Much to the AV community’s surprise (and in some cases, chagrin) Microsoft’s free-to-download Security Essentials turns out to be half decent, a step up from the ‘why would anybody bother’ mediocrity of Windows Live OneCare, which Microsoft could never make a cent out of.

Even testing magazine Virus Bulletin quite likes it, declaring it stable, fast in terms of scanning speed, and achieving 95 percent detection rates when pitted against the magazine’s demanding RAP (Reactive and Proactive) malware list.  Basic it might be by today’s standards, but bad it isn’t.

One interesting feature is the inclusion of the system restore setting in Security Essentials, something that is a separate component in other versions of Windows. This makes its role hitherto low-key role in security more explicit.

What they have tended not to mention are its quirks, which might or might not bother some users.

The first is that it cannot be fully turned off, or at least not easily. There is no simple option to de-activate the program and even closing the main process for the MsMpEng.exe is futile as the program bounces straight back into memory after a few seconds. De-activating real-time scanning leaves the memory footprint unchanged.

The only way to stop it is to run Task Manager and close the whole process tree repeatedly after first de-activating real-time protection, an inconvenient way to manage the program. There are various reasons why a user would want to stop AV temporarily, not least in order to run a program or game that needs all the memory it can get in a 1GB XP system, say.

That brings us to the second issue, Security Essential’s memory usage, which reports as being around 50MB on a 32-bit version of XP. But that’s just MsMpEng.exe itself, and doesn’t include the sundry processes such as system restore which raise the usage to around 120MB-140MB, equivalent to 10-15 percent of physical (as opposed to system) memory on an XP PC with 1GB installed. That’s a heavy burden, even though the CPU load is low.

Another element that might bother some users is the SpyNet, which even in the most basic of the two settings gathers data on the files being detected by the program for analysis by Microsoft. Not everyone likes this but it seems defensible to me. The only chance AV companies have today to keep even vaguely in touch with the daily barrage of malware is to cull real examples from the PCs of users.

It’s not dissimilar to Panda Security’s decision to start offering a free cloud-based anti-virus program, which is more of a giant system for detecting malware for use, ultimately, in the paid-for products. The assumption is that a smaller number of paid users can be supported, in part, by free versions that hoover up data on threats.

A more in-depth review can be found here.