Microsoft today officially announced Microsoft Security Essentials (MSE), its free, real-time consumer antimalware solution for fighting viruses, spyware, rootkits, and trojans. Currently being tested by Microsoft employees and a select few testers, MSE is Microsoft's latest offering intended to help users fight the threats that plague Windows PCs.

Microsoft notes that the threat ecosystem has expanded to include rogue security software, auto-run malware, fake or pirated software and content, as well as banking malware, and the company is aiming to help the users who are not well protected. A beta of MSE will be available in English and Brazilian Portuguese for public download at microsoft.com/security_essentials on June 23, 2009 for the first 75,000 users. This is a target number, but Microsoft is willing to increase it if necessary.

After the first beta, Microsoft will release a second public build, either a Beta Refresh or a Release Candidate, for the summer. Finally, Microsoft is aiming to release the final product in the fall, though it may adjust that based on feedback. MSE will be available as standalone 32-bit and 64-bit downloads for Windows XP, Windows Vista, and Windows 7. Microsoft has always recommended that its users use real-time antimalware protection, but the release by the end of this year will mark the company's first free solution.

MSE was previously referred to as codename Morro when Microsoft first revealed it in November 2008. The announcement came as the company surprised everyone by saying it would be phasing out the pay-for Windows Live OneCare in favor of a free security solution. Sales of the Windows Live OneCare subscription service as well as Windows Live OneCare for Server on SBS 2008 are scheduled to end at the end of the month.

While OneCare offered a Managed Firewall, PC Performance Tuning, Data Backup and Restore, Multi-PC Management, and Printer Sharing, MSE is really closer to Forefront Client Security, Microsoft's antivirus product for the enterprise.

Features and performance

Microsoft touts five features of Microsoft Security Essentials:

Remove most-prevalent malware

Remove known viruses

Real-time anti-virus protection

Remove known spyware

Real-time anti-spyware protection

You'll likely notice that the last two features can be attributed to Windows Defender, which is offered as a standalone download for Windows XP and Windows Server 2003, ships with Windows Vista, and will ship with Windows 7. During the MSE installation, Windows Defender is actually disabled as it is no longer needed with MSE installed. Nevertheless, the UI was based on Windows Defender's, and Microsoft emphasized that keeping the UI as simple as possible was very important. Below you can see two screenshots, with the first showing MSE when everything is nice and dandy while the second shows that a threat has been detected. While users can choose to clean the threat from the main MSE window, the more likely scenario is an alert popping up and a user choosing to clean the threat straight from the alert with a single click.

MSE's engine is actually identical to the one that ships with Forefront Client Security; in fact, Microsoft uses the same engine for all of its security products. Thus, engine updates to MSE will be delivered at the same time as they are delivered to Forefront. Signature updates, on the other hand, can be delivered at different times and frequencies than Microsoft's other security software. New virus signatures for MSE will be downloaded automatically on a daily basis.

One of the most interesting features for MSE is Dynamic Signature Service (DSS). When MSE detects that a file is making suspicious actions (such as unexpected network connections, attempting to modify privileged parts of the system, or downloading known malicious content) and there is no virus signature for it, MSE will send a profile of the suspected malware to Microsoft's servers. If there is a new signature for it, one that has yet to be sent out to the MSE client, MSE will be told how to clean the file. It should be emphasized that this communication will only occur for malware found that is not in the current signatures. This is a completely new feature and indeed the next version of Forefront will also use DSS.

The actual security aspect aside, the most important part of security software is undoubtedly performance. Since MSE doesn't include many of the features of OneCare, this is an area that Microsoft has a chance to excel in. In fact, the company includes three features in MSE to keep it light: CPU throttling (the system will remain responsive to the user's tasks), idle-time scanning (scans and updates use a low-priority thread and only run when the PC is idle), as well as smart caching and active memory swapping (virus signatures not in use are not loaded into memory).

It should also be noted that MSE is very small; when MSE first leaked out yesterday, we noted that the installer sizes range from just over 3MB to just over 7MB (the folder installed takes up about 11 MB). The leanness of MSE is also evident when looking at the system requirements:

For Windows XP, a PC with a CPU with clock speed of at least 500MHz and at least 256MB of RAM

For Windows Vista and Windows 7, a PC with a CPU with clock speed of at least 1.0GHz and at least 1GB of RAM

VGA (display): 800x600 or higher

Storage: 140MB of available hard-disk space

An Internet connection is required for installation and to download the latest virus and spyware definitions.

One other thing we noticed yesterday was that genuine validation was required during the installation of MSE. This seems slightly counterproductive since MSE is targeted at those who cannot pay for security solutions. These consumers are also likely to have pirated Windows instead of paying for it, and thus cannot use MSE because their copy is not genuine. Such a user will then either remain without a security solution or will decide to use another free alternative.

When Ars asked about this, Theresa Burch, director of product management for Microsoft Security Essentials, responded that Microsoft's intent is to drive the market towards PCs with genuine copies of Windows, obviously for the sake of the bottom line, but also for the sake of security. Microsoft maintains that nongenuine copies of Windows are more likely to be compromised because they tend not to have the latest updates and they can be malware-ridden from the start. Further, she emphasized that Microsoft's intent is not to convert consumers from other security solutions and that the main goal is to keep consumers secure, regardless of whether that means using Microsoft's security solutions or third-party ones.

One last thing Ars discussed with Burch was the "Essentials" branding. We've seen it before with Windows Live Essentials, but Burch says MSE will not be included in this suite, even though non-Windows Live applications like Silverlight are included. Microsoft is likely aiming to release MSE in time for Windows 7 (slated to arrive on October 22), but unlike Windows Live Essentials, Burch says there will be no download link for MSE included in the final version.

This is a curious decision given that Redmond wants to push MSE out to all those that currently do not have a security solution (between 50 and 60 percent of Windows users, according to Microsoft). Nevertheless, it can be quite easily explained: Microsoft wants to avoid antitrust issues. MSE will be available for download directly from Microsoft, but the company will have to advertise it one way or another because these users aren't exactly going to flock excitedly to download a security suite, regardless of how bad or good it will end up being. For now, MSE looks like a surprisingly solid free product, but we will reserve further judgment until the product makes its way out of beta.