Reviewing the Windows 7 Firewall & Microsoft Security Essentials 2.0
This week in the Security for Everyone Series we look at the latest version of Microsoft Security Essentials. Security Essentials was released in September 2009 to differing opinions. In a short amount of time independent testing organizations identified Security Essentials as one of the most effective desktop security solutions available. In mid-December 2010 Microsoft released Security Essentials 2.0. In this review we will look at what has changed in the latest version.
Downloading  and installing Microsoft Security Essentials continues to be an easy process. The download weighs in at around 8 MB and doesn’t require any personal information. It’s important to mention that if you are currently using version 1 of Security Essentials you will need to download and install the latest version manually, as the daily update process will not automatically upgrade you to the latest version. I found this to be true for several workstations in my own home and supported via several online sources as well.
Setup is completed after running through the few installation prompts. The only item worth noting is the introduction of a step which provides the option to enable the Windows Firewall if there is no other firewall solution active.
Those of you that use, or are familiar with, the previous version of Security Essentials will find very few changes in the interface and may in fact have to go looking for them if you are so inclined. Another way to say this might be, Microsoft managed to keep the simple minimalist interface intact in version 2. This is well received as most people used to working with security applications can attest to significant feature creep (aka. bloat) as applications mature. This isn’t the case for Microsoft Security Essentials, at least not yet.
Microsoft has done a good job sticking to the basics and not trying to fix something that wasn’t broken. The first impression remains positive. Let’s see what’s changed regarding the use and configuration of Microsoft Security Essentials 2.
Ease of Use and Configuration
Working with Security Essentials continues to be pretty painless. The main interface is adorned with 4 minimal tabs providing access to the basic areas and functions associated with all virus and spyware scanners. The tabs include Home, Update, History and Settings.
The Home tab allows you to quickly kick off a scan and displays your basic security status. You can also access your scheduled scan setting from here. The Update tab shows how current the various definitions are and allows for running a manual update. The History tab shows threats that have been isolated and functions as the quarantine as well. In the event of a false positive you can release items from the history interface. Finally, the Settings tab gives you the option to modify the few settings areas associated with Security Essentials 2.
As you move through the settings you will notice some changes from the previous version. The first change is found in the Scheduled scan section. You can now set the CPU usage for your scheduled scan. The default is 50% and can be changed up or down in increments of 10.
Next you will find a couple of worthy enhancements in the Real-time protection settings. Microsoft Security essentials has always included heuristic  capabilities but has not offered a way to disable them. You may now enable or disable this behavior monitoring. The recommendation is to leave it enabled. When it comes to monitoring file and program activity you now have the choice to monitor all files or only those that are incoming or outgoing. The other change worth noting is the introduction of the Network Inspection System which utilizes the Windows Filtering Platform  to identify threats at the network layer.
In the Advanced settings you can set how long threats remain in the quarantine. If enabled, your choices range from one day to three months. And while we are looking at the advanced settings, you’ll find an option to scan removable drives while running a full scan and another to create a system restore point before applying an action to a threat. Each of these last are not enabled by default. I recommend you consider enabling each of these.
The final change involves the Microsoft SpyNet community. SpyNet is a community designed to assist in the proper response to threats as well as to reduce the spread of new threats. The previous version of Security Essentials did not allow an option for you to opt-out of the SpyNet membership (short of making changes to the registry). This latest version does indeed provide just this welcome opportunity.
Additional configuration options include the ability to define file and folder exclusions and default actions for identified threats. A couple of useful features found in the Help menu include options to submit a malicious software sample and check for software updates.
While researching the changes in Security Essentials 2 there were several mentions of Firewall integration that led me to believe this might include access to some firewall configuration from within the Security Essentials interface. This is not the case. As far as I can tell the integration is present in the installation steps when the firewall option is mentioned and possibly in the Network Inspection option; although the latter could be debated. This isn’t necessarily a bad thing but I did want to mention it since reviewers at other sites have questioned this integration as well.
Security Essentials remains an easy to use and non-intimidating product. The heuristic engine improvements and network level monitoring in version 2 add to the overall level of protection. There continues to be no interface between the antivirus/antispyware solution and the Windows firewall. It would be nice to see some greater integration here. A few links for common activities like allowing or denying applications and choosing network behavior would go a long way toward making Security Essentials feel like an integral part of the operating system.
Windows 7 has enjoyed a fair bit of success in the area of operating system security, especially when compared to the occasional turmoil of the XP days. This isn’t to say Windows 7 has not had security concerns and vulnerabilities, it has, but components like the Windows firewall have been a big part of the improved security of Windows 7.
The Windows firewall is accessible from both a basic and advanced user interface and allows for all manner of configuration possibilities. The act of allowing or denying an application access to or from the Internet is relatively intuitive. You can also implement plenty of advanced features such as creating inbound and outbound rules and building custom security rules.
When testing the effectiveness of a firewall, even one integrated into the operating system, I like to run an intrusive scan to see what kind of ports are left open and how much information might be leaked. This test was performed in July 2010 when reviewing the last version of Security Essentials . Thankfully the scan results are the same now as they were then. The scan identified no open ports and the information gleaned from the scan was very little and nothing of value.
While it would be nice to see some integration between Security Essentials and the native Windows firewall, there is little disputing the good level of protection provided by the firewall. The basic and advanced interfaces make this implementation one that both Grandma and the geek can enjoy. You can find additional information on the firewall via the links below.
Antivirus and Antispyware Features
Quiet, clean and effective. Those are three words I believe best describe the scanning features of Security Essentials 2. Microsoft has kept things simple in this latest iteration and while the options associated with scanning are few they address the areas one is most likely to adjust.
Visual cues remain present when a threat is identified or an action is required. You’ll also find the notification messages contain enough information to empower an informed response.
My own testing has found Security essentials to be very good at identifying and cleaning threats at the desktop level as well as those encountered while browsing the Internet. Integration with Internet Explorer seems to have improved with this latest version as well. I make this claim due to the near simultaneous response between the browser window and the Security Essentials alert. Each malicious site I visited identified the looming threat without incident.
I was unable to identify testing done by formal organizations such as av-comparatives.org . I’m sure this has to do with the recent release date of Security Essentials 2. AV-Test.org  expects to have their first results of 2011 published the end of April. It may be worth marking this on your calendar if these independent tests are important to you, and they should be.
I will close this section by sharing that I scanned the same threats tested against the previous version and Security Essentials 2 did find a couple of additional threats. As informal as this is, I do believe it bodes well and at least confirms for me that the detection and removal have not taken a step backward.
Microsoft continues to provide an effective, simple and free security solution in Security Essentials 2. The coupling of the native Windows Firewall makes for a very compelling combination that protects well with minimal configuration yet provides for some complexity to suit the geeks among us. The verdict shall continue to be, "BUY for Everyone!".