Microsoft SpyNet is a cloud service that allows the users of Microsoft Security Essentials (MSE) or Forefront Endpoint Protection (FEP) to send reports about suspicious software and programs to the Microsoft Malware Protection Center (MMPC) researchers.
When this information is reported, definitions for previously unknown threats can be created and distributed, minimizing the time that a new threat is spreading in the wild before protection is available. This is called as Dynamic Signature Service. Older clients, like FCS and Windows Defender, also participate in SpyNet, but to get the full benefits of SpyNet, which includes Dynamic Signature Service, you should move to MSE or FEP.
Additionally, when your MSE or FEP client reports new malware to the Microsoft SpyNet cloud service, the Dynamic Signature Service can recognize when a definition is available but not yet released, and deliver that definition for that specific threat in real-time from the cloud. Upon delivery of the dynamic signature, the threat will be detected and can be removed from the system.
There are two types of memberships – Basic and Advanced.
With a basic membership, MSE automatically sends information back to Microsoft about spyware, potentially unwanted software, and software or changes by software that has not yet been analyzed for risks.
With an advanced membership, MSE sends more detailed information about detected software and alerts you when it detects software that has not been analyzed for risks. It also collects and send out such information such as your IP address, operating system, Web browser software, etc.
You can chose to remain a basic member or join as an advanced member of SpyNet.
You can change the recommended Microsoft membership setting (from basic to advanced and back) at any time by using the options provided in Microsoft Security Essentials. While MSE does offer the option to opt out of joining SpyNet, the Microsoft Security Essentials 2010 Privacy Statement states that to continue using Microsoft Security Essentials, you will need to remain a member of this online community. I have asked for and am waiting for a clarification about this apparent contradiction!* If you are interested you can also download the Microsoft Forefront Endpoint Protection 2010 Privacy Statement.
Watch the video Microsoft SpyNet and the Dynamic Signature Service in action here.
*UPDATE: We have received clarifications:
1) Says Kim Ditto-Ehlert of Microsoft:
The privacy statement is in the process of being revised – you can continue to use MSE while opted out of SpyNet.
2) Security MVP and TWCF Mod Corrine Chorney has also received a clarification:
It has been confirmed that MSE will still work if the selection to opt-out of SpyNet is selected. However, as stated, if “I do not want to join SpyNet” is selected, there will not be an alert if unclassified software is detected.”
It is important to note that without an alert, if “Low alert level” is set to Allow, potentially unwanted software will be allowed to install. As defined in Understanding alert levels.
“This software is typically benign when it runs on your computer, unless it was installed without your knowledge. If you’re not sure whether to allow it, review the alert details, or check to see if you recognize and trust the software publisher.”
Since it could be a new variant of a rogue or some other malware, it will not be submitted for analysis and the computer infected. Thus, the strongly recommended action that the minimum setting for users of MSE be Basic membership.
The MSE Team has been notified of the discrepancy in the privacy statement.