Security for Everyone - Reviewing the Windows 7 Firewall & Microsoft Security Essentials
By Chuck on Fri, 07/02/2010 - 10:07
Roughly one month prior to the release of Windows 7, Microsoft debuted its consumer antivirus and antispyware solution, Microsoft Security Essentials. This solution does not include a firewall which is understandable since Windows 7 does include one. Microsoft has a sketchy past with previous firewall incarnations that either left systems open for attack or did not provide the customization options that existed in commercial solutions. In this review I will take a closer look at the capabilities of Microsoft Security Essentials and the Windows 7 firewall. I will try to determine if the software giant has managed to stroll into the desktop security space as a solid contender.
First Impressions
Microsoft Security Essentials is a very small download at just under 7 MB. The installation is rather uneventful yet does require answering one UAC (User Account Control) prompt before beginning. Thankfully a restart is not required for Microsoft Security Essentials to begin protecting your system. Immediately after installation you are presented with an option to do an initial scan and update of virus and spyware definitions. On my system the scan took less than 15 minutes to complete.
A quick check of the system finds that Microsoft does disable Windows Defender, the antispyware application that comes with every version of Windows 7. This is a very good thing since too many security solutions running at the same time can cause more harm than good.
You are now met with the Home tab of the very minimalist Microsoft Security Essentials application. All the essential information is displayed, such as whether or not the definitions are up to date and when the last scan was performed. The Home tab also provides easy access to kick off a quick, full or custom scan.
The interface is certainly not as overwhelming as in other security solutions. While this may seem like a welcome surprise it remains to be seen if this seemingly light application is going to do the job of securing Grandma’s computer. Let’s dig a bit deeper into the ease of use and configuration.
Ease of Use and Configuration
One explanation for the minimalist design of Microsoft Security Essentials is due to the fact that this application protects your computer from viruses and spyware only. It does not include a firewall therefore reducing the number of items that can be configured within its interface. This makes sense since Microsoft Security Essentials is a Microsoft product and Windows 7 already includes a fine built-in firewall which we’ll discuss in the next section.
In addition to the Home tab you will find the Update, History and Settings tabs. The Update tab displays the virus definition version and date created. You will also find the version of spyware definitions. You may choose a manual update which is something I’d recommend if Grandma has been away from her computer for a few days or if it were down for repair. The History tab gives you insight into any threats Microsoft Security Essentials has detected as well as any applications you have chosen to allow.
The overall interface, while not beautiful in its design, is perfectly functional and easy to understand. In addition to the system status and easy access to beginning a scan, the Home tab allows for editing the time and date of the scheduled scan.
Selecting ‘Change my scan schedule’ delivers you to the scheduled scan section within the settings tab. From here you can set the day, time and type of scan and set whether or not Microsoft Security Essentials should check for updates prior to scanning and to start the scheduled scan only when the computer is on but not in use, the latter two options are enabled by default.
A question arose for me regarding the last option and whether or not Microsoft Security Essentials would wake a computer to perform a scan. Nowhere within the application is this spelled out clearly. A bit of searching online determined that Microsoft Security Essentials does not wake the computer. There is a way to force the computer to wake up and complete a scan but it involves editing the scheduled task within Windows 7.
Let’s look at the remaining options in the settings tab:
The default actions section allows you to set the default action performed when a severe, high, medium or low level alert is identified. By default each threat level is set to ‘Recommended Action’ . However, Microsoft Security Essentials does not tell you what the recommended action is. To determine this, you are forced to select the link provided which delivers you to the Microsoft Security Essentials site explaining what these actions are. It turns out the recommended action for severe and high level alerts is to remove the application or file immediately. For medium and low level threats the details of the threat can be displayed and you can choose whether or not the presumed threat should be blocked or allowed. If you choose not to use the recommended action, you can set severe and high level threats to remove or quarantine. ‘Allow’ is an available option for medium and low level alerts.
The real-time protection settings allow one to disable the real-time scan (not something Grandma should do) as well as the option to disable the monitoring of application and file activity and the scanning of downloaded files and attachments. Settings also exist for excluding files and locations, file types and processes. Exclusion is as simple as browsing to the file or location or identifying the file type or process.
The advanced settings allow you to enable the scanning of compressed files and removable media, the latter is not enabled by default. An additional advanced setting allows for the creation of a daily restore point before any cleaning is done. Lastly is the advanced option to allow any computer access to the Microsoft Security Essentials history. This last is enabled by default and would make threat history available to all users of the computer, even non administrative users.
The last set of options within the settings tab are around your participation in Microsoft SpyNet. This is an online community that can help you determine the appropriate response to a threat. Your choices of sending data to SpyNet include choosing Basic or Advanced Membership. There is no option to opt out of SpyNet.
The difference between the two memberships is that the Advanced membership sends more information about any threats you might encounter. This can include the file name and path of the infected file. Some folks may not be comfortable with this level of participation. The choice is entirely yours and Microsoft does say any information collected, accidentally or on purpose, will not be used to identify or contact you.
As you can see from screens above, Microsoft Security Essentials could not be much easier to use. Everything Grandma might need to know is easily accessible. Microsoft Security Essentials also does a nice job with visual cues. If everything is up to date and no threats have been detected the interface has a green tone. If Microsoft Security Essentials is out of date or a medium or low level threat has been identified the interface has an orange tone. Lastly, if a severe or high level threat is identified the interface is predominantly red. These color cues are applied to the tray icon as well.
Firewall
As previously mentioned, Microsoft Security Essentials does not include a firewall due to the existence of the built in firewall in Windows 7. Microsoft’s first inclusion of a firewall in Windows XP was in 2001. This version of the firewall, if it can be considered such, was disabled by default and was dealt a serious blow when the blaster worm moved into existence in mid 2003. Shortly thereafter the firewall was upgraded a bit and enabled by default but still lacked many features of the commercial firewall. In Windows 7, the firewall has been improved dramatically and handles all the tasks one would expect. Plus, it handles them in a relatively user friendly manner.
The firewall is accessible from two different interfaces, basic and advanced. The basic interface allows for stopping and starting the firewall, editing the notification settings and restoring defaults. You can also access the advanced firewall settings from the basic interface.
A very intrusive nmap scan produced no results at all. A nice surprise was the sheer absence of any alerts while the scan was taking place. The firewall simply did its job and did it well. When alerts are issued they are easy enough to understand and supply ample information for the tech savvy Grandma to make a choice between block and allow.
Several Windows Firewall tutorials have been written right here on 7 Tutorials. Refer to the list below for a better understanding of the specifics of managing the firewall:
Windows Firewall - How it Works and How to Enable or Disable It
How to Manage Windows Firewall Communication Rules
Manage Rules in Windows Firewall with Advanced Security
Antivirus and antispyware features
Whenever Microsoft enters onto the scene with any new product it is met with great skepticism and scrutiny. This isn’t necessarily because Microsoft develops poor software, quite to the contrary. Microsoft software is so well known, and has leading market share in its core applications and operating systems, that any software it develops has a great chance to be adopted by many many users. When a security solution enters into the fray the scrutiny is very well deserved.
Thankfully, Microsoft Security Essentials has held up very well in terms of detecting existing and new viruses or spyware. This is due to several factors. Among these are SpyNet, the community driven site which goes a long way toward the identification of new rogue software and therefore the creation of new definitions. Microsoft Security Essentials definitions are also updated several times a day, however a specific installation may only look for new definitions once every 24 hours. I have seen reports of some folks noticing 12 hour auto-updates but can find nothing to verify a long standing schedule aside from the understanding that Microsoft Security Essentials will try to update once a day.
There is little to miss when a threat, or threats, have been identified. The red icon and text make sure of that. When a severe or high level alert is identified, Grandma need only select the option to clean the computer for the threat to be removed. Had the threat been of a medium or low level variety the option to ‘allow’ would have been available as well.
Verdict
Independent tests consistently place Microsoft Security Essentials among the best in terms of detection and removal of viruses and spyware. Also, the Windows 7 firewall finally offers the features you would expect from a firewall.
This reliability, coupled with a very clean and easy to follow interface, make Microsoft Security Essentials and the Windows 7 firewall a clear winning combination for Grandma. Microsoft’s solutions may not provide access to the detailed settings other solutions have but this is part of the appeal, after all it’s Grandma we’re looking out for.
Related articles:
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Microsoft, Windows and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft Corporation in no way endorses or is affiliated with our site.
All other products mentioned are registered trademarks and/or trademarks of their respective companies.
This blog is running on the Drupal CMS - the best Content Management Platform.
Comments
Does this article apply to
Does this article apply to the latest iteration of MSE? A new version became available this week.
Is there some way to disable auto updates? If I do not manually update through Windows Update, then when I start up the following day I am immediately notified that MSE isn't protecting my computer and the data base is out of date.
On another computer MSE doesn't load automatically at start up and I have to go through the process of enabling it myself, which takes more than just a few seconds.
MSE and Windows Firewall are the only security solutions that I use. Except for the problems I've just described it seems to work just fine at threat detection and removal.
I'm not sure I understood
I'm not sure I understood what you want to do. Can you please explain better?
To me it seems you are trying to disable auto-updates and this will literally compromise the security of your system. And I just don't understand why you would do that.
I'm not trying to disable
I'm not trying to disable anything at all. I'm just stating the current condition of MSE on 2 of my computers. One doesn't automatically update itself, the other doesn't even load itself at start up.
That's all I said and all that I'm restating.
A fix would be thoroughly appreciated.
I contacted MicroSoft and received no response.
I searched for similar problems and found none.
I completely erased the program from both computers and then reinstalled to no avail.
Another computer has this same program with every single setting exactly the same as the 2 computers I am now talking about.
No other security or firewall programs are on these 2 or any other computer I own.
Please do not invoke the old, Dell mantra, i.e.:
FORMAT! REINSTALL!...FORMAT! REINSTALL!...etc., etc., etc. Ad infinitum. Ad nauseum.
Those 2 words were the only ones those Indians could properly pronounce and even then they had no idea what they were saying. I kept that Dell computer exactly 3 months. Long enough to learn, the few times it actually worked, to build my own computers. I gave the Dell away. I'm sorry I did. I should've paid the person to take that lemon!
My apologies. I digress.
If anyone has a possible solution please post it. Thank you. k1
k1, In the case where MSE is
k1,
In the case where MSE is not running on start up it sounds like there may be a problem with the service starting. Refer to the following for a possible solution.
http://social.answers.microsoft.com/Forums/en/msestart/thread/3db95541-6...
In the other case of MSE not auto-updating the following may be of assistance. It seems this is a known issue in some circumstances and possible workarounds have been identified.
http://www.mydigitallife.info/2010/01/05/fix-microsoft-security-essentia...
Thank you!
Thank you!
Thank you for your
Thank you for your informative articles. Just one comment about all the references to "Grandma." I worked in software technical support for over 20 years with two different well-known hardware and software manufacturers. I'm retired and a "Grandma." At our house, it is "Grandpa" who is technically challenged. The population of retired "geeks" is growing, so hopefully another term for the novice user can replace the use of "Grandma."
"The population of retired
"The population of retired "geeks" is growing, so hopefully another term for the novice user can replace the use of "Grandma.""
Very well said, and point taken. What would you suggest, other than Grandpa? :)
Lighten up, ma'am. You are
Lighten up, ma'am. You are an exception to the rule and obviously quite exceptional also. My old 1991 year model car, which is perfectly fit and fully as capable as new cars, is not offended when some refers to "old cars" as dilapidated or incapable. (It knows that the reference is not directed to it individually, but to the more typical car its age.) You are exceptional and any reference to "Grandma" is accurately referring to the more typical Grandma and is used to describe a level of comppetence commonly typical of "Grandmas" and not used in a derogatory manner whatsoever. Perhaps "Grandma" doesn't refer to "novice user" in the first place. Perhaps "Grandma" refers to someone who has been using computers for quite some time but to whom a computer is nothing but a tool to keep in touch with the children and grandchildren with and who is not any more concerned with the inner workings of the computer than the typical computer geek is with the inner workings of the automobile that they use for regular transportation. In this case, "Grandma" is not a novice user.
I noticed you had the System
I noticed you had the System Restore option unchecked in the "Settings" tab. I am a firm believer in using System Restore before making any system changes, especially advantageous with Windows 7 as Windows 7 has a much more robust System Restore than Windows XP and Windows Vista.
The setting to create a restore point prior to cleaning is pre-checked under Advanced on the Settings tab. In the event a false/positive should occur, using System Restore will quickly resolve the issue. I am not aware of any other antivirus software using that feature.
Another point is if anyone uses USB flash drives on public computers, I strongly recommend checking the box to "Scan removable drives". This option is not pre-checked so it is necessary to make that change.
BTW, I agree with the previous poster. It is "Grandpa" who is technically challenged in our house as well!
Corrine, The installation of
Corrine,
The installation of Microsoft Security Essentials used for this review did not have the System Restore option pre-checked. I've checked other installations in our home as well and did not find the option selected in those instances either. When we do a review it is done with the default settings. With that said, I do agree with you. Selecting the System Restore option is not a bad idea and would allow for quick correction in the event of a false/positive, as you said.
I also agree on the "Scan Removable Drives" and was surprised to find this not selected by default.
Thank you for your comment!
Perhaps that change was made
Perhaps that change was made during a version update. When I wrote about MSE, the option was pre-checked.
The internet porn industry is
The internet porn industry is hugely profitable. While Grandma / Grandpa or elderly aunt Ida might not go there, we can be certain that 15 year old Johnny or Susie might. The porn sights are notorious for viruses/spyware of one sort or another. While 13 year old is computer sophisticated to get rid of them in less than 10 minutes, there is always lingering question of what damage they do in terms of compromising computer security.
The public would want to know what computer anti-virus programs truly protect the user from viruses/spyware with these porn sites.
I have a friend who, several
I have a friend who, several times over the last few months, has gotten some kind of malware (ransomware that tells her she has a virus and this is the only antivirus that can fix it - and demands a fee to do so). It seems that this initial piece of malware somehow disables MSE and then allows other malware to invade her system. I have been using MSE since it first came available and have had no problem, but I wonder if this experience that my friend is having (which has repeated itself several times) is exposing a weakness in MSE. I wonder if other free antiviruses also have this apparent weakness.
This friend is many miles away and is not particularly computer savvy so she has to take the computer to the shop and pay a fee each time to get it cleaned. I was visiting one time when this occurred and I performed a system restore to fix things. (I did, however observe that MSE no longer showed in the notification area - not green, not yellow, not red) Perhaps a system restore is all the computer shop does also????
Hi, John Shelton. Yes, there
Hi, John Shelton.
Yes, there are rogues that disable security software, task manager, system restore, block valid security sites, and more.
Since your friend has had several recurrences of rogue installs, I suggest further steps to ensure that not only Microsoft Security updates are installed but that 3rd party software is also up-to-date (i.e., Java and Adobe software). (If additional assistance is needed, help is available at the ASAP and other linked sites from my SecurityGarden blog.)
As to what the computer shop does, I hope it is not merely a System Restore, although Windows 7 has a much more robust System Restore than Windows XP and Windows Vista.
Just curious... many
Just curious... many recommend that IE8 be utilized with MSE to gain optimal results with a more seamless 'approach'... smart screen, ....etal
I've been using Firefox+add ons for a few years and have been comfortable with its results... I suppose my question is 'do I compromise MSE by using Firefox 3.6 or not?
I read that IE8 should be
I read that IE8 should be used with MSE to enhance it effectiveness and seamless configuration with Windows 7... I've used Firefox for a few year and am happy with it... so, am I compromising MSE by using Firefox instead of IE8 ?
Using Firefox, Chrome, Opera
Using Firefox, Chrome, Opera is just fine as long as you update them to their latest versions on a constant basis. Do not believe in 'advice' like that. It is either bad marketing or false/deceiving advice. Use whatever browser fits your needs in a better way.
You do not compromise MSE by
You do not compromise MSE by using Firefox (fully updated to the latest version). You are more likely to jeopardize the security of your computer by not installing Microsoft and 3rd party (Adobe Reader, Adobe Flash, Oracle Java, etc.) security updates.
Thank You for response...
Thank You for response... I've always been reluctant to use IE8 because of its integration with the Operating System, AxctiveX installs and lack of comprehensive handling of 'Scripts'...
I use Firefox (latest Version) with 'AdBlock Plus', 'NoScript' and 'Better Privacy'... it was just difficult for me to believe that the new/improved IE8 (even with 'Smart Screen') was a worthy contender...
nevertheless, the MSE Forum Site 'swore' by it... but I guess that's what one would expect... I just wanted to be sure I hadn't missed 'the boat'...
BTW, I just stumbled upon this Website... very helpful... 'Kudos' to its creators... again, thanks... :-)
You'll find a lot of helpful
You'll find a lot of helpful information here at 7 Tutorials. You may want to subscribe to the newsletter. Just click on the envelope in the "Subscribe by" area in the upper right column.
As to IE8, it is a secure browser. Are IE8 and Firefox perfect? Absolutely not. Due to their popularity, both are more popular for malware writers than other browsers.
Personally, I use WinPatrol for controlling ActiveX (and much more). http://winpatrol.com/
Actually, there are ways to
Actually, there are ways to disable SpyNet. You have to change value of SpyNetReporting in Windows Registry to 0.
Thank you for your work in
Thank you for your work in evaluating these applications.
I see the extensive list of buy for Grandma, but is it in any sort of order?
Can we assume that the top of the list is the best and descending after that?
TIA, Alan
Hi Alan! The order in the
Hi Alan!
The order in the table is a bit on the subjective side. We don't have a grading system which would allow us to make such a list. In order to make a decision, it is better to read through the reviews and see the "good/not so good" points we highlight for each solution.
This way you get a better perspective of which security solution is more suited to you.
Thank you for your quick
Thank you for your quick response.
I figured that would be the case.
I wouldn't want to say "this is the best" and weather the storm of users not finding that to be the case in their own situation, and bitterly complaining about your recommendation.
Have a great day. Keep up the fine work.
Alan
Thanks for this great review,
Thanks for this great review, I have just bought myself a laptop as a retirement present, as Grandpa hogs the desktop. He is happy with XP and Word 2003 !!!
I didn't have to use much of my old "grey matter" to move up to W7 from XP and when my free version of McAfee ran out, I googled "best free antivirus" and kept coming up with MSE.
I was a little concerned with the interface, because it looked too simple (even for a grandma) compared with past experience with Norton and McAfee used at work. But I will stick with it and see. My laptop is wireless via Grandpa's router, so I know that gives me added protection.
I am also using Malwarebytes Anti Malware from habit, which I run thru manually once a week. My main concern was the issue of MSE not having a firewall, so I will take your advice and use W7's.
Yes Grandpa is the technically challenged one in our house on the computer, let's not even get into the discussion of who sets the Navman !!!
Keep up the good work you youngsters, I am happy to take advice from you, but don't tell Grandpa!! He thinks I'm smart and I want to keep it that way. He's still amazed that I can pick out a phillips head screwdriver from his toolkit.
Thanks a lot for the
Thanks a lot for the appreciation. We're happy we can help you! :D
Enjoy Windows 7 and don't hesitate to come back and read our tutorials, in case you need help in keeping your smartness about computers in front of Grandpa. :D
Add new comment