Microsoft Security Essentials 2.0 flips Windows Automatic Update settings

If you have Windows check for updates but not install, latest version of MSE may change your setting without permission

Microsoft released version 2.0 of Microsoft Security Essentials last week.

Microsoft Security Essentials, you may recall, is the antimalware product that Microsoft offers free to individuals and organizations with 10 or fewer users. It's the consumer- and small-business-oriented version of the engine that drives Microsoft Forefront Endpoint Protection. The new version of FEP is due next month.

At this moment, Microsoft Security Essentials 2.0 is not installed automatically. You can only get it by venturing to the MSE site, then manually downloading and installing it. Note that the Microsoft Security Essentials site doesn't even mention version 2.0. But if you click the Download Now button, that's what you'll get.

Last June, I blogged about a bug in an update to Microsoft Security Essentials that was making the rounds. Six months ago, applying the Microsoft Security Essentials patch flipped the user's Windows Automatic Update setting. If you had your PC set up to "Check for updates but let me choose whether to download and install them" (using the Windows 7 terminology), applying the MSE patch du jour in June flipped that setting to  "Install updates automatically." The installer's boorish behavior came as a rude awakening to Windows consumers who want to prevent willy-nilly patches from clobbering their sytems. I won't mention last week's Outlook 2007 zapping patch by name.

It looks like they're at it again.

I have independent reports from several Windows users, all of whom are running the latest, patched or almost-patched versions of Windows, that installing Microsoft Security Essentials 2.0 flipped their Automatic Update settings.

That's too bad. Microsoft Security Essentials 2.0 has much to recommend it. Microsoft claims it has much better means for scanning network traffic. It also claims -- this is borne out by observation -- that the already-slick MSE 2.0 engine runs even faster and less obtrusively.

Personally, I like the new option on the Settings Tab's Scheduled Scans section that throttles CPU usage. You can tell Microsoft Security Essentials that you want it to use only 10 or 20 percent of available CPU time when running its scheduled scans. By default, scans are scheduled for Sunday morning at 2 a.m.

I don't know about you, but when I'm working at 2 o'clock on a Sunday morning (it happens more frequently than I would care to admit), the last thing I want is for Microsoft Security Essentials to swallow up all my CPU cycles. It's better to set the throttle back to 20 percent or so, let Microsoft Security Essentials run in a leisurely fashion if I'm not up at 2 a.m. -- I don't care if it takes an extra 10 minutes -- but allow for the possibility that I may want to take over the CPU at that ungodly hour.

I also appreciate the fact that Microsoft Security Essentials 2.0 allows me to completely opt out of SpyNet, the information-gathering program that keeps track of the malware you've encountered and notifies Mother Microsoft with associated gathered data. I'm not overly paranoid about SpyNet, although I realize that some of my personal data may get shipped to Microsoft as part of a malware-zapping exercise. What I like is the option to leave the SpyNet grid entirely, even if the setting is tucked way back in the interface.

Bottom line: If any of your users are using Microsoft Security Essentials, have them download and install MSE 2.0. It's a good product, fast, reliable, 100 free -- and no nag screens, begging you to upgrade.

This article, "Microsoft Security Essentials 2.0 flips Windows Automatic Update settings," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.