Morro to be named Microsoft Security Essentials, build leaks

Yesterday Neowin exclusively revealed Microsoft Morro to the world, today we can unveil that Microsoft's new and free Anti-Virus will be named Microsoft Security Essentials.

The software product, codenamed "Morro" after a beach in Sao Paulo, Brazil, is already being tested by Microsoft employees and a trial version will be made available in September according to sources familiar with Microsoft's plans. Microsoft has officially stated that Microsoft Security Essentials would be available by the end of 2009 at the latest. The company has been trialing internal versions since June 1.

Yesterday we unveiled three screen shots of an old alpha build but we can unveil an updated build today with the Microsoft Security Essentials branding. Security essentials is likely to be targeted as a basic form of Anti-Virus and not as a "suite" like rival Anti-Virus companies such as Symantec and McAfee offer. An installer of the new build leaked last night and we have included a couple of screen shots below. We will have a full review of Security Essentials soon.

Report a problem with article
Previous Story

OCZ Neutrino 10" Do-It-Yourself netbook review

Next Story

UltraSn0w unlocks any 3G iPhone

108 Comments

Commenting is disabled on this article.

This is great and all but many people use 'security suites' - anti av/spyware/and firewall - no-one will run two antiVs and if MS doesn't offer a good firewall people are gonna be stuck.

dancedar said,
This is great and all but many people use 'security suites' - anti av/spyware/and firewall - no-one will run two antiVs and if MS doesn't offer a good firewall people are gonna be stuck.


Windows has included a basic yet solid firewall since XP's Service Pack 2; most routers and most xDSL/cable *modems*/eMTAs also include a basic SPI firewall. (Neither Vista or 7 has seen the removal of said basic firewall, and nobody, even within the EU, has asked Microsoft to do so; 7 E retains the basic firewall and Windows Defender.) So the only real lack in 7 is AV.

However, in following the security suites and the performance thereof, I have seen that each suite has strengths and weaknesses, and the most glaring weakness in most of the security suites is in the firewall portion. In a lot of cases, it's actually proven weaker than the basic firewall that's included with XP/Windows/7. (I don't know about you, but that's something that flat-out frightens me; a security suite is supposed to have better, not worse, security, in every facet, than having on the basic security included with the operating system.)

I would rather pay a subscription for a 12 month than use this, better the D.Y.K and use McAfee or Symantec thatn trust MS for security when they cannot even plug holes in their own OS.

Nope I'm using NIS2009 and will be updating to 2010 when available.

EVANK said,
I would rather pay a subscription for a 12 month than use this, better the D.Y.K and use McAfee or Symantec thatn trust MS for security when they cannot even plug holes in their own OS.

Nope I'm using NIS2009 and will be updating to 2010 when available.



EVANK, I'm a Symantec beta-tester (and have been one for over a decade), and even I'm not THAT much of a brand snob.

Also, have you been following sites such as SecurityWatch (where they actually track how security holes are discovered and patched in *all* operating systems, including Windows, Linux distributions, and UNIX, along with MacOS and the BSDs)?

My beef with Symantec's basic security products is as follows:

1. They don't work alongside what security the operating system already has.
2. They are very RAM and resource-hungry.

The suites are a whole different kettle of fish (and Microsoft Security Essentials is not meant to compete with them). Also, Windows has included a decent, if basic, firewall since XP and Service Pack 2. Has anyone found an issue with that basic firewall that wasn't related to either third-party software or IBK error (in short, an issue with the firewall itself)?

Other than what I've stated, I have no bone to pick with Symantec, and I have recommended McAfee's security suite to friends and relatives; however, where I DO have an issue with them, I will whack them for it.
Symantec does not currently have a basic security product for Windows 7 that is NOT resource-hungry and/or RAM-hungry (McAfee is in the same position), and Avast and AVG both use too much RAM and too many resources compared to MSE (worse, both have a higher-incidence of false-positives than Forefront Client Security, which MSE is based on). I came to MSE from Avast (as a Windows 7 beta tester with no need for a full-boat security suite, both Symantec and McAfee were eliminated due to their lack of a basic security product that was not a RAM/resource pig, even in beta), and when I was running Vista 64-bit, my options were Symantec or Avast (McAfee did not have a 64-bit ready AV security suite at the time; the only one they have currently is in beta), and Symantec was too RAM/resource-hungry.

64-bit isn't all about gobs of RAM (a single gigabyte of RAM, which is what I have, is barely a demitasse cupful). It's about getting the most out of the resources you have available.

I switched to 64-bit, despite the serious lack-o-RAM, because of fewer crashes and NOT losing hardware support. I have no hardware that isn't supported by any of the 64-bit operating systems I've run, with the sole exception of the BSDs (and even with the BSDs, I do have fallback support for my HD3450, the only unsupported hardware in PC-BSD/FreeBSD 7.1).

Some Facts About MSE Leaked Version :
Its available on M******a
Its for Xp & Vista but runs absolutely fine on 7.
There is no jumplist support in MSE for 7
The installer has a live icon 256x256 but the MSE application itself hasn't (I hate that)
The icon looks fine but it looks quite ugly in the notification area.
It installs instantly.
Takes some time to update definitons
Then u are ready to go.
There is option for (SCAN WHEN IDLE) which i think, is a common feature on Most of the AVs out dere.
Custom scan is available.U can also click on files,folder etc to scan em... (Nothing special i know)
When u open the MSE,it opens instantly... just like NAV09.(Keep in Mind that NAV has the least footprint in AVs)
The user inteface Utility Consumes approx. 5.5 to 6. MB (It varies)
The Antimalware Service takes about 30000 to 36000 K (When Idle.ie no virus scanning etc)
Uses Only Two processes named as 'msseces.exe' & 'MsMpEng.exe'
Scan speed is fine... U wont say "OMG ITS AWESOME"...but it isnt bad either
Definiton updates are done on daily basis....... ( This won't compete with Norton Pulse updates or sth)
It Monitors file activity on ur computer and scans attachments and Downloaded files
No Support for Messenger Scan or sumthing
No Support for MSoffice scan
There is a similar feature in MSE known as Exclude process.Remember Norton insight ? its similar to that.but in MSE we have to manually exclude processes.
It can scan files within zip and cab files... ( .ZIP is not special but .CAB content scanning is sumthin cool )
Creates a restore point when deleting infected files. Cool eh

Conclusion:
Its really Simple & easy to use
I personally think that it is a nice basic Security Solution.
People who need a Simple light AV and who dont like Third party stuff can use it.... its nice.
I like its simplicity !
Anyway its still not even a beta... so we have to see alot more...

Anyone know if it`s just a signature based AV/S or whether it has additional stuff like Heuristics/unpacking/memory scanning capabilities?

The name is a lot better than Morro allthough it could be the AV for to morro w....

that ugly dotted outline around buttons have been around since windows 3.1, when are they gonna let go of it?

Why does real-time protection get turned off when it's downloading an update? Seems like an unnecessary window of opportunity for a virus to take hold if you ask me. ESET Nod32 doesn't turn itself off when updating, at least I've not seen the icon go red shortly before I see the update notice appear.

Maybe it's just a bug since it is PRE-BETA. Of course there are going to be bugs, I have been using it for a day now, no real issues, low on resources, and actually works.

It's only during the first update that the real-time protection isn't running. MSE doesn't seem to ship with any definitions, it downloads them all on first run, so it can't be enabled until it has some definitions to work with.

I have the pre-beta on here, I thought it was weird that it looked almost similar but the name was different, so I thought nothing of it.

Anyways, it runs nicely, and it's not a resource hog at all... it's a pretty good basic AV.

Runs great on windows 7 rc will definitely be using this over avast in future. Beats having nothing and it's nice and light.

Intelman said,
The AMD64 version is smaller than x86, weird.


The fact that it's smaller than most IM installers (both WLM and even YM have larger installers) is what's really weird. If they still used such a thing, it would fit on three 1.44 MB floppies (with space left over).

Definately going to skip a beta of an anti-virus. With a program such as this I'd prefer to wait and know it actually works rather than risking it having holes.

While this may not be a "Full" security suite, windows makes it complete. Windows provides the firewall, Anti-Spyware (Defender), UAC, Anti Mal-Ware, and with this new Anti-Virus, it is more then adequate protection.

NrthnStar5 said,
While this may not be a "Full" security suite, windows makes it complete. Windows provides the firewall, Anti-Spyware (Defender), UAC, Anti Mal-Ware, and with this new Anti-Virus, it is more then adequate protection.

This sums it up.

TRC said,
Defender is anti-spyware, MSE is anti-virus. Two different things so yes it is still needed.

Maybe, Maybe no. Notice the screenshots above that it says "Virus & Spyware Definitions". It would be my guess that Morre disables Windows Defender just like Onecare used to and uses a unified set of definitions in a single product.

TCLN Ryster said,
Maybe, Maybe no. Notice the screenshots above that it says "Virus & Spyware Definitions". It would be my guess that Morre disables Windows Defender just like Onecare used to and uses a unified set of definitions in a single product.


MSE (like WLOC before it) uses the same anti-spyware definitions as Defender; however, there are several changes compared to WLOC.

1. Unlike WLOC, there is no backup component (this is something that got Microsoft into hot water with some of their partners for including into WLOC, mostly because *they* either didn't do so at all, or did it rather poorly). That is something I'll actually miss, especially in XP clients, where WLOC's backup was simply too darned useful.

2. Different engine altogether. As opposed to WLOC (which, except for the anti-spyware component, was actually written specifically for WLOC in-house), the client is a re-skinned version of the Microsoft Forefront client. Much smaller, and nowhere near as *busy* as WLOC (or even most other basic AV/security products; it's smaller than either Avast or AVG, let alone Kapersky, Symantec, or McAfee basic AV products).

3. Integrates much better with Windows (definitely 7, and I suspect Vista as well). While WLOC worked VERY well with XP, it didn't fit in as well with Vista, and naturally never supported 7.

This looks beautiful. I really like the interface. I just hope it is ready in time for the Windows 7 GA release.

With a beta in September, it could well be - it looks like they're already well on their way to completing.

kraized said,
Why not just call it Morro? What is it with MS and their stupid naming schemes?

Maybe because it many languages it sounds gross?

I think you totally missed his point. Besides what is so hard about saying Microsoft Security Essentials? At least it describes what it does and makes sense. Most people would hear Morro and think "WTF is that?"

Everything has a codename before it is produced. Windows had a codename of Longhorn, if you remember, but I don't think I'd like my OS to be called that.

njeske said,
any word on if the "leaked installer" is available anywhere?

It's available at the usual suspects.
It's multiple installers (32 and 64-bit XP and 32/64-bit Vista, with the Vista installer working on 7)
The darn thing is *small* (it's smaller than the installer for Windows Live *Messenger*, let alone OneCare); the 64-bit Vista/7 installer is less than 4 MB.
It disables Defender because it *integrates* with it.
It's not exactly new (in fact, if you are in an enterprise where Microsoft Forefront Security is deployed, you'll recognize it as the Forefront client, re-skinned), which isn't exactly a Bad Thing (the basic consumer products from Symantec and McAfee are remixed versions of their enterprise clients, so what room do they have to complain?).

Aren't they phasing out the whole "Live" thing? I always hated that anyway, just call them Windows Messenger, Windows Mail, etc.

I just hope they don't hold off on the final version of Windows Live Movie maker so the 2 can be released together in the same wave.

The new security offering, code-named as "Morro" will feature streamlined solution with smaller footprint that focuses on core anti-malware protection and will provide comprehensive protection from malware including viruses, spyware, rootkits and trojans, according to Microsoft press release. The security product won't provide additional non-security features or advanced functions that comes with commercial consumer security suites from other third-party vendors. Possible exclusion includes firewall.

"Morro" will be built from the existing anti-malware technology that fuels the company's current line of security products, highly possible is Windows Live OneCare, which have received the VB100 award from Virus Bulletin, Checkmark Certification from West Coast Labs and certification from the International Computer Security Association Labs. As such, Microsoft also announced that it will discontinue Windows Live OneCare from June 30, 2009, although paid subscription users can continue to receive up-to-date virus signatures through the whole subscription period, as explained in Windows Live OneCare blog.

The freeware "Morro" will be available as a stand-alone free download and will support Windows XP, Windows Vista and Windows 7 operating systems.

Windows Live Essentials, Microsoft Security Essentials. For the average customer, the name sounds good. I should have that on my computer etc. It's not meant to be a cool brand. Name is fine.

You're right, this follows the free downloaded apps brand which is called "Essentials". You have the Live apps and now the Security apps. I think it makes perfect sense, and that's how MS probably looked at it.

GP007 said,
You're right, this follows the free downloaded apps brand which is called "Essentials". You have the Live apps and now the Security apps. I think it makes perfect sense, and that's how MS probably looked at it.

Exactly - it makes sense and the word "Essentials" entices people to download it and use it on their computer. To them, it is essential

What about "Microsoft Antivirus"? Why this dumb name -> Security Essensials. To me, this sounds more like a security software suite, and not just an AV.

It protects against spyware aswell, as can be seen from the screenshots - it isn't just an anti-virus :)

I like the name "Microsoft Security Essentials"

[edit] Scratch that. There was a Microsoft Antivirus for DOS (it also supported Win3.1) and it was a bit harsh to call it rubbish, but it was very basic :P a bit of useless trivia; it was the AV program that reported the Win95 upgrade installer as a virus! (please note MSAV was not made by MS, it was made for MS..the company that made it was later bought by Symantec) which was rather embarrassing for MS. So there you go, didn't really answer the question and give a quick history lesson while I was at it :P

You history is 100% wrong about the source of the former MSAV. Microsoft licensed the AV product from Central Point for MSAV back around 1995-1998. They DID NOT get any code from the company that Symantec licensed code from in 1998. Symantec did not buy the other companies product, they just licensed it. Those are the facts. I was in the middle of all of it.

Xerxes said,
[edit] Scratch that. There was a Microsoft Antivirus for DOS (it also supported Win3.1) and it was a bit harsh to call it rubbish, but it was very basic :P a bit of useless trivia; it was the AV program that reported the Win95 upgrade installer as a virus! (please note MSAV was not made by MS, it was made for MS..the company that made it was later bought by Symantec) which was rather embarrassing for MS. So there you go, didn't really answer the question and give a quick history lesson while I was at it :P

GreyWolfSC said,
The defrag in MS-DOS came from Norton. The AV came from Central Point as njtrout said. :)


I miss the old defrag. Now I feel old.

njtrout said,
You history is 100% wrong about the source of the former MSAV. Microsoft licensed the AV product from Central Point for MSAV back around 1995-1998. They DID NOT get any code from the company that Symantec licensed code from in 1998. Symantec did not buy the other companies product, they just licensed it. Those are the facts. I was in the middle of all of it.


The company that Symantec acquired was Central Point Software (which was indeed the company that supplied Microsoft Anti-Virus for DOS/Windows, included with MS-DOS 6.2x). I was in the middle of it another way, as a Central Point Software customer (specifically for CPS' PC Tools security suite; version 7 added Central Point Desktop for Windows, a replacement for Windows 3.x' Program Manager, and a competitor for Symantec's Norton Desktop for Windows).

September for the beta? Ack!!! Was hoping to get it on my wifes laptop so I wouldn't have to buy anything after I get 7 from my MSDN in july (hopefully July?)

Does it disable Defender? Everything does. Even OneCare did. It just sits idle on the machine. Poor defender. gets no love. heheh.

I think this works with defender since the shots show that it has virus and spyware definitions.

I think it's mostly a superset of defender itself. So It could use parts of defender code already in windows or just replace it totally. I dunno for sure.

SleeStak said,
I guess we can all hope he doesn't have another cousin named Security Essentials to save him some anguish ;)

lol

The two things are completely different

Windows Defender is an anti-spyware software integrated into Windows Vista/7
Microsoft Security Essentials is a free standalone anti-virus software package that should be available for free download through Windows Update as a part of Windows Live Essentials Package as Windows 7 hits GA

BorisX said,
[...]that should be available for free download through Windows Update as a part of Windows Live Essentials Package as Windows 7 hits GA

It hasn't been stated that it will be included in the Windows Live Essentials package and I don't think it will be as it doesn't have the Windows Live branding.

I'm pretty confident this will be a seperate download

Although I felt the old UI was simple yet effective, this one definitely fits in with the look and feel of 7. when was the last time anyone was this excited for a new OS from MS? ...hands?

OneCare was a great product. Very little performance impact unless it was performing a "tune up"; a feature/bug that seems to be missing in this new product.

I can't wait. An integrated AV without a boatload of bulk is better than any security suite Symantec or Mcafee could offer. Being a responsible computer user and having a simple, updated AV program is all you need to stay secure and safe.

Assuming of course Microsoft are as quick off the mark with definition updates as the likes of ESET, McAfee or Symantec.

If Windows Defender is any indication of this, I'm not hopeful. Pretty much any other anti-spyware product out there is quicker at detecting newer threats than Windows Defender.

TOOLaudiofan said,
I can't wait. An integrated AV without a boatload of bulk is better than any security suite Symantec or Mcafee could offer. Being a responsible computer user and having a simple, updated AV program is all you need to stay secure and safe.

We don't know the resource usage of this tool yet. Hopefully its scanner will at least keep itself below ~50 MB, and not interfer with other apps too much. These things are a bit different than bloat. For example, McAfee's scanner is pretty lean in terms of features, but easily eats 100-150 MB RAM at work (where we're now forced to such tools -- before, we used NOD32 and it was more around like 20-30 MB with a similar feature set).

So my point is that we can't judge the resource usage of this tool by how many features it has and if it "looks" lean. That depends a lot on how it's programmed. Microsoft doesn't have an excellent track record in these areas either, so I'm waiting and seeing in this case. Windows 7 is really a trend breaker for MS.

TCLN Ryster said,
Assuming of course Microsoft are as quick off the mark with definition updates as the likes of ESET, McAfee or Symantec.

McAfee? They're still painfully slow with their updates.

Looking forward to testing it.

But RAM usage and hard drive space became irrelevant about a decade ago.

Impact on running applications as well as false positive detection and, of course, antivirus/malware protection AND cleanup will be what I'm looking for.

Jugalator said,
We don't know the resource usage of this tool yet. Hopefully its scanner will at least keep itself below ~50 MB, and not interfer with other apps too much. These things are a bit different than bloat. For example, McAfee's scanner is pretty lean in terms of features, but easily eats 100-150 MB RAM at work (where we're now forced to such tools -- before, we used NOD32 and it was more around like 20-30 MB with a similar feature set).

So my point is that we can't judge the resource usage of this tool by how many features it has and if it "looks" lean. That depends a lot on how it's programmed. Microsoft doesn't have an excellent track record in these areas either, so I'm waiting and seeing in this case. Windows 7 is really a trend breaker for MS.

Running a full scan while I type this, it's not using much resources at all.

Even took a snapshot of it. Here ya go:

GP007 said,
Eh? I see definition updates for defender pretty much every day now. How is it slow?

For me, defender is updated monthly at best...compared to the likes of Symantec which is updated hourly (my trusty Trend Micro isn't too bad, it updates a few times a day) it's beyond slow, it's stationary! :P

TCLN Ryster said,
Assuming of course Microsoft are as quick off the mark with definition updates as the likes of ESET, McAfee or Symantec.

If Windows Defender is any indication of this, I'm not hopeful. Pretty much any other anti-spyware product out there is quicker at detecting newer threats than Windows Defender.

I see one or two updates a day in Forefront Client Security, their enterprise A/V offering. I would assume they're using the same engine in this one.

For me Eset updates atleast 5 times a day, while defender updates once in two weeks or so. I really hope MS's Morro turns out to be a great product with a good backing from MS to release definition files without any delay. AV's need to updated everyday, taking in regard the increasing threats.

jase chaos said,
Running a full scan while I type this, it's not using much resources at all.


You need to turn on the option to show processes from other users also...

The main service isn't showing on your screenshot.

You see this when you look at the CPU Usage...

Also consider showing the real memory usage of processes, instead of the one you show at the screenshot...

When Windows pages out memory, then an app only shows about 800KB-3MB and pages in the data while scanning continuously.

This will cause lots of disk/pc lags cause of the many small reads and memory copys required.

The GUI seems only to be a basic shell for the real scanner, running hidden in the background.

Every scanner that shows you less than 63MB of RAM usage, either tricks you with a bad behavior (streaming the data from disk), using separate service processes to hide its real RAM usage, or simply having too few signatures.

Imagine that a Antivirus app doesn't use real signatures, but some sort of easy hash...
An MD5 would use 16Bytes to store...
Multiply this with about 4 million of signatures and youre in the range of 62MB just for the storage of the signatures.
Now add the programm and resource usage to it, and you see what i mean ;)

Jugalator said,
before, we used NOD32 and it was more around like 20-30 MB

If NOD32 only uses 20MB, is just saying that NOD32 has only about 800k signatures, which is really bad.
Data (signatures) can't be stored magically for free without using RAM *g*

Im not saying that NOD32 or the Microsoft tool is bad, i just say... choose wisely and don't trust the things, you think you see, blindly

Jugalator said,
We don't know the resource usage of this tool yet. Hopefully its scanner will at least keep itself below ~50 MB, and not interfer with other apps too much. These things are a bit different than bloat. For example, McAfee's scanner is pretty lean in terms of features, but easily eats 100-150 MB RAM at work (where we're now forced to such tools -- before, we used NOD32 and it was more around like 20-30 MB with a similar feature set).

So my point is that we can't judge the resource usage of this tool by how many features it has and if it "looks" lean. That depends a lot on how it's programmed. Microsoft doesn't have an excellent track record in these areas either, so I'm waiting and seeing in this case. Windows 7 is really a trend breaker for MS.

Uhhh. The total install size of the folder is about 11 megabytes. I can't be sure, but I don't think it'll be generating that much RAM usage.

I'm just curious, all you people who always want stuff that uses less RAM: What exactly are you going to use that unused RAM for? Wiping your ass with?