand the number viruses of I've had, none in the last five. Everything is backed up and/or sandboxed and my systems are always relatively "fresh" and snappy.

There's only so much an AV program can do to protect a user from himself. I absolutely despise AV software that intercepts every freakin' API call and slows everything down to a crawl, trying to be too smart for its own good.

For myself, MSE is good enough.

It may not be as good as other solutions, but I like MSE because it's simple and quiet, and it won't try to get your attention every five minutes.

Perhaps Microsoft should devote time and energy to enhance Security Essentials, instead of some of their big "losers." At least Security Essentials could provide an essential service (no pun intended) and would provide value for MS users.

Gotenks98 said,
It goes to show managers dont know what they are talking about. Running 2 AV products conflict with one another.
Or maybe is it that you don't know that when a certified antivirus is installed, MSE steps down an disables itself?

And if they did that, how long would it take before the lawyers attacked? As much as folks would like for Microsoft to step things up, by and large, they can't due to eagle-eye of government regulators (and more so outside the US than inside it, though the Department of Injustice aren't pikers in that mien). And that is, as much as we don't want to admit it, OUR fault.

MSE Malwarebytes and those little utilities from Bleeping Computer work wonders. Hijack this is helpful in picking out those embedded nasties and Combo Fix finishes the job.

I'm running Windows 8.1 Pro with the latest version of Defender and so far so good. But as it's been already stated a little common sense when surfing the Web goes a long way. Be wary of any e-mail you don't recognize that has HTML links and yes, watch out for any adult sites that seem too "dirty" (y'all know what I mean).

Horrible answer, since running multiple AV software at once is often causing even more trouble than a virus would, such as file lock conflicts and networking trouble. This person clearly did not know what she was talking about.

So you need a one-and-only solution that is sufficient.
And if MSE is not, according to Microsoft, then why are Microsoft developing it?

This reply from Microsoft sure raised more questions than it answered.

this is a rather bad PR gaffe - essentially rubbishing one's own product.
so now, if the user has security essentials bundled with latest flagship product (windows 8), wouldnt installing another security product cause:
a) potential issues
b) take away from some of the lustre of the new flagship
etc etc

tl;dr: bad

So by disabling the AV on your computer, you're more likely to be infected with something... and that equals more time to spend with your friends and family?

Logic.

My logic is this AV = Virus,
It has everything that defines Virus
Computer gets slower - check
May make your computer fail to boot - check
Constantly throws annoying popups - check
Reports metrics to its servers - check
You are loosing money - check
Threatens you if you try to remove it - check
Lies to you of threats found on your PC (cookies) -check

It's a simple matter of : You get what you pay for.

For people that don't want to pay, they get MSE.
If they want to pay, then NOD32 is the choice.

In the last years Nod32 has fallen. About 70% of the PC I've seen infected in the last 2 years have had Nod on them.

MSE is ok, if doubled with an Antispyware - like Malwarebytes. Add also Spywareblaster and you are ok in most cases. Of course is not probably the best - but it's the best you can get for almost nothing.

So better with MSE than with no AV.

I would tend to disagree with that given that even amongst the free A/V solutions MSE is still rated the worst. I have been using Avast free for years and it never lets me down. Free products can work, MSE just doesn't work all that well.

Hrmm this is a bit disappointing, im not so much surprised, but I thought the end goal was to get Security essentials to a point where it rivalled the other guys. In fact I thought the first year of testing it did quite well so im not sure why the team clearly had its resources or direction cut/changed =\

I wish MS had bought a proper antivirus company instead of small crappy companies. I'm sure they could buy Avira for not that much money. Kaspersky would cost a fortune to buy and the russian govt could block that purchase. Bitdefender would probably cost a lot to buy too.

I feel like this is a cop-out answer. Probably has more to do with them not wanting to fund this project better if anything. Can't blame them, as this isn't a charity, but it'd be nice if they'd actually try to keep up.

dead.cell said,
I feel like this is a cop-out answer. Probably has more to do with them not wanting to fund this project better if anything. Can't blame them, as this isn't a charity, but it'd be nice if they'd actually try to keep up.

Why keep SE going when they've made it a part of Defender and a part of Windows now? You're still getting it with every version of the OS built in. They're also still working on Forefront afaik of which SE is a basic version of.

This seems to contradict what I've always heard, which is that you shouldn't have more than one antivirus program installed at once as they don't play nicely together.
So what is the advice now - apply another on top of MSE, or uninstall it and get something else?

If you install something like Kaspersky, it will automatically disable MSE during install. It does on Windows 8/8.1, not sure about other Windows versions.

gb8080 said,
This seems to contradict what I've always heard, which is that you shouldn't have more than one antivirus program installed at once as they don't play nicely together.

If you read the original article, you will notice that there are no quotes from the Microsoft employee saying that you should run two AV programs simultaneously.

That part was stated outside of quotes, as: "advising customers to use additional, third-party antivirus." This may very well have been an interpretation by the journalist. Or it may simply be saying to use an antivirus program in place of MSE.

TomJones said,

If you read the original article, you will notice that there are no quotes from the Microsoft employee saying that you should run two AV programs simultaneously.

That part was stated outside of quotes, as: "advising customers to use additional, third-party antivirus." This may very well have been an interpretation by the journalist. Or it may simply be saying to use an antivirus program in place of MSE.

Well, it may not be important to chase this down and I don't know why you raise it, but the original article indicates that the MS person was advocating this. In particular:
"It's a weakness to just have one"
and
"recommended that users install an anti-virus on top of it "
"On top of it" is very different from "instead of it". And although, if we want to be pedantic, it doesn't explicitly say to RUN them simultaneously, that would be the implication of these quotes to any normal reader. Why install "on top" otherwise?

gb8080 said,

Well, it may not be important to chase this down and I don't know why you raise it, but the original article indicates that the MS person was advocating this. In particular:
"It's a weakness to just have one"
and
"recommended that users install an anti-virus on top of it "
"On top of it" is very different from "instead of it". And although, if we want to be pedantic, it doesn't explicitly say to RUN them simultaneously, that would be the implication of these quotes to any normal reader. Why install "on top" otherwise?

I raise it because the quality of journalism is not high. It is important to distinguish between what was actually said, and what was not.

Your first quote is out of context. The quote, in context, says: "But you can't do that with a monoculture and you can't do that with a malware-catching ecosystem that is not robust and diverse. ... It's not as efficient to have one kind of weapon. Like anything you must have that diversity. It's a weakness to just have one."

In context -- especially the comment about "monoculture" -- it is clearly discussing the benefits of having diverse antivirus programs available on the Windows platform. It is not discussing the running of multiple antivirus programs on one PC.

"recommended that users install an anti-virus on top of it" exists only in the Neowin summary of the article -- not in the original article. The original article contains a similar statement "additional, third-party antivirus" -- but this is outside of quotation marks and appear to be a reporter interpretation.

These stupid AV tests are ridiculous. They disable practically all other Windows security features, and then give MSE low marks when it no longer works properly as a result of all the disable stuff.

Almost all ISPs provide a router these days, and dedicated hardware router firewalls are far more proficient than any software solution can be on it's own

SPI firewalls are part and parcel of any xDSL or cable modem worth anything (DOCSIS and EuroDOCSIS require them as part of their respective specs); however, how many times has there been some user spewing some drivel about turning off the firewall (in any product) due to it supposedly being a performance drag?

Yes a firewall stops the "bad guys" getting in, and is available in routers, and also built into Windows. However, you need to make sure you don't introduce a virus into your system yourself. People are their own worst enemy when it comes to using a computer safely.

Ideas Man said,
A firewall is not an antivirus measure, never has been.

Eh, they can be. Firewall is a generic term. I run Sonicwall and pay for the inline SPI with virus/spyware filtering. I try and capture anything over the wire before it hits a network. so uhm.. yeah.

spudtrooper said,

Eh, they can be. Firewall is a generic term. I run Sonicwall and pay for the inline SPI with virus/spyware filtering. I try and capture anything over the wire before it hits a network. so uhm.. yeah.

Firewalls might stop some viruses spreading, but once you've installed one onto your own computer they won't help you.

The idea is that the firewall blocks programs from executing. I'm no talking about packets.

Outpost firewall has saved me from a java exploit on two occasions by telling me xyz.exe is attempting to load changes when I visited a vulnerable site. Mind you I had Kaspersky Antivirus running at the same time and the exploit was not in its definitions list.

I terminated that exe with the firewall and uploaded it to virus total before deleting it. Only three of the antiviruses had that file in their definitions (they have 40+) but my firewall was able to intercept it without a definition or a scan.

With a good and well configured firewall a virus will not hit your system in the first place without user error. Antivirus is what you get after the fact.

spudtrooper said,

Eh, they can be. Firewall is a generic term.

No it most certainly is not. A firewall is something designed to monitor and manage traffic between two points, often your computer and the rest of the network. It monitors packets, at its most basic level of protection, to determine whether to allow or disallow connections/transmissions. It is also responsible for hiding unused ports, and hiding them from unwanted connection attempts to reduce the attack surface/visibility of your computer to potential external intruders. More advanced firewalls will inspect the packets more thoroughly to provide additional protection, but they're still only operating against communication passing through it. They are not antimalware solutions. They do not stop a program from executing on your computer; this is the role of antimalware.

NyaR said,
The idea is that the firewall blocks programs from executing. I'm no talking about packets.

No, a firewall blocks programs from communicating, antimalware prevents them from executing.

Outpost firewall has saved me from a java exploit on two occasions by telling me xyz.exe is attempting to load changes when I visited a vulnerable site. Mind you I had Kaspersky Antivirus running at the same time and the exploit was not in its definitions list.

Your example clearly shows the program had already been executing, and your firewall only notified you after it attempted to communicate from your computer to outside. This is what a firewall does, this is its job. It detected suspicious communications and alerted you. It did not stop it from executing initially, so for all you knew, the malware could've done damage to your computer and was only reporting it was successful to its master.

Do not confuse the terms, they are distinct for a reason.

As an example, a virus that you bring in on a USB Flash Drive that is designed to wipe everything in your documents folder, but only do this malicious job, will never be detected by a firewall, nor should it ever be. Antimalware however, would be responsible for detecting its presence and prohibiting it from executing once it made its way onto your computer.

Further reading:
http://en.wikipedia.org/wiki/Firewall_(computing)
http://en.wikipedia.org/wiki/Personal_firewall
http://en.wikipedia.org/wiki/Outpost_firewall [Note this product comes in various flavours, some of which include antimalware modules]

Edited by Ideas Man, Sep 27 2013, 1:15pm :

As an addendum (Because I can't seem to edit my post anymore):

Back when the USB Flash Drive viruses were making their way around computers, this was how they would spread. An infected drive would infect a new host when the user double-clicked it, invoking the autoplay script for the drive. This script would copy itself to the host and infect every clean drive plugged into it. No firewall would've stopped this from happening, because it was a local virus that continually infected drives plugged into an infected host.

A decent antimalware solution however, should've scanned the drive as soon as it was plugged in and detected the malicious autorun file and deleted it. It should also have prevented the execution of the application hidden on the drive as soon as the drive was double-clicked in [My] Computer, as Windows began to execute the command to run the file as part of the drive's autorun configuration.

Good antimalware solutions stopped this, poor ones let the computer become infected, then tried to clean it up. MSE I believe does the former.

Any protection is better than none for a lot of users although the user themselves following some pretty basic and sensible rules will do most to protect their system. MSE/Windows Defender (in Win8) is pretty good at what it does. It isn't a full "protection suite" like you see from McAfee et al. but it isn't advertised as that.

I see this more as Microsoft saying this to keep McAfee, etc. happy by making out that their products are still needed. However in my opinion keeping Windows up to date with automatic updates is far more effective in protecting your computer than something such as McAfee. Then again I don't just click "Run" when I see the prompt

xankazo said,
You lost me at McAfee.

Haha. I only mentioned McAfee as that is what recently came on my fathers new Lenovo laptop so it was in my head still. I taught him some basic common sense advice and made him a little bit of card with a few bullet points on it and stuck it next to the track pad. So far he has followed them all and has never had any issue. Half an hour spent teaching him some security basics has saved me from hours (maybe even days!) of "support" over the last couple of years. I am quite proud of him for following my advice to the letter too He could probably run without Windows Defender (his new laptop has Windows 8) and be just fine to be honest. He never does anything stupid these days.

Ok by me, but we really shouldn't be talking about Microsoft Security Essentials.. anyone concerned with security should be on Windows8 which includes Windows Defender enabled by default WHICH will also receive some nice updates for 8.1(due 17 Oct of course)
http://www.h-online.com/securi...g-for-Defender-1897777.html

So Defender.. with MalwareBytes along side and you should be Ok. you know, as long as you've got a brain as well

Uh, dude. Defender essentially IS Security Essentials. It uses exactly the same virus definitions so isn't giving you any better protection than MSE does.

Is it really confirmed that the system partition is encrypted by default on 8.1 (written on that article)? It doesn't make much sense due to the performance hit.

Sounds like it:

Pervasive Device Encryption
Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. It is enabled out of the box and can be configured with additional BitLocker protection and management capability on the Pro and Enterprise SKUs. Consumer devices are automatically encrypted and protected when using a Microsoft account. Data on any Windows connected standby device is automatically protected (encrypted) with device encryption. Organizations that need to manage encryption can easily take add additional BitLocker protection options and manageability to these devices.

http://technet.microsoft.com/en-us/windows/dn140266.aspx

"anyone concerned with security should be on Windows8" Win8 itself is more secure than 7, that with Defender+ some other 3rd party tools and one should be fine

alwaysonacoffebreak said,
No matter what AV you use you're still the most important part to your PC's security.

Lets be honest, porn is the only thing we have all really gotten viruses from - i have never been so ignorant towards anything else.

mulligan2k said,
thats why i always wear a condom when surfing for porn, safety first

I thought Americans carry a gun while browsing.

So true. Common sense ftw! Haven't got a virus on Windows 7 since its been released. I don't run a real time AV on my computer. I manually scan with Malwarebytes once in a while.