Microsoft pulled the plug on its Windows Live OneCare security suite before it reached version 3. The company promised to replace it (sort of) with a slim, free tool specifically aimed at malware protection. The just-released Microsoft Security Essentials 1.0 offers consumers protection against malware, but in real-world testing it didn't impress.

The 8.5MB download installs in about a minute, but its mandatory update of anti-malware signatures can take 10 minutes or more. After updates, the full installation occupied over 170MB of disk space—more than I expected. The installer necessarily turns on automatic updates, which may pose a problem for advanced users who want to control exactly when Windows installs those updates.

A spare, simple interface uses bright colors to reflect security status. When it turns red to reflect a problem, it also offers a big button to correct that problem. Configuration settings are minimal; about the only one you might want to change is the day and time for the weekly scan. When the real-time protection module detects a threat it shows a small pop-up in the bottom-right corner. You can click a button to deal with the problem quietly or click a link for as much detail as anyone could want.

Average Malware Removal
Getting the product installed on all my test systems took hours and hours, but the fault was mine, not Microsoft's: I've been doing back-to-back suite reviews for months, and I let my test systems get behind on their Windows updates, so I had to bring them all up to speed before installing Security Essentials.

Malware acting as a proxy server blocked the update on one system. Downloading a self-installing update package on another computer solved that one. Many products will remove this proxy without correcting the system's proxy settings, leaving it with no connectivity. Security Essentials removed the threat and fixed the proxy settings; I was impressed. Overall, the installations went smoothly.

The product's beta version warned that a scan might take a few hours; the release version says a few minutes. It still took over an hour on many infested test systems. A full scan of my standard clean system took over 45 minutes, well over the 30-minute average. A repeated scan was no faster.

Security Essentials scored 7.0 of 10 possible points for malware removal. That's just average, although it's only one full point below the top-scoring Norton Internet Security 2010. It detected 92 percent of the threats but left behind many executable files. A couple of threats were still running after it supposedly cleaned them up. In a separate test using commercial keyloggers, it scored a dismal 1.6 points. Only Malwarebytes' Anti-Malware 1.36 with 0.5 point and FortiClient Endpoint Security Standard Edition 4.1 with 0.7 have scored lower.

I analyzed the product's ability to detect and remove rootkits, drawing from both the malware and keylogger categories. Security Essentials boasts live kernel behavior monitoring and other features that should help against rootkits—they didn't. It only detected two-thirds of my rootkit samples. Two were still running and one still functioning as a rootkit after attempted removal. Its antirootkit score of 3.7 is way below average.

Microsoft has publicly warned about the growing problem of rogue security software, called "scareware." I broke out a separate score specifically for scareware samples and found that Security Essentials scored just 4.5 points, another below-average result.—Next: One-Dimensional Malware Blocking