But will users put their trust in Microsoft to protect them from viruses, Trojans, worms and other Internet nasties? Especially given that much of this malware leverages bugs that are present in Microsoft’s own code?
Microsoft Security Essentials isn’t the first time the Redmond giant has ventured into the consumer security market. Readers with long memories will remember that MS-DOS 6.0 shipped with Microsoft AntiVirus (MSAV).
This was a very basic scanner, capable of detecting 1,234 viruses. (Times were different back then, and MSAV saw only one update – compare that to the hourly updates that most packages receive nowadays).
More recently, Microsoft offered a commercial solution called Windows Live OneCare, a tool that incorporates both security features and easy access to Windows tools such as disk cleanup and defragger. However, with the announcement of Microsoft Security Essentials – code-named Morro – also came news that the plug would be pulled on Windows Live OneCare in June 2009.
I’ve had the chance to take a look at Microsoft Security Essentials and it seems like a decent enough product. It’s easy to install, the defaults are well thought out and it’s easy for users to figure out how to use the program. (Basically users don’t need to touch it until it catches some malignant bit of code trying to sneak its way onto their system).
I’ve even gone so far as to throw some malware at it – and it seems to cope with everything.
That said, my capability to test antivirus against malware is limited, but independent testing organization AV-Test.org labs looked at Microsoft’s new offering and were pretty impressed. All in all, it seems like Microsoft has gotten it right with this time, and Microsoft Security Essentials is a pretty good program.
Even for a product still in the beta stage, there’s no obvious show-stopping gotcha to be seen.
Note: Even though Microsoft closed the door on more downloads of Microsoft Security Essentials, you can still get your hands on the download files if you know where to look (clue: try here!).
Now, given that Microsoft Security Essentials will be a free download for everyone running a “genuine” copy of Windows (as determined by Microsoft), you’d expect it to be a smash hit. Why pay for a security product when you can pick one up for nothing?
You’d expect for the bottom to fall out of the security software market as users allow their yearly subscriptions to lapse and switch from for-cost to no-cost.
But that won’t happen. Why? It comes down to trust.
The problem facing Microsoft is that even among Windows users (in other words, leaving out all the Mac and Linux folks who might skew the results), the company is seen as having a bad track record when it comes to security.
In a world where people now have the choice of operating systems, many people are using Windows out of necessity rather than desire. While no code can ever be 100% bug-free, Microsoft’s bugs (and the continuous drip-feed of patches to plug up these vulnerabilities) affect a huge number of people.
Then there are the big name malware that make it to the popular media – Conficker, Storm, Blaster, Sassar, Melissa, Chernobyl … the list goes on and on. These A-list bits of malware give the impression of Windows being far more insecure than it actually is.
Each new news story gives people yet another reason to distrust Microsoft. So, when it comes to choosing a security vendor, choosing Microsoft starts to seem like a bad idea. After all, if you can’t trust the company to write good code in the first place, can you trust the company to provide more code to mitigate bad code?
I know that this is a gross oversimplification, and that antivirus is more about protecting the user from themselves than it is about protecting against external threats (directly at any rate). But people don’t think about things that deeply. This is why Microsoft’s Live OneCare wasn’t the raging success that Microsoft thought it would be.
But things are different this time around because Microsoft Security Essentials is a free product. Does this mean the end of consumer antivirus? No, but things will have to change, and change a lot.
If Microsoft Security Essentials is as good as is it seems to be, every Windows user will be entitled to basic malware protection for free. This will put a serious squeeze on companies that are currently selling the same thing for $20 – $30.
These products are going to have to evolve into something that offers the user a lot more. And after all, there’s plenty left to do. How about adding a feature that keeps an eye on the system’s patch situation (both Windows and third-party ones)? Or highlighting installed apps that contain a vulnerability? Or better network and device management? Or maybe even real-time sand-boxing?
On the positive side (for security vendors) is that very few companies offer only a basic antivirus package. Most offer packages that incorporate firewalls and other security features (such as integration with email clients). However, I still think that security firms are going to have to raise their game.
But what about the trust issue?
Well, because Microsoft Security Essentials is a free product, Microsoft is seen as the good guys, offering customers additional support and making their lives a little easier, as opposed to being opportunistic and cashing in on Windows bugs.
I don’t have any figures as to how much malware the average home user encounters in a year, but in my experience it’s not as much as some people think. (There is a small minority of users that do things that attract malware into their lives, and then there’s everyone else). Most people could install Microsoft Security Essentials and happily get on with their lives.
ALSO SEE: Windows 7 Review: Why I Like Windows 7