Microsoft steps into free AV market

Posted by   Virus Bulletin on   Oct 2, 2009

Security Essentials release creates expected storm of words.

Microsoft's release of its free Security Essentials product this week sparked the expected barrage of views and opinions from all angles, from those hailing the release as the end of the AV industry to those slating the free product as inadequate and pointless.

The new release is designed as a pared-down, free-for-all replacement for the now defunct OneCare, and is intended to mitigate the global malware epidemic by providing protection to those least likely to have a solution in place. Users on lower incomes and in developing nations are hoped to be among those taking advantage of the free product, and its introduction should, its makers claim, reduce the number of infected systems pumping out spam and malicious attacks around the world. It is also hoped that the release will reduce the danger of 'rogue AV' scareware, which targets unprotected users in its attempts to con victims into installing its paid-for software, a threat currently rife on the internet.

While many have suggested that the appearance of Security Essentials on the scene may herald the demise of existing free-for-home-use solutions from the likes of AVG, Alwil (avast!), and Avira (AntiVir), and indeed the rest of the AV industry, others have pointed out the likelihood of healthy competition in the free AV market bringing increasing sophistication to these free products, while also encouraging those who have tried out free solutions to move up to more complete, full-featured products.

The suggestion that it will provide protection for the downtrodden masses has been countered with the argument that those with the urge to install free security have had plenty of options for some time, while those in less developed states, who are likely to be a major part of the botnet problem, are also likely to be running unofficial, unvalidated copies of Windows, which are not supported by the new Microsoft protection offering.

Initial reviews of the product have been generally favourable, with praise for its simple, pared-down design and usability, unobtrusive system impact and decent detection levels. The fact that the product shares a core engine and detection with Microsoft's corporate Forefront product - which has shown steady improvement in independent tests in recent years as Microsoft continues to invest in its security lines - bodes well for the product's static detection abilities.

However, some commentators have criticised the apparent absence of advanced features such as dynamic detection, with one Symantec representative describing the solution as 'behind the times' after a set of test results showed Norton providing superior protection. Microsoft responded by insisting the product does include some sophisticated behavioural monitoring and reputation-based technology, and suggested that the solution is only intended as a component in an in-depth, multi-layer security regime.

"It seems unlikely that this release will revolutionise the security world the way some people have been suggesting," said John Hawes, Technical Consultant at Virus Bulletin. "People aren't going to stop investing in quality security suites with firewalls, intrusion prevention, spam filters and parental controls just because there's another free bare-bones product available. However, with Microsoft's marketing weight behind it, it should hopefully find its way onto some of those untold millions of unprotected systems out there - it should provide decent protection for them and stop their systems spamming and attacking the rest of us. If Microsoft change their mind about not letting it run on pirated copies of Windows, it would make an even bigger difference."

VB will be providing an in-depth review of Microsoft Security Essentials in the November issue. Those interested in trying it out for themselves can find out more and download it from a Microsoft microsite here. Initial views and screenshots can be found in The Register here, with summaries of an early test by AV-Test.org here at The Register, at ComputerWorld here and in the Washington Post here.

More coverage is at ZDNet here. Symantec's blog entry attacking MSE, including a link to the full test report from Dennis Labs, is here, with news coverage here and a response from Microsoft here.

Posted on 02 October 2009 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

WannaCry shows we need to understand why organizations don't patch

Perhaps the question we should be asking about WannaCry is not "why do so many organizations allow unpatched machines to exist on their networks?" but "why doesn't patching work reasonably well most of the time?"

Modern security software is not necessarily powerless against threats like WannaCry

The WannaCry ransomware has affected many organisations around the world, making it probably the worst and most damaging of its kind. But modern security is not necessarily powerless against such threats.

Throwback Thursday: CARO: A personal view

This week sees the 11th International CARO Workshop taking place in Krakow, Poland – a prestigious annual meeting of anti-malware and security experts. As a founding member of CARO, Fridrik Skulason was well placed, in August 1994, to shed some light…

VB2016 paper: Uncovering the secrets of malvertising

Malicious advertising, a.k.a. malvertising, has evolved tremendously over the past few years to take a central place in some of today’s largest web-based attacks. It is by far the tool of choice for attackers to reach the masses but also to target…

Throwback Thursday: Tools of the DDoS Trade

As DDoS attacks become costlier to fix and continue to increase in both number and diversity, we turn back the clock to 2000, when Aleksander Czarnowski took a look at the DDoS tools of the day.