Microsoft is set to release a public beta of its free anti-malware software, now called Microsoft Security Essentials, but formerly known as Morro. The product will be available on a Microsoft download page from next Tuesday.
Although Microsoft was vague about a final ship date - saying only that it would wrap up sometime this year- the company made it clear that it would deny the program to PCs running counterfeit copies of Windows.
Microsoft pitched Security Essentials as a basic anti-virus, anti-spyware program that boasts a simplistic interface and consumes less memory and disk space than commercial security suites like those from vendors such as Symantec and McAfee.
"This is security you can trust," said Alan Packer, general manager of Microsoft's anti-malware team, when asked to define how it differs from rivals, both free and not. "And it's easy to get and easy to use."
He stressed the Security Essentials' real-time protection over its scanning functions, which are both integral to any security software worth its weight. "Rather than scan and clean, which it also does, it's trying to keep you from being infected in the first place," Packer said.
One of its most interesting features is what Microsoft calls "Dynamic Signature Service," a back-and-forth communications link between a Security Essentials-equipped PC and Microsoft's servers.
If Security Essentials detects something suspicious, whether code or behaviour, but can't pin either to a specific piece of malware, the software "phones home" to Microsoft servers to relay a short burst of information.
"If it sees something new, like a new binary, the client queries the back end," Packer said. "The server can then ask for a sample, which the client sends as a hash." At that point, if Microsoft has created a signature for the threat, that signature is immediately pushed to the PC. Security Essentials will ask the user's permission before sending a sample, Packer noted.
Security Essentials is the first Microsoft antimalware product to use Dynamic Signature, and the feature will be added early next year to the enterprise-grade Forefront line. "We actually identify [the things that trigger a 'phone home'] fairly loosely," Packer said. "We have a list of known good software, of course, but outside that, if a program is doing things like hooking Autostart points in the registry, or trying to kill other processes, Essential will query the servers."
http://www.techworld.com/security/ne...&NewsID=117714