One of the systems that just sits here idling all the time in what the wife lovingly calls the Krebs on Security “command center” runs Microsoft’s free Security Essentials anti-virus and security tool. Late last week, I just happened to notice that for who-knows-how-long, a pending upgrade to the program has left that system “potentially unprotected,” according to Microsoft.
I’m not terribly concerned, as I don’t use that system to browse the Web. But if you depend on MSE, check to see if you’ve applied this upgrade, which brings MSE from version 1.0.1959 to version 1.0.1961. You can check the version number by clicking the “Help” tab on the right edge of the MSE main screen, and the selecting “About Microsoft Security Essentials.”
It took a little digging, but here’s Microsoft’s account of what’s new in this updated version of MSE:
The latest version of Microsoft Security Essentials includes improved messaging on the Update tab, improved scan reports on the Home tab, performance improvements, and enforcement of runtime Windows Activation Technology (WAT) in Microsoft Security Essentials.
More here. Unfortunately, this update comes with another attempt by Microsoft to check whether their customers are in fact software pirates. I would assume that people who are running a pirated version of Windows probably wouldn’t install MSE, but then again, we have seen time and again how Microsoft’s various anti-piracy checks often flag users who have purchased legitimate copies of Windows. I don’t fault Microsoft for trying to tackle the piracy problem, which is undoubtedly enormous in the Windows space, but at least now I understand why information about what was in this update or why it was being offered wasn’t so easy to find.
It seems that around the time Microsoft shipped this update, crooks peddling rogue anti-virus products began marketing a rogue app that mimics Microsoft’s Security Essentials offering. True to form, scammers never miss an opportunity to cash in on user confusion over updates like these.