Microsoft steps into free AV market

Posted by   Virus Bulletin on   Oct 2, 2009

Security Essentials release creates expected storm of words.

Microsoft's release of its free Security Essentials product this week sparked the expected barrage of views and opinions from all angles, from those hailing the release as the end of the AV industry to those slating the free product as inadequate and pointless.

The new release is designed as a pared-down, free-for-all replacement for the now defunct OneCare, and is intended to mitigate the global malware epidemic by providing protection to those least likely to have a solution in place. Users on lower incomes and in developing nations are hoped to be among those taking advantage of the free product, and its introduction should, its makers claim, reduce the number of infected systems pumping out spam and malicious attacks around the world. It is also hoped that the release will reduce the danger of 'rogue AV' scareware, which targets unprotected users in its attempts to con victims into installing its paid-for software, a threat currently rife on the internet.

While many have suggested that the appearance of Security Essentials on the scene may herald the demise of existing free-for-home-use solutions from the likes of AVG, Alwil (avast!), and Avira (AntiVir), and indeed the rest of the AV industry, others have pointed out the likelihood of healthy competition in the free AV market bringing increasing sophistication to these free products, while also encouraging those who have tried out free solutions to move up to more complete, full-featured products.

The suggestion that it will provide protection for the downtrodden masses has been countered with the argument that those with the urge to install free security have had plenty of options for some time, while those in less developed states, who are likely to be a major part of the botnet problem, are also likely to be running unofficial, unvalidated copies of Windows, which are not supported by the new Microsoft protection offering.

Initial reviews of the product have been generally favourable, with praise for its simple, pared-down design and usability, unobtrusive system impact and decent detection levels. The fact that the product shares a core engine and detection with Microsoft's corporate Forefront product - which has shown steady improvement in independent tests in recent years as Microsoft continues to invest in its security lines - bodes well for the product's static detection abilities.

However, some commentators have criticised the apparent absence of advanced features such as dynamic detection, with one Symantec representative describing the solution as 'behind the times' after a set of test results showed Norton providing superior protection. Microsoft responded by insisting the product does include some sophisticated behavioural monitoring and reputation-based technology, and suggested that the solution is only intended as a component in an in-depth, multi-layer security regime.

"It seems unlikely that this release will revolutionise the security world the way some people have been suggesting," said John Hawes, Technical Consultant at Virus Bulletin. "People aren't going to stop investing in quality security suites with firewalls, intrusion prevention, spam filters and parental controls just because there's another free bare-bones product available. However, with Microsoft's marketing weight behind it, it should hopefully find its way onto some of those untold millions of unprotected systems out there - it should provide decent protection for them and stop their systems spamming and attacking the rest of us. If Microsoft change their mind about not letting it run on pirated copies of Windows, it would make an even bigger difference."

VB will be providing an in-depth review of Microsoft Security Essentials in the November issue. Those interested in trying it out for themselves can find out more and download it from a Microsoft microsite here. Initial views and screenshots can be found in The Register here, with summaries of an early test by AV-Test.org here at The Register, at ComputerWorld here and in the Washington Post here.

More coverage is at ZDNet here. Symantec's blog entry attacking MSE, including a link to the full test report from Dennis Labs, is here, with news coverage here and a response from Microsoft here.

Posted on 02 October 2009 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Guest Blog: Malicious Scripts Gaining Prevalence in Brazil

In the run up to VB2016, we invited the conference sponsors to write guest posts for our blog. In the second of this series, ESET's Matías Porolli writes about malicious Visual Basic and JavaScript gaining prevalence in Brazil.

Romanian university website compromised to serve Neutrino exploit kit

The website of the Carol Davila University of Medicine and Pharmacy has been compromised to inject a hidden iframe into the site's source code that serves the Neutrino exploit kit and may infect visitors with ransomware.

It's 2016. Can we stop using MD5 in malware analyses?

While there are no actually risks involved in using MD5s in malware analyses, it reinforces bad habits and we should all start using SHA-256 instead.

Throwback Thursday: Holding the Bady

In 2001, ‘Code Red’ caused White House administrators to change the IP address of the official White House website, and even penetrated Microsoft’s own IIS servers.

Paper: The Journey of Evasion Enters Behavioural Phase

A new paper by FireEye researcher Ankit Anubhav provides an overview of evasion techniques applied by recently discovered malware.