Microsoft Security Essentials Is Unexceptional in the Best Sense of the Word

The free Microsoft Security Essentials anti-virus solution, formerly known as Morro, works but won't blow your mind. With it, Microsoft is raising the security bar--albeit the lowest rung on the ladder--but integration with third-party solutions could result in something big.

I've been poking around in the beta of Security Essentials-Microsoft's forthcoming free anti-virus solution-for a couple days, trying to find something interesting to say about the product.

Microsoft Security Essentials-formerly known as Morro-seems unexceptional in the best sense of the term: It installs and uninstalls easily (provided Windows is genuine); its scan rules are fairly configurable; and scans use a noticeable but not overwhelming amount of system resources on modern PCs. In short, it works but won't blow your mind.

In fact, there are really only two interesting things about the product. First, of course, is the price: Free is always somewhat compelling. Second, Security Essentials scored surprisingly well on early wild list tests, finding absolutely everything thrown at it. And this achievement is not commonly reached by any for-pay solutions.

Third-party software companies with competing solutions seem to be of two minds about Security Essentials. They scoff at the limited scope of Microsoft's product, which focuses on signature-based detections (along with some root kit defenses) instead of more modern heuristic or behavioral approaches, or more recent browser-based defenses against Web threats. But undoubtedly, these companies will also keep an eye on how Security Essentials performs in the marketplace upon its release for antitrust implications.

I don't think Security Essentials should be viewed as an attempt by Microsoft to corner the anti-malware market. Instead, the product should be viewed as Microsoft's attempt to raise the lowest rung of the Windows security ladder-effectively elevating the absolute minimum level of security users should expect to get from their systems.

Ever since Microsoft released Windows XP Service Pack 2 and the Windows Security Center-that little warning on a fresh installation that, among other things, decries the system's lack of anti-virus protection-the company has explicitly acknowledged that out-of-the-box Windows is not secure given the way the bulk of the user base practices computing. In the years since, as new operating systems have come along, Microsoft has done a lot of work to shore up the security of its operating system-with User Access Controls, Data Execution Prevention, improved firewalling and so on.

However, the company has made much less headway in how its users compute-which often leads to the new security being disabled to foster easier day-to-day management or backward application compatibility.

Microsoft needs a way to protect this recalcitrant segment of its user population with a tool set that is familiar and acceptable-signature-based scans. But for Security Essentials to provide this elevation of the lowest common denominator, the product needs to be installed on every copy of Windows.

I have my doubts that Microsoft will ever pull the trigger and include Security Essentials in a base OS or a service pack update for fear of the backlash. But I certainly see the product appearing in Microsoft Update as an option once it is a little more battle-tested, then eventually morphing into a critical update within a year or so of release. Of course, all of this depends on Microsoft making a concerted effort to ensure its solution plays nicely with others.

Windows Security Essentials can be a win for third-party security companies, as well, with some modifications. Say, for instance, that Microsoft leverages the approach it uses with the enterprise-focused Forefront Security for Exchange security solutions, which allow third-party security companies to plug their own scan engines into Microsoft's core product. Given that Microsoft has even written a whitepaper about the benefits of such an approach, it is not a big leap to see how consumers could benefit from a one-stop shop for protection from multiple vendors in one tidy package. If users can tap multiple scan engines in one package, that also means more customers for more security companies.

Then, with their old-school signature-based detections being packaged and sold through Microsoft's own product, third-party security providers could focus more of their development efforts on next-generation solutions-whether browser-based, encryption-oriented or behavioral-having to worry mainly about compatibility with Microsoft's scanner, rather than a cornucopia of solutions that currently make up the marketplace.

Senior Analyst Andrew Garcia can be reached at [email protected]