Microsoft Security Essentials, why it’s less than perfect

MSE (Microsoft Security Essentials) did get some very good reviews, and overall it’s not a bad anti-virus and spy-ware package. It has a native 64bit version and its free, and does provide adequate protection for the average user who doesn’t wonder off onto stay sites, or use cracked software. But I wouldn’t call it an ideal package for novice users.

  1. It has a serious usability flaw: The program does not automatically update itself. This means that the green systray icon turns red, and requires the user to manually update this. Now if there is one thing we should all know about usability, something the MSE team strangely don’t know, is that novice users can be scared or weary of anything relating to a virus, including the use of the anti-virus software. You see, when you ask a novice user to “update your anti-virus software”, the novice user might not, because they are too afraid to do something wrong. As far as they’re concerned something is already wrong, and they’re already worried, and who can blame them, the AV product 2-3 times a week is telling them – your system could be at risk. If you’re an advanced user, it’s just plain annoying, and makes no sense at all. AV product knows its out of date, knows where to get the update from, knows that by not updating it’s putting your system at risk, but it just sits there knowing all of this, expecting you to manually update it. Bottom line – never run this product on anything that is unattended. If you’ve installed this on your wife’s PC or your 60 year old mother, who uses the computer for the odd email, then expect to get a call every time the AV out dates, and you’ll get asked – “Something is wrong, what should I do?”, even if its clear to you, it’s certainly not clear to the notice.
  2. The real-time protection is hackable even by a script kiddy. In hacking terms, the script kiddy is a very entry-level hacker, and also very common. Anyone with a devious nature and a bit of programming knowledge can become a script kiddy, and a decent AV product should at least protect you against the layer of attacks coming from such a low skilled group of for lack of a better word – “hackers”. Anti virus packages typically provide you with 2 levels of protection, one of these is real-time, which means, files are scanned for viruses before you execute them, when a file is finished downloading, when a file arrives in your inbox, etc. Real time scanning is not exactly state of the art, its been around for a long time, and I would consider it essential given the high number of threats coming in from email and internet browsing and downloading. So why do I say its very easily hackable? Well here is a fact that may shock/surprise you. Once real-time scanning is enabled in MSE, all you need to do to turn it off is overwhelm it. This is because once MSE becomes overwhelmed it automatically shuts down real-time scanning. So what does this mean? All a hacker needs to do to shut down your real-time scanning is somehow get a file onto your computer (yes even the very virus, but it could also be a completely harmless file) that confuses the real-time scanning engine, either by (a) containing too many files (innocent or not) (b) script files (even in smallish doses, and even innocent) and ladies and gentlemen your MSE real-time virus scanning will turn itself off, and your system will become unresponsive.
  3. Based on the above point MSE HATES PHP. PHP is a scripting language that programmers use to create business applications for the web. MSE treats all script files as potential threats, and so when confronted with the .php extension MSE deep scans the script, however…. MSE does not have the intelligence to detect potential threats in PHP files, instead what happens is MSE locks up, real-time scanning gets disabled, all this happens after explorer crashes, and restarts. Even if you might not in danger of getting hacked that very second, it’s still extremely annoying for anyone running PHP scripts for legitimate purposes.

Because of these 3 points, I’m slowly loosing my patience with this otherwise average product. It did during my initial review look like a viable option for those of us running Win7 64bit, but now I must conclude it’s not designed for the power user in mind.


6 thoughts on “Microsoft Security Essentials, why it’s less than perfect

  1. The posts here are great. Thanks for having them. I get so much out of reading other sites about computer security! It’s such an ongoing fight. I don’t comment on many sites but had to on yours. I don’t have time to read everything right now, I found this site when looking for something else on Yahoo, but I’ve bookmarked your homepage and will check back soon to see what’s new. The internet can be so informative. Click here if you’d like to check out my site. Thanks again – great site!

  2. Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.

    • You can browse the site, but in order to download from an MSDN subscription you need to use Internet Explorer with ActiveX enabled (2010)

  3. “Microsoft Security Essentials, why it’s less than perfect”
    Hi Michael
    Yesterday I downloaded MSE , and had the problem of then having to download manually the virus database because the program would not do it on automatic update. While downloading the update my computer locked up, this is the first time it has done this ( I wiped the HD and loaded Windows 7 four weeks ago), the only way out of the lock up was the main power switch.
    After restart I did get the file to finish downloading and then run MSE on full scan.
    I tried this program because I had read about how good it was, I had got a virus on my comp that was popping up new tabs in my browser. I had tried AdAware, spydoctor, Malwarebytes, and AVG, none could find the virus, but MSE did it was WIN32/ALOREON that had infected my system, MSE found it and removed it, problem solved.
    But today I have had my computer do a full lock up about 10 times, I was pulling my hair out until I remembered that when it fist locked up I had just installed MSE, I went in to MSE settings and stopped the real time protection. Whippeee my computer is working again.
    What a great program in finding that virus, but what a crap program in giving me more trouble than what the virus was giving me, it was only popping up ads.
    And now I just found this web site, and you had bloged about this problem back in November, by now Microsoft should have sorted the problem, what a load of dick heads they are.

  4. Hi Michael
    Me again with an update on updates for MSE!
    Yesterday I looked at optional updates available page of the windows update program, and was surprised to see a definition update for MSE, so the auto updates don’t work but you do get updates in the windows update program, But why are they in optional updates and not in important updates?. So if you are running MSE switch on optional updates in the setting window of the windows update manager. Also like to note that my computer as not locked up since the last post.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s