Downloading Microsoft Security Essentials via HTTPS
It's plain HTTP because all Microsoft software is digitally signed anyway; the signature is embedded in the .exe
file and verified by Windows on launch. (I seem to remember that this is a requirement for all files posted in their Download Center.)
Unlike HTTPS, signing the actual download also means you can check the signature everywhere (such as copied from a CD or a friend).
Being transmitted over SSL does not make the download more secure in the way you are thinking. SSL simply hides the data that you are sending and receiving. So for instance, if you are sending a credit card number or login over the internet, an HTTPS connection would prevent any peeper from knowing what the contents of the data you sent contain.
Transmitting a fixed file from an encrypted source would only be, at best, marginally better since the contents of what you are receiving are already public. Even if it was on HTTPS, if someone had the data of where you were transmitting/receiving to/from, they could still likely deduce what you are downloading.
Microsoft does not use HTTPS because you're not actually downloading the file from Microsoft's servers. The files are delivered using server which Microsoft does not own or control.
The download link you posted is just a redirect link, which on my machine eventually resolved to
http://mse.dlservice.microsoft.com/download/A/3/8/A38FFBF2-1122-48B4-AF60-E44F6DC28BD8/enus/x86/mseinstall.exe
If you play with the url and make it HTTPS you get a certificate error. The message in Chrome says:
You attempted to reach mse.dlservice.microsoft.com, but instead you actually reached a server identifying itself as a248.e.akamai.net.
Microsoft, like many other companies, uses Content Delivery Networks (CDNs) to deliver its files using server which are geographically close to their users. In this case Akamai is the CDN which is serving Microsoft's downloads.