Microsoft Security Essentials, why it’s less than perfect

MSE (Microsoft Security Essentials) did get some very good reviews, and overall it’s not a bad anti-virus and spy-ware package. It has a native 64bit version and its free, and does provide adequate protection for the average user who doesn’t wonder off onto stay sites, or use cracked software. But I wouldn’t call it an ideal package for novice users.

  1. It has a serious usability flaw: The program does not automatically update itself. This means that the green systray icon turns red, and requires the user to manually update this. Now if there is one thing we should all know about usability, something the MSE team strangely don’t know, is that novice users can be scared or weary of anything relating to a virus, including the use of the anti-virus software. You see, when you ask a novice user to “update your anti-virus software”, the novice user might not, because they are too afraid to do something wrong. As far as they’re concerned something is already wrong, and they’re already worried, and who can blame them, the AV product 2-3 times a week is telling them – your system could be at risk. If you’re an advanced user, it’s just plain annoying, and makes no sense at all. AV product knows its out of date, knows where to get the update from, knows that by not updating it’s putting your system at risk, but it just sits there knowing all of this, expecting you to manually update it. Bottom line – never run this product on anything that is unattended. If you’ve installed this on your wife’s PC or your 60 year old mother, who uses the computer for the odd email, then expect to get a call every time the AV out dates, and you’ll get asked – “Something is wrong, what should I do?”, even if its clear to you, it’s certainly not clear to the notice.
  2. The real-time protection is hackable even by a script kiddy. In hacking terms, the script kiddy is a very entry-level hacker, and also very common. Anyone with a devious nature and a bit of programming knowledge can become a script kiddy, and a decent AV product should at least protect you against the layer of attacks coming from such a low skilled group of for lack of a better word – “hackers”. Anti virus packages typically provide you with 2 levels of protection, one of these is real-time, which means, files are scanned for viruses before you execute them, when a file is finished downloading, when a file arrives in your inbox, etc. Real time scanning is not exactly state of the art, its been around for a long time, and I would consider it essential given the high number of threats coming in from email and internet browsing and downloading. So why do I say its very easily hackable? Well here is a fact that may shock/surprise you. Once real-time scanning is enabled in MSE, all you need to do to turn it off is overwhelm it. This is because once MSE becomes overwhelmed it automatically shuts down real-time scanning. So what does this mean? All a hacker needs to do to shut down your real-time scanning is somehow get a file onto your computer (yes even the very virus, but it could also be a completely harmless file) that confuses the real-time scanning engine, either by (a) containing too many files (innocent or not) (b) script files (even in smallish doses, and even innocent) and ladies and gentlemen your MSE real-time virus scanning will turn itself off, and your system will become unresponsive.
  3. Based on the above point MSE HATES PHP. PHP is a scripting language that programmers use to create business applications for the web. MSE treats all script files as potential threats, and so when confronted with the .php extension MSE deep scans the script, however…. MSE does not have the intelligence to detect potential threats in PHP files, instead what happens is MSE locks up, real-time scanning gets disabled, all this happens after explorer crashes, and restarts. Even if you might not in danger of getting hacked that very second, it’s still extremely annoying for anyone running PHP scripts for legitimate purposes.

Because of these 3 points, I’m slowly loosing my patience with this otherwise average product. It did during my initial review look like a viable option for those of us running Win7 64bit, but now I must conclude it’s not designed for the power user in mind.

Advertisements