Microsoft Security Essentials is an antivirus/anti-malware/anti-spyware application. It is free and runs on the Windows operating systems XP, Vista and 7.

This review is not going to concentrate on how much stuff MSE can detect but rather boiled down to a simple question:

Does it get in your way?

I’ll explain that further.

Applications specifically designed to protect your computer will at times will annoy you. These annoyances come in the form of slowing the OS down, overzealous protection where it prompts for every single thing you could possibly think of (even worse than the UAC for Vista,) interrupting the normal operation of other programs that use the internet and so on.

It reasons like this that some people don’t even bother running protection software because it literally gets in the way of normal computer use.

Here’s the stuff that matters concerning MSE. I used my main desktop, which runs Windows 7 Home Premium, to test with.

Installation

Quick. Very quick. No long drawn-out installation procedures of any kind.

Virus/Spyware/Malware definitions first download

No faster than any other suite of this type would provide.

First scan of PC for viruses

This took a while. Once again it’s on par for the course with other protection suites.

Interface

You know it’s running by a green castle icon in the taskbar:

I do appreciate its obvious nature. Green means good and the checkmark further drives home that point.

Double-clicking the castle icon brings up the interface:

This is a very clean, very easy-to-use app. Big tabs show very clearly where you are at any time. Scan options on the right are also very easy.

One thing I particularly appreciate is how easy it is to tell MSE to avoid stuff. This is located on the Settings tab.

I can easily define what I don’t want MSE to scan. On my PC I specifically have it avoid the mail profile directory for Mozilla Thunderbird because the real-time protection was slowing it down a bit. I’ll speak more on that in a moment.

In the Advanced part of settings you also have a few very convenient options:

Telling MSE to not scan removable drives is a huge plus. For example, if you have a USB stick full of photos, there obviously aren’t going to be viruses present on that storage medium, so there’s no need to scan it when connected to your PC.

Real-time protection

This is something many people avoid using in a protection suite due to the fact it can slow down Windows to a crawl.

The way in which MSE uses real-time fortunately does not do this. When real-time is enabled, Windows for the most part will still operate as it did without it – and that’s a big plus.

What does "for the most part" mean? It means that in certain instances you will notice little pauses here and there. This is something all protection suites with real-time protection do. Those pauses are the little scans the suite is performing.

For example, I noticed it in Mozilla Thunderbird when I would move an email from one folder to another. It wasn’t a huge pause by any means, but I did notice it.

My way around this was to instruct MSE (as seen above) to not scan the Thunderbird mail profile directory. At that point the pausing went away instantly. Yes, it’s true, my email is not being scanned but I can easily manually scan attachments and other mails that would appear from not-so noble senders (read: spammers.)

Easy right-click access

Right-click any file anywhere and you can scan it, like this:

The castle icon you see here is blue instead of green, but it’s still very obvious what the menu choice does and the visual cue makes it easy to find at any time.

When you scan, the app pops up and tells you if it found anything:

Once again, green means good.

Other protection suites have similar functionality with the right-click context menu, but the difference here is speed. MSE is fast. No grinding of the hard drive waiting for the app to pop up. You right click, you scan, and ta-da, it’s right there.

The scan works on individual files or entire folders along with its subfolders.

Does it get in the way?

I can say with confidence that MSE does in fact stay out of your way while still providing excellent protection against viruses, malware and spyware – and in addition keeps the user in mind in the way it operates.

I like it enough that I intend to keep it installed – and that’s saying a lot because I’m a very anti-antivirus type of computer user due to the fact I normally can’t stand protection software suites. MSE does not slow down my PC, nor does it get in my way. And that’s good enough for me.

Is MSE better or worse than other protection suites?

MSE’s single largest advantage is that it’s a Microsoft product and therefore runs very happily with the Windows operating system. I don’t believe it will add in any additional level of protection that other suites don’t already cover – but it’s a pretty safe bet that it will probably run faster.

On a final note, no, this is not Windows Defender 2.0, and I can prove it:

Defender comes provided with Windows Vista and 7. MSE supersedes that software and is a very notable improvement all around. It is far superior and "smart" enough to turn Defender off on install so MSE can do the job it’s supposed to.

Does this mean you stop using Defender when using MSE? Yes.

If you are the only person who uses a Windows 7 computer, one thing you can do is have your login information saved so you are automatically logged in when your machine boots up. To accomplish this, I am partial to the the Sysinternals Autologon tool (because it support any version XP and later), however you can configure this directly in Windows 7 as well.

While you can do this on any machine, due to the obvious security implications here, I would only suggest you do this on desktop machines where you trust everyone who has access to the machine. Yes, physical hardware access does trump any software security you have any place, but still you should be careful with using this.

KeePass has been recommended on this site several times as a password manager. One thing you should not overlook though is the ability to store text in its secure database.

For example, you can create a new entry called “Life Insurance Policy” and use the notes field to store your policy information. Additionally, you can use the built in expiration date reminder to notify you when your policy is about to expire.

Of course you can use this to store your bank/investing account numbers which you would probably have in the same entry as your respective login. However in the above example, you may not have a login so you would just need to store the notes.

Basically, anytime you need to store secure text, take a look at using your password manager program as it is designed to keep the data secure. While KeePass is the tool I prefer, I am sure other password manager programs can accomplish this as well.

In the context of this article, "account" refers to anything on the internet that requires a username and password in order to access it, such as a web-based email account, instant messenger account, and so on.

There’s an old word (if you could call it that) that’s been used time and time again in thousands of different I.T. departments across the world, and that word is PEBKAC, pronounced "pebb-kack." It stands for, "Problem Exists Between Keyboard and Chair."

PEBKAC accurately states the #1 reason why people get their account(s) compromised, that being end user stupidity and/or lack of knowledge.

Here are some classic examples of PEBKAC:

"My husband/wife and I use the same email account because it’s more convenient."

Not good. One of you is going to inevitably make a major error that will lead to you losing the email account in some way. It doesn’t matter how long you’ve gotten away with it to this point, nor does it matter how much you trust each other. One of you will screw up, probably very innocently with no bad intentions whatsoever. And when it happens (and it will,) bye-bye email account.

Email accounts should only be used per individual. Shared accounts is just a bad, bad idea because there are way too many things that can go wrong just from normal use.

"I use the same password for my email as I do for my online banking account, because remembering passwords is just too hard."

Dumb. This means if one of your accounts is compromised, so are the others. Why? Because you probably use the same username as you do password for all your accounts.

Solution to problem: Use KeePass.

"I keep my account information in a Notepad text file on my desktop."

Not smart. Okay, so you’ve got the right idea to at least keep track of your accounts, but in the worst possible way. Anybody who goes in front of your computer can open the file up as its in plain sight. And even if you’re the only one who uses your PC, if your hard drive crashes, your account info is gone.

Again, KeePass it. Store the database on a USB stick. It’s encrypted.

Here’s a few other ill-advised methods for your consideration:

• Using the browser to store all username/password information. Bad because anybody who uses your PC has access to everything, and I guarantee you’re not backing up your credential information.
• Using a browser bookmark synchronization service to store all username/password information. Also bad. The bookmarks supplied with account credentials are still on your local drive. You’re at least backing up your stuff, but are still poising your account information to be compromised from the locally cached copy.
• Setting site preferences to keep you logged in for more than 24 hours. Thankfully, online banking prohibits this – even down to an auto-logout after 10 minutes of inactivity. But other web sites do not do this. There are some (like Gmail for example,) that have a small checkbox that state to keep you logged in. I strongly recommend against using features like this, because I guarantee you’re never clicking the "log out" link but rather just closing the browser. This means somebody else can simply walk up to your PC, open the browser, go into the history to see where you’ve been, then have complete full access to whatever you were signed into just by clicking a few links. It’s all right there.

If you exercise basic common sense when it comes to your account information, the chances of your accounts getting compromised decreases dramatically.

I’m not saying to get all paranoid and lock down your PC like Fort Knox. What I am saying is that you should be aware of the simple ways (as outlined above) not-so honest people can get to your information.

By individualizing account credentials, using an external means of account information storage and routinely clearing your browser history, these simple steps add a rather good level of protection. No, it will not protect you from all means of ways an account can be compromised, but it’s a really good start.

On many download sites, you may see an MD5 checksum (or hash) included on the page next to the file download link. If you have ever wondered what this is and how it is useful, then hopefully this tip will help.

An MD5 checksum (you can read the full info on Wikipedia here) is basically a string of letters and numbers determined by the characteristics of a particular file. By making a small change to the file, a completely new MD5 hash string would be generated.

This becomes useful when you download a file because you can compare the MD5 checksum of the file you downloaded against what the download site says it should be in order to ensure the file is the same. If the MD5 result between the two files are different, then the file you have has been tampered with. For a good demo of MD5 and how you can use it, check out this YouTube video.

While MD5 is not 100% foolproof (nothing is), it is a very good way to make sure you are getting what you think without and “surprises”.

Whenever you do browsing to sites you are not familiar with, you always run some risk of the site not being “on the level”. If you do not go the route of script blockers, it is a good idea to have something watching your back. Web of Trust (WOT) is a tool that can fit this bill.

WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It’s easy and it’s free.

When you have WOT installed, it will check websites you are visiting as well as search results/links (on popular sites) so you can see if they are rated safe before you visit. Based on what I have seen, this site gets positive reviews from several sources, so I have no reason to question it.

Alliteration aside, the most popular firewall program I see recommended on this site, outside of the one built into Windows, is Comodo Firewall. While there is certainly nothing at all wrong with it, if you are looking to explore alternatives then PC Tools Firewall Plus is worth a look.

PC Tools Firewall Plus is advanced technology designed especially for people, not just experts. Powerful prevention against attacks and known exploits is activated by default while experienced users can optionally create their own advanced packet filtering rules, including IPv6 support, to customize the network defenses. All you need to do is install it for immediate and automatic ongoing protection.

Basically, everything you would expect to find in a firewall package is there. I imagine the difference between Comodo and PC Tools Firewall Plus would be small if any, so it would boil down to personal preference.

Has anyone tried both and if so, which one did you prefer?

For those of you who carry USB drives with utilities to help diagnose and clean other people’s machines, a utility you might want to take a look at is Dr. Web CureIt.

This is a FREE anti-virus and anti-spyware utility based on Dr.Web Anti-virus scanner, which will help you quickly scan and cure, if necessary, a computer operated by MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/2008/Vista/7 without installation of the Dr.Web Anti-virus.

Since the utility does not require installation, you could have it on your flash drive and run it as needed. This can be an ideal suppliment/alternate scanner to run in the event the machine already has anti-virus present.

Have you ever wanted to hide certain programs from people that may be looking over your shoulder? If so then the free program, Window Hider is for you.

You give Window Hider a list of programs and a shortcut key then when it detects you pressing that shortcut key it hides those windows in your list.

While the author makes the case of using this to hide programs from your boss (which I do not endorse by the way), I could certainly see this being useful for quickly hiding password programs or when you are looking at banking information on a browser.

Pretty much every current browser out there has the ability to save your user name and password information on different sites and then fill them in when you visit later. While this function is incredibly useful and convenient, it is important to remember it is not a substitution for a password manager.

Since this information is stored in your browser, it lives and dies with your browser data. While this is typically not a problem, there is always the chance this information could be corrupted with an upgrade/patch or even worse, stolen via malicious software or a browser exploit.

By using a password manager, such as KeePass, you are assured protection. Since these programs focus on keeping your password information safe, this is the most reliable way to store your sensitive information.

Whenever a platform is widely used, it is a big target for attacks. Take Windows, it is by far the most widely used OS so it makes sense there are more attacks on it than anything else. The same holds true for browsers and web platforms. So for those of you who use the popular WordPress platform for your blog, security should be a consideration.

To help with this, you can check out the Maximum Security plugin for WordPress.

Maximum Security for Wordpress is packed with strong protection that makes your site extremely secure. It guards against intrusion; tracks a plethora of events; blocks malicious content that could harm your readers and your search engine ranking; and includes a strong Web application firewall along with a full blown intrusion prevention system[.]

You can read the full list of features here. Any version of WordPress later than 2.5 is supported so even though this plugin is still in beta, it is worth taking a look at.

What is a keylogger? It’s something that records keystrokes and is normally used without the consent of the user.

You’ve probably heard that keyloggers are a bad thing. It is when used for illegal purposes, such as having a keylogger app installed without your knowledge via spyware. But it’s not a bad thing when you are the one who installed it to keep track of what people are doing when using your computer. For example, if you’re a parent who thinks your child is doing not-so-good things on the internet, you’ll be able to find out what’s been going on with a keylogger.

If you decide to use one, you can opt to use hardware or software.

Hardware

Above is a hardware keylogger from ThinkGeek. It connects directly to the keyboard connector, can be hidden easily and holds up to 128k of data. While that may not sound like much, bear in mind it’s all text so it is actually quite a bit. Additional features include password protection and keyword searching.

The only real drawback is that it is, as you can see, a PS/2 connector and not USB. However that can be easily remedied with an adapter should you use USB.

Cost is $59.99

There are other hardware-based keyloggers out there on the internet, just do a search for them and they’ll show up.

Software

You need not look any further than SourceForge to find freely available keylogging applications for Windows and Linux.

Best Free Keylogger, a.k.a. BFK, is one of the better ones.

Bear in mind you do have to set up appropriate permissions for this app, and if you use existing spyware/malware security software it may identify this app as "dangerous". Obviously it isn’t, so if you see the warning(s), give the app the appropriate security "pass".

Which is better, hardware or software?

Hardware is the better of the two because it’s not an app you can simply disable as it requires no software. The only way to disable the hardware is to literally unplug it.

Will either slow down my computer?

No. Either will run in the background seamlessly.

This is actually a very easy question to answer: No. And it never has been. But don’t freak out about it. More on that in a moment.

When I say that email isn’t secure, I’m not referring to the username/ password you use to access your account. That’s a local level of security. Email isn’t secure because the vast majority of it is transferred from sender to recipient using nothing but plain unencrypted text. It’s the transport method where the insecurity happens.

Any message sent across the internet unencrypted can be intercepted and read easily because there’s nothing to decode.

In addition, the routing process of each mail you send hops across so many servers that any number of people could intercept your mail.

Side note: If you want to examine exactly how many hops it takes to get from you to a particular server on the internet, this is done using the trace route function.

In Windows: Start / Run / type cmd / press Enter

If you want to know how many hops it takes to get to mail.yahoo.com, type tracert mail.yahoo.com and press Enter once at the command prompt. It will take a few seconds to go show all the hops.

Should you be concerned now, knowing that email is so insecure?

Not really.

You have to remember that each email you send or receive is one of countless millions transferred every day on the internet. The likelihood of your mails being intercepted are extremely slim at best.

There have been those who have tried to make email more secure.

The only method of secure email that has had some limited success is the use of digital signatures.

Using the Microsoft way, Outlook Express and the newer Windows Live Mail can use what’s called a "Digital ID". In Windows Live Mail this is found via Tools / Safety Options / Security tab, then look under the heading "Secure Mail", like this:

Clicking "Get Digital ID" brings you to Microsoft Offline Online, because these IDs are tied to not only email but MS Office products as well.

Oh, and by the way, Digital IDs are not free.

Using the free method, you can use PGP. It is a pain to use. The only email client I’ve ever seen do it right is Mozilla Thunderbird outfitted with Enigmail.

On the Enigmail home page, it states under the "What do I need?" section:

You need a supported email client, the GNU Privacy Guard (GnuPG), and a little patience.

Even they know it’s a pain to set up. And yes, I can vouch for this because I actually tried it out once for a few weeks. Sure, it works fine once everything is set proper, but it certainly not a 1-2-3 easy process.

"Are you saying the mail has to be tied to an email client in order to use these secure features?"

No. There is Hushmail. Email from that particular system is encrypted and freely available. It is the only one I know of that has encryption, is web-based and free.

However you have to bear in mind that even though your mail is encrypted, your recipients are most likely still using plain text.

In the end, email is insecure no matter how much you try to make it secure. But don’t lose any sleep over it.

As you probably are aware, websites can serve as hosts for malicious scripts. If you are not adequately protected, they can damage your system. One tool to help protect from these infected sites is LinkScanner.

LinkScanner Lite inspects each search result as it is returned to your browser. One of four color-coded icons will appear next to each result.

LinkScanner Lite also allows you to inspect any hyperlink on the Web, at any time, simply by right-clicking on it. LinkScanner Lite will perform its analysis and return a verdict.

This tool is included with AVG’s security tools, so you may already have it.

One note on this is it should be used responsibly. I would recommend you try to use only the on-demand scanner to avoid sending garbage traffic (via the pre-scanner) to websites you might not even visit.

If you have some sensitive information on your computer which are ‘for your eyes only’, it is important to make sure they are adequately protected. While you can apply broad security such as Windows permissions or through drive encryption (TrueCrypt, etc.), a simple and effective method is to compress them in a password protected zip file.

Any zip client worth its salt will allow you to create a password protected archive, so odds are you already have everything you need. Whenever anyone tries to open the the zip file, they will have to enter the password to continue. This is also a great way to securely transfer files over email. As with any protection by password, you will want to make sure you use a strong password.

If you have lots of files you are protecting, you can include them in a single zip archive. Additionally, you can set the compression method to low or none if you want to minimize the time it takes to save and load your files from the archive.