For most folks, FREE is a word that they makes their ears perk up.

Microsoft Security Essentials is a FREE anti-virus and anti-spyware offering from Microsoft. They bill it as a light-weight product that has a smaller footprint than commercial products. It is intended for the home user. It can be found at www.microsoft.com/security_essentials/

Obviously, it runs on the Windows platform. You’ve no doubt noticed the Mac bias from other posts. My interest comes from supporting the XP Pro notebook my wife uses and the Vista Home Premium notebook that one of my son’s uses. Other extended family members also use Windows.

The installation was amazingly simple. But, before the install, you should uninstall any other AV products you may be running. Go to the Security Essentials site and download the installer. Double-click on the downloaded installer program and follow the prompts. When the install is done, Security Essentials does an update of the signatures, and then you are encouraged to do a complete system scan. That takes a while.

The scan produces a report of any threats that are detected on your computer.

The Security Essentials console is arranged in a reasonable fashion. There is the Home tab which gives a quick overview of the state of AV protection on your computer. The Update tab allows you to force an update of signatures. The History tab let you see what threats have been found and the action that was taken. Finally, the Settings tab allows for modification of behavior of Security Essentials. The defaults are reasonable.

Following installation, I noticed that there are two new processes using memory. On my test XP Pro test machine, msseces.exe uses 11,820K and MsMpEng.exe uses 70,052K.

Very few CPU cycles are used when doing real-time protection. But, you will notice a performance impact when a full scan is running. This is similar to what you would experience with other products.

In summary, Microsoft Security Essentials was very easy to download and install. I found it simpler to use than competing free products like AVG Free. Several independent labs tested the efficacy of the product during the beta period. They all report sufficient detection and remediation of threats.

So, if you have a Windows XP, Vista or 7 computer at home and don’t want to spring for a commercial product, it looks like Microsoft Security Essentials is a winner!

- Dan

We’ve all let things slide. You have. I have.

Like the auto mechanic with bad brakes on his car. Or the home remodeler who never quite finishes the woodwork. Or the InfoSec pro who occasionally doesn’t follow his own advice!

Here is a list of some of the things I have advised others to do that I have occasionally not done – and that have caused me grief!

Clicking on unexpected pop-up windows – Yep, I’ve fallen for this one a couple of times. One time it resulted in a virus infestation that was a bugger to clean. Another time I clicked on a pop-up and suddenly my screen began filling with other pop-ups containing images of things that I’d rather not discuss here!

My remedy is two-fold. First, I turn the pop-up blocker on for each browser that I use. Second, if for some reason a window pops up, I generally just close it without clicking any of the buttons. Funny thing is that I use a Mac and most pop-ups are made to look like a Windows dialog box. It’s pretty easy to tell if it is legitimate, or not.

Assuming people know what I’m talking about – I have had many people ask my opinion or help with computer security issues. I used to give a very complete, and often highly technical, answer. The result of this generally is that eyes roll or glaze over and they say something like, “ok, yeah, Uh-huh”, but they really got lost about 10 seconds into my speech.

So, now I try to give answers that are simplified with one or two steps that can be taken immediately. Sometimes I even pull out a business card and write the steps down for them.

Outdated anti-virus – In another post, I made reference to a time when I had a worm that compromised my personal banking information. That was a result of outdated anti-virus on my computer.

I now ensure that the anti-virus software is current with both the application and the virus signatures. In addition, I make sure that anti-spyware software is also running as it should. At some point in the future, these two malware solutions will probably merge, but until then, they must both be kept updated.

Not patching the OS – This is kind of like polishing your shoes. You can see that it needs done, but it is hard to make the time to get it done. But, these patches are important. I used to think that I could manage this on my own and that I needed to let every patch have some time before I put it on my personal computers. But not any more. Too much malware is easily spread when the patches are not applied.

Now I have Automatic Updates turned on for each of my Windows computers. It is set to download the updates, and then install at night. This also covers my Microsoft applications that are installed. On my Mac computers I make sure that Software Updates are enabled and that each application is set to check for updates automatically.

No backups – This one hit me hard a few years ago. I had just converted to a digital camera and had all the new photos stored on a computer at home. It was a new computer and I kept thinking that I would get around to setting up a backup system. I never to this done before the drive crashed and I lost nearly a years worth of family photographs.I learned my lesson.

Now I use Time Machine backups on my Mac, and Shadow Copy on my Windows boxes. With both of these I really don’t have to think too much about backups, just periodically check to see if they are still running. No only are they good if there is a drive crash on the computer, but I can go to my Time Machine backup to recover a file that might have been accidentally deleted.

So, as you can see, I have made my share of mistakes. Learn from them. As Edmund Burke said, “Those who don’t know history are destined to repeat it.”

Don’t repeat the history of my mistakes!

- Dan

This following report came out on March 23, 2009. It reports that many people are falling prey to false warnings that “your computer is infected”, and then click the link to install some super anti-virus product that is really bogus.

Finjan: Bogus Anti-virus Is Big Business

I’ve helped many people remove bogus AV software from their computers.

Your small business should have a standard AV product that you use and users need to understand that they should *not* click on pop-ups advising them that they don’t have sufficient AV protection.

Later…
- Dan