The Download Blog

The public beta for Microsoft Security Essentials, the free replacement for Live OneCare, is now closed, but that doesn't mean you've missed your chance to see what it's like.

In this First Look video, we look at the new interface, the new features, and the new limitations of the latest free antivirus to enter the market. Should AVG and Avira be scared? Watch and find out.

A day after making a beta of its free security program available, Microsoft has said it already has the number of testers it needs and has halted new downloads.

(Credit: CNET)

Well, that didn't take long.

A day after making available a free beta of its Microsoft Security Essentials software, Microsoft has stopped offering new downloads, saying it has reached the number of participants it was looking for, at least here in the U.S. The software maker had said it was only looking to initially have about 75,000 downloads of the product, formerly code-named Morro.

"Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time," Microsoft said in a posting on its Web site. "Please check back at later a date for possible additional availability."

Microsoft Security Essentials is the free product that Microsoft promised it would create last year, at the same time the software maker said it was discontinuing its paid Windows Live OneCare product.

The program hits the antivirus basics, including built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection. It's also similar to other free products on the market, such as those from AVG and Antivir.

Download.com's Seth Rosenblatt contributed to this report.

Click on the image above to see Download.com's look at Microsoft Security Essentials.

(Credit: CNET)

Updated June 25 at 12:50 p.m. PDT: Several commenters pointed out a secondary scanning process that runs while a scan is running. While Microsoft Security Essentials uses little memory when not scanning, during a second round of tests it used 60MB to 70MB of RAM, while consuming around 200MB of Virtual Memory.

Updated June 24 at 11:30 a.m. PDT: The 75,000 available slots for testing Security Essentials have been taken. There is no word at the moment whether Microsoft will allow more testers to download the public beta in the future.

Microsoft on Tuesday released its latest foray into security software as a limited beta. Microsoft Security Essentials, known in development as Morro, is limited to 75,000 downloads in four countries: the United States, Israel, Brazil, and China.

Security Essentials contains all the basic features that users have come to expect from free security software: multiple built-in and customizable scan options, a scheduler, automatic definition file updates, a real-time defense shield, and rootkit protection.

Do you need Microsoft Security Essentials?

It's been a bit hard to gauge user interest at this point. Despite the download limitations, I was able to download the installer onto one computer at 10:15 a.m. PDT, and another at 10:45 a.m. Microsoft has also said that the download cap might be lifted at a later date.

This hands-on will be limited to testing the on-board features since CNET doesn't maintain a virus zoo for security reasons. Also, users should note that Security Essentials will run a Windows Genuine Advantage check before installing. If you're running an illegal copy of XP or Vista, you're out of luck here. The program will run on Windows 7 RC, and there's a separate installer for users with 64-bit operating systems. The 32-bit installer for Windows Vista and Windows 7 was small, weighing in at 4.73MB.

The main interface of Microsoft Security Essentials is streamlined and uncluttered.

(Credit: Screenshot by Seth Rosenblatt/CNET)

If you're familiar with other free antivirus solutions such as AVG or Antivir, Security Essentials will probably strike you as an incredibly similar experience. The program opens with four tabs: Home, Update, History, and Settings. When you first start the program, it will ask you to update the definition files. This was a surprisingly fast process, taking about a minute when tested on two different Windows 7 computers.

After updating the definition files, it will ask you if you want to run a Quick Scan. On both of those Windows 7 machines, the Quick Scan worked true to its name and completed in less than 10 minutes. Quick Scans are good tools if you're worried about major infections, but deep scans are recommended regularly to maintain a higher level of protection.

The Home landing page summarizes your security status, indicating whether your system has been scanned successfully, whether real-time protection is on, and if your virus and spyware definitions are up to date. A pane on the right contains scanning controls, and a pane at the bottom tells you when your next scheduled scan is. There's a link to the scheduler, as well.

Security Essentials' Full Scan took nearly an hour and a half to finish, but only used 4MB of RAM while running.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Full Scan took about 86 minutes, which is a bit long for a deep scan on fairly new, regularly-scanned computers. I didn't think that the program would turn up any risks, but somewhat notably Security Essentials didn't turn up any false positives, either. The Custom Scan lets users select specific folders or drives to scan, but it doesn't allow for customizing the type of scan used. For example, you're not going to be able to choose to scan only for rootkits or heuristics, as you can with other security programs.

The program installs a context-menu option for on-the-fly scanning in Windows Explorer, too.

What did impress me was the shockingly small memory footprint. During the most resource-intensive action you can take with the program, the full system scan, it worked itself up to using only 4.6MB of RAM. More often than not, it hung around a few bytes lower, at 3.9MB.

The Update tab tells you your definition file version numbers, when your last update was, and has an Update button so you can force an update check. The History tab shows only files detected as potentially harmful. You can sort files it's detected according to All Detected Items, Quarantined Items, or Allowed Items.

User can customize some, but not all, aspects of the program.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The last tab, Settings, is where most of the customization features reside. A left sidebar list contains options for Scheduling your scans, adjusting Default actions, tweaking Real-time protection, Excluding files, folders, file types, and processes from scans, Advanced controls, and managing your Microsoft SpyNet enrollment.

Yeah, Microsoft actually called something "SpyNet."

SpyNet, apparently, is a telemetry system Microsoft uses to quality-control definition-file updates after they've been sent out. According to the Microsoft news release, SpyNet reports back on the efficacy of old definition file removal and the implementation of new definitions, as well as how detection rates on false positives.

Security Essentials users must participate in SpyNet. The default option, Basic, reports to Microsoft on where a potentially infected file came from, what your action was, what the recommended action was, and whether the action taken was successful.

Security Essentials' SpyNet malware reporting feature.

(Credit: Screenshot by Seth Rosenblatt/CNET)

The Advanced membership in SpyNet will send even more information to Microsoft, including the location on disk of your potential infection, how it has affected your computer, and how it operates. For both Basic and Advanced SpyNet membership, Microsoft warns that, "personal information might unintentionally be sent to Microsoft," but that the company "will not use this information to identify or you or contact you."

On the surface of it, this sounds like a standard security software reporting process on malware behavior, although I don't know how deep other programs go into your system behavior. However, it's definitely odd that Microsoft has chosen to call it out in this way.

It's hard to gauge any antivirus program without reliable data on its detection and removal rates. Microsoft Live's OneCare security program has a reputation for low false positives and strong "new" detection rates, but it's not clear how much of Security Essentials is built on or from OneCare. At this point, I'd advise users who are curious about Microsoft Security Essentials to try it out, but I wouldn't recommend it yet as a primary security solution without more field testing.

Updated at 1:15 p.m. PST Wednesday with comment from Symantec and at 11:45 a.m. PST Thursday with comments from McAfee and Kaspersky.

For some security companies, Microsoft's decision to offer a free anti-malware product, code-named Morro, won't result in a dramatic change in how they do business.

Morro will be available in the second half of 2009 and will protect against viruses, spyware, rootkits, and Trojans, according to Microsoft.

"With OneCare's market share of less than 2 percent, we understand Microsoft's decision to shift attention to their core business," Joris Evers, director of worldwide public relations for McAfee, said in an e-mail.

As for confronting a free malware solution from a software giant, Evers said, "With more malware attacks than ever before, we believe our advanced technology, commitment to consumer education, superior protection, dedicated focus on security, and our 20-plus years in this business will provide consumers the confidence to choose McAfee as their trusted adviser and expert in security."

Justin Priestley, senior vice president of consumer sales at Kaspersky Lab's Americas division, also seemed not that concerned at the prospect of facing a free security solution from Microsoft.

"Having entered the U.S. consumer market at the same time as Microsoft, we initially viewed them as a formidable player. They've continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically," Priestley said. "With the increasing threat malware and Web attacks pose, security is as important as ever, and we believe people will continue to choose antimalware software based on the quality of protection and will choose the highest-level product available."

Rowan Trollope, senior vice president of Symantec's consumer business, characterized the announcement as a "capitulation by Microsoft, and a reinforcement of the notion that it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection."

Here's the rest of his statement, provided via e-mail:

Consumers have already rejected OneCare, even though it entered the market at a lower price, because OneCare offered substandard protection and poor performance, as evidenced by scores of third party reviews. The offering only gained modest market share and ultimately was deemed unsuccessful in the marketplace.

Making a significantly scaled-back version of that same substandard security technology free won't change that equation. Simply put, innovation and protection matter. So even if it's free, the Microsoft "OneCare-light" offering will certainly fare worse than its predecessor, essentially putting consumers at increased risk without additional protection.

Additionally, our research clearly indicates that, after effective protection, what consumers care most about in a security product is performance. OneCare is widely recognized as one of the most egregious offenders in hogging system resources.

On Tuesday, Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft, had dismissed similar criticism from McAfee. "If the current approach isn't working (as far as protecting consumers broadly), we need to go with a new approach," she said.

A representative for AVG Technologies, maker of AVG Antivirus, told CNET News on Wednesday, "We view this as a positive step for the AV (antivirus) landscape. AVG has believed in the right to free antivirus software for the past eight years."

The company said it will be "business as usual" and doesn't plan to make any changes to its own product offerings as a result. "Based on what Microsoft is planning to deliver, we don't feel the need to make any changes to our free product at this time," the company said.

Asked if AVG had any advice for Microsoft, the company said "consumers will use a free product if it's robust and it protects them. The product has to be easy to use, fast, unobtrusive, and be able to address the latest Web threats."

Alex Eckelberry, CEO of Sunbelt Software, maker of Vipre Antivirus + Antispyware, said the move to get out of a profitable business appears to a capitulation on Microsoft's part. "This gives them a chance to do something altruistic while getting out of an unattractive business," he said. He noted that Microsoft will still be selling Microsoft Forefront, a collection of business security products.

Eckelberry said there remain two questions: One, how exactly will Microsoft distribute the product (will it consider bundling it with Windows 7)? And two, will the company make the application available through enterprise group policy management?

In the end, AVG said the market still needs to be educated. "Microsoft will have to do more than simply make the product available," the AVG representative said.

(CNET News' Elinor Mills contributed to this report.)