Microsoft Security Essentials
Microsoft Security Essentials is the latest avatar of Microsoft antispyware. It is a signature based free antimalware software that can be used to protect your system against potential threats, such as viruses, spyware, and other potentially unwanted software.
When you first install Microsoft Security Essentials you agree to become a part of this unfortunately named community of Windows Defender and Microsoft Security Essentials users. Microsoft SpyNet helps Microsoft in differentiating a malware program from a legitimate program based on inputs automatically collected from the Microsoft SpyNet members.
There are two types of memberships basic and advanced. As a basic member -which is the default- your copy of Microsoft Security Essentials “sends basic information to Microsoft about software that Microsoft Security Essentials detects, including where the software came from, the actions that you apply or that Microsoft Security Essentials applies automatically, and whether the actions were successful. In some instances, personal information might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or to contact you.”
An advanced member sends more information in addition to what is stated above and again “in some instances, personal information might unintentionally be sent to Microsoft.” Microsoft Security Essentials also collects standard computer information, which includes information about your computer software and hardware, such as your IP address, operating system, Web browser software, and version.”
The mandatory enrolling of members in the SpyNet community makes many people to see red and seek ways to disable Microsoft SpyNet without losing the functionality of Microsoft Security Essentials.
Blocking Microsoft SpyNet without losing functionality
According to Microsoft documentation “The online Microsoft SpyNet community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do. ” The community also helps stop the spread of new infections.
This means that if you block Microsoft SpyNet your choices in rating the programs that you run are NOT added to the community while you use other people’s choices to respond to potential threats. If you really want to do this, proceed further.
There are two ways to go about this. One is through editing the registry and the other is by entering couple of entries to your hosts file.
Block Microsoft SpyNet by editing the Registry
All caveats about editing the Windows registry apply here. Before you edit the registry, export the keys in the registry that you plan to edit, or back up the whole registry. How to back up and restore the registry in Windows
Type regedit in the run command box and press enter to open the registry editor. Navigate and select the following key on the left pane:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet
Now Click on the Edit menu and click Permissions to open the Permissions for SpyNet settings box. Select your user name in the Group or user names and check mark the box Full Control to Allow editing of this key. Note that this maneuver will give the selected user full control over the SpyNet key only.
Click Apply and OK your way out. On the right pane of the registry editor, right click SpyNetReporting and click Modify.
Change the Value data to 0 for no membership to Microsoft SpyNet.
- A value of 1= Basic Membership
- A value of 2= Advanced Membership
If you are successful in changing the value to 0, your Microsoft SpyNet screen in Microsoft Security Essentials should look like this:
Note both the boxes remain unselected.
Block Microsoft SpyNet using the hosts file
Microsoft Security Essentials and Windows Defender both use the following domains to communicate with Microsoft:
Add the following lines to your hosts file to blackhole the communication:
- 127.0.0.1 spynet2.microsoft.com
- 127.0.0.1 spynettest.microsoft.com
It doesn’t affect the virus and spyware definitions update as Microsoft Security Essentials uses Automatic Updates/Windows Updates for updates.
Did this work for you? Should we block Microsoft SpyNet? or do you think every user should participate in the Microsoft SpyNet online community keeping in mind the larger scheme of things to minimize the number of unprotected PC’s?
Are you paranoid enough to try both the fixes?
Update 08 Oct 2009 – According to Aaron Hulett | Microsoft Malware Protection Center “if you disable SpyNet, you’ll also disable Dynamic Signature Service” Re: Microsoft confirms Security Essentials to be released 9/29 – dslreports.com.
Dynamic Signature Service is a mechanism used by Security Essentials to query a designated server for signatures when it detects an unknown program. If it finds the signatures match a known malware, it downloads the signatures and removes the offender. On the other hand if the offending programs’ signature appears new, then the DSS may request a sample code from the client machine to create new signatures.
To put it in simple terms, this means that if you decide to opt-out of the Microsoft Spynet, Dynamic Signature Service will also be disabled and you will not be protected against the emerging threats.
Looking for more articles on Microsoft Security Essentials?
- Microsoft Security Essentials – What you need to know?
- Microsoft Security Essentials – How to download, Install and Update
- Microsoft Security Essentials – How to Set-up
- Microsoft Security Essentials – Real-time protection, Alert levels and Actions
Note: The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.