Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Microsoft in major Security Essentials 2.0 overhaul

Major rewrite for free antivirus program

By John E Dunn | Techworld | Published: 14:37, 20 December 2010

After a mysteriously quiet launch late last week, Microsoft has released version 2.0 of its free Security Essentials (MSE) antivirus client.

Apart from the version number, most users will be hard pushed to see any differences between versions 1.0 and 2.0 with most of what's new buried under the hood.

The first important upgrade is the new anti-malware engine which, if the aims of the beta program are anything to go by, will attempt to boost the detection of state-of-the-art Trojans. Version 1.0 was not reported to have a major problem on this score, but Microsoft must have spotted a weakness.

A second and intriguing upgrade is the addition of the same network inspection system used in the Forefront Endpoint Protection client sold to businesses, also refreshed last week.

This performs packet-level inspection on network traffic to spot attacks based on software vulnerabilities that can be related to profiles in a database. This doesn't block attack executables or signatures so much as the follow-up traffic patterns that betray that an exploit is being opened.

This is the sort of technology that could stop the next Stuxnet from happening, at least assuming that the vulnerability being aimed at is known and in Microsoft's database. Many won't be but some will.

MSE 2.0 also integrates itself with the web filtering settings in Internet Explorer 9.0 and allows some control over the Windows Firewall.

Inside the program itself, there are a few tweaks here and there, including a change in how quarantined files are deleted (time limits can now be set), and the ability to define whether ingoing and outgoing files are monitored which might or might not (it's difficult to tell) relate to the way that Windows Firewall monitors outgoing traffic in Vista and Windows 7.

Why the secrecy for a program that is turning out to be hugely popular and well-regarded?

That very popularity and sensitivity to rivals companies, the majority of whom still charge for their antivirus programs, might explain the low-key launch. The company does not want to be seen in the US as endangering anyone's business model even though that is almost precisely what is happening. It wants the program to be used without the company being seen to market it.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.