Microsoft is releasing a beta of their new antivirus product. Previously Microsoft announced that they would discontinue OneCare.
The choice of the name “Security Essentials” is amusing. I’m not in the camp of those who think that you can’t have “Microsoft” and “security” in the same sentence, but just the same, Microsoft does say “If you already have antivirus software installed you probably don’t need this service.” That doesn’t sound much like an essential to me!
The other amusing aspect is that the name is “Microsoft Security Essentials” which is plural. Anti-virus is only one aspect of security.
All jokes about the name aside, Microsoft hopes that their free solution will get people who currently do not use antivirus software to install the Microsoft offering. Given the numerous choices for free antivirus software out there, I do not see how this will be effective, but more power to Microsoft for trying.
I addressed the potential impact of Microsoft entering the antivirus industry at the Virus Bulletin conference back in 2006. Back then I predicted that this would have little impact on the market and it has had little impact, except for pricing. OneCare introduced a 3 PC pricing model that some other vendors have followed. OneCare was almost free and I don’t see a free offering changing the landscape much.
I am reminded of an ad I once saw for Shoei motorcycle helmets. The ad said “If you have a $10 head wear a $10 helmet.”
At ESET we are confident that an abundance of consumers will continue to choose a quality product based upon the track record, performance, effectiveness, and support, rather than simply choosing what is free.
The word “Microsoft” makes this a news story, not much else does though.
Randy Abrams
Director of Technical Education
June 23rd, 2009 at 1:39 am
Hi there
I will agree and disagree with you.
First, Morro is not free. To use it, you need to buy OS first. So MS customers just received more for their money, what can be better?
Second, Morro is a low-end product. So it is not intended to compete with full-scale commercial security suites. I’m not comparing the speeds of sportcar and bike due to fact they both have wheels. Each one have it’s use, and suits best for it.
And third, I (as an experienced user) will not replace my current AV to this new MS product. I personally don’t have enough trust in beta version of first MS maybe-good security solution. But new users now have more options to choose, and Morro will be a good product to start from.
Good luck,
Alex.
June 24th, 2009 at 9:58 am
AFAIK, Microsoft had entered the AntiVirus industry back in DOS era (it was called MSAV). MS just re-entered it.
June 24th, 2009 at 11:04 am
MSAV was bundled with DOS 6: we’ve talked about it elsewhere (http://www.eset.com/threat-center/blog/?p=1198, for example, and http://www.eset.com/download/whitepapers/RandyAbrams_VB2006.pdf). However, Microsoft have been back in the anti-malware industry for a while: this is a new(-ish) product rather than a re-entry.
June 26th, 2009 at 11:05 am
I use Eset NOD32 AV protection and will continue to do so. However, for my dad who refuses to buy software (he uses only free apps), this is a good thing, since right now he doesn’t have an AV application installed.
June 26th, 2009 at 11:19 am
Fair enough. From that point of view, it’s a good, responsible act for any vendor to supply a free product for the use of people who wouldn’t actually pay for one. (This is one of the reasons we provide a free web-based service.) As long as he doesn’t expect more from the product than it’s actually likely to deliver.
June 26th, 2009 at 12:52 pm
I’m not sure why your dad would use Microsoft Antivirus if he isn’t using AVG, Avast, or Avira, which are all good products too and are also free.
July 14th, 2009 at 2:24 am
AV-Test: Windows Security Essentials ‘Very Good’
Though I have not been directly involved with Morro (or any other anti-malware products), I am excited to see Morro (Microsoft Security Essentials, http://www.microsoft.com/security_essentials/) reach the next stage of development by releasing as a Beta package.
I personally think that Microsoft Security Essentials is a significant step forward in helping make the Internet a safer and more trusted experience for the average user. That may seem strange, given how long the industry has been around and given that there are already several free antivirus solutions available, for those that have even a slight technical interest in finding them.
I’ve shared my experience and opinion in the past about how the business anti-malware industry drives vendors to optimize towards businesses and away from consumers, so I won’t dig into that, but I do think there are some key points worth reviewing.
1. Barriers exist for “home user” protection. Unfortunately, many barriers to quality PC protection remain for consumers, both in mature and emerging markets where many threats originate. If you are the “free IT support” for your family and friends, then you already know what I’m talking about.
My Mom’s PC came bundled with trial security bundle where different components were fully enabled for some months, while other protections were partially enabled and yet other components required an upgrade to be enabled. Bottom line? Customers are confused by trials and annual subscription renewals, in many cases believing their PCs are covered when in fact their subscriptions have expired and they are not protected.
And also, let’s be frank, certain members of my family are just never going to pull the trigger on some of the online subscriptions that are available, even if they could figure out which ones are legitimate and which ones are actually disguised malware or unwanted software. And upgrades or updates? Please.
2. Threats continue to grow and evolve. E-mail threats continue to grow and evolved and since many of these are now blended threats involving web sites and some aspects of social engineering, they are even becoming more platform agnostic. By some measures, over 97% of e-mail messages sent over the Internet fall into the “unwanted” and unsolicited category.
Of course, since my Mom and yours are more aware of security issues than they were 10 years ago, malware developers have begun heavily leveraging “fake security software” and social techniques to target consumers and get them to voluntarily deploy their unwanted software. By providing an easy to find, easy to deploy solution from a known brand like Microsoft, Microsoft Security Essentials can help provide some basic, well, essentials to help fight this issue.
3. Too Many Users Need More Protection. Ultimately, the evolution of threats and the barriers for home users combine to create a situation where many users need more protection. This is not just a threat to those users, but represents a threat to the broader ecosystem when these systems are at risk of catching and spreading malware.
Key Principles
I’ve talked with the product teams about their driving principles and I think they are spot on for what home users need:
Essential Features that are necessary to enable a safer and more trusted Internet experience.
Real-time and scan detection and cleaning
Live Kernel Behavior monitoring (leveraging technology acquired from Komoku)
Improved anti-stealth functionality – (‘rootkit revealer’ style scanning)
Rootkit removal
Standalone boot scanning (boot to a preinstall environment to scan while completely inactive)
Frequent Dynamic Signature updates
Dynamic update capability (no wait for next “full signature” release)
Heuristics with pre-execution program emulation
Ability to quickly address false positives with the dynamic update capability
Easy to Get, Easy to Use
Will be easy to find from a trusted location on microsoft.com
No cost, not trials or expirations
Smart default configurations including a dark hours update schedule
Daily updates
Quiet Protection
Lightweight design, tuned for performance
CPU throtting
Fewer interruptions – no “information only” UI, only when action is needed
Deep and Broad Research Team
Led by Vinny Gullotto (long time personal colleague back to our days at McAfee)
One of the best, most experienced anti-malware research teams in the industry, built up by Vinny over the past few years. Truly, though Microsoft has been in this space a short while, the team members that Vinny has assembled have been helping make the Internet safer for pretty much forever.
Final Comments
Let me emphasize that this is just a Beta, so hopefully there will be warts. Yes, I say hopefully, because the purpose of a Beta is to get a lot of folks engaged to find those warts and report them so that they can be fixed before the product is released. Having said that, my next step is to install Morro on my home computers tonight and see if I can talk my Mom through installing it on her home machine 2000 miles away. Those two experiences should give me some great feedback that I can feed to the Microsoft Security Essentials team to help improve the Beta for final release. I’ll likely share those experiences with you here on the blog.
I also ask you to try it out and share your thoughts and feedback with me. I have a fair amount of product management experience and I’m happy to distill your various feedback down into some core requirements and then deliver it directly to the product team.
This is that latest in a series of steps over several years that I think is helping make tangible progress for making the Internet safer and more trusted for many users:
Lots of security improvements in Windows XP SP2. Remember the days before pop-up protection was introduced into IE6 in XP SP2? Remember when you kept the personal firewall turned off?
Windows Defender. Breaking ground for Essentials, Defender helped raise the bar even it it’s Beta stage.
Defense-in-depth security features in Windows Vista and the upcoming Windows7. Say what you want about Windows, security researchers and data are showing that it raised the security bar.
July 26th, 2009 at 6:23 am
If downplaying is Eset’s only strategy, I think it shows that ESET is not taking competition seriously, or simply trying to feel good in its niche. I do think ESET NOD is a good product, but it’s also a premium product with no “free” version. The last time I wanted to get a full version once my trial expired, I also found out it too expensive, so I switched to Avira free. Maybe it’s time ESET start charging less so it may be a viable “upgrade” from Microsoft Security Essentials, esp. in the day and age of “Freemium”.
As much as one likes to make fun of Microsoft, one can learn from Microsoft itself, whose Office 2007 was released in a more affordable Home and Student version to compete against OpenOffice.org.
July 26th, 2009 at 11:00 am
Actually, like many vendors, we have a free web-hosted scanner (ours is at http://www.eset.com/onlinescan/) and free trial versions (at http://www.eset.com/download/index.php). Personally, I’ve no problem with vendors who provide free versions for home users, as long as those users realize that what they’re using is unlikely to have all the features of the for-fee version by the same vendor, and will not be fully supported.
Clearly, a limited but free version is a viable marketing strategy that gives users who aren’t prepared to pay for full-strength product more security than they would have otherwise.
Clearly, it’s also possible to learn from Microsoft: Adobe clearly have.
However, Microsoft’s position is rather different to ours: security software is a pretty small component of their product range. Actually, I think there’s a bit more to their long-term strategy than has been evidenced so far, but I’m not prepared to downplay that -or- panic over it.
August 1st, 2009 at 8:53 am
Free products are great for the cheap or for people who legitimately can’t pay, but to me, Nod32 has been worth every penny I’ve paid for it in the last few years. I’ll be renewing for another 2 years very soon, and I’m happy to do it. I’ve used a few different AV products over the years, and this one is by far the best, nothing else even comes close.
August 2nd, 2009 at 9:05 am
Thanks, Steve. I don’t often approve comments that say how good we are: not because it isn’t true (;-)), but because it’s hard to convince some people that we don’t write those comments ourselves. But in the context of this thread, I think you make a good general point. When you use a good free anti-virus package, you certainly get more than you pay for. But in general, you’ll get more features and support from a for-fee product.
August 2nd, 2009 at 1:26 pm
I am using NOD Smart Sec. latest version and yes it is doing very very well 4 me, but honestly I’ve been hearing a lot about MSE.
I have friends who r using it, i live in Egypt and i bye all genuine, i’ve been following u around a little David, u r honest and not raciest
so why shouldn’t i use it and it is for free and can catch Trojans Nod can’t?
August 3rd, 2009 at 2:02 am
Hi, Jimmy. I’d like to think that I’m honest and not racist, and no-one has ever accused me of being racy.
I’m not saying that you shouldn’t use MSE, if it meets your needs (and assuming you meet the criteria, of course: there are usually restrictions on who is allowed to use free products – I can’t say anything about the MSE beta, since it wasn’t made available to people in the UK). I would hope that you’d get more comprehensive protection from a paid-for product like ESET Smart Security, but I wouldn’t presume to decide for you whether the cost outweighs the benefits.
As for catching Trojans, I think you’ll probably find that all products detect some malicious programs and miss others. I don’t think you should expect AV to catch all malware, however much you pay for it. When you pay for a product, you’re paying for good but not infallible detection, which you will also get from a good free product (I’m not talking here about the not-so-good free products, let alone rogue anti-malware products). But what you’re less likely to get from a free product is multiple layers of protection, and active support.
August 12th, 2009 at 1:10 pm
security essentials is really great i think the anti virus industry’s are being unreasonable they say we need web protection and a fire wall well we do but the browsers like fire fox ie8 protect us from those sites 99% of the time!!!! and yes we do need a fire wall but we can get a free fire wall from comodo its the best fire wall there is and its free! so you know what i don’t want to here any body talking bad and ripping Microsoft apart. it only makes the people look bad that do it. and norton is losing money! badly there offering free movie tickets with the buying of there product.
August 13th, 2009 at 2:31 pm
i love free products like avira i really don’t like avg it dose not give rootkit protection also security essentials has detected all 3200 threats on PC world. and with a zero false positive rate that’s really good for a beta i think security companies are in for a real challenge. Norton i think is hurting because there giveing free movie tickets with the buying of there product. i think eset is really good and they can pull it off but security essentials is hard to beat. with a zero false positive rate.
http://www.pcworld.com/article/167325/microsoft_security_essentials_the_first_test_results_are_in.html
September 29th, 2009 at 7:46 am
What about running MSE alongside NOD32 4? I’d love to have multiple scan engines on the desktop, assuming they’ll play nice.
September 29th, 2009 at 10:36 am
“Given the numerous choices for free antivirus software out there, I do not see how this will be effective, but more power to Microsoft for trying.”
I’d say this is completely incorrect, given that most PC users aren’t that tech-savvy and won’t go out to find their own anti-virus programs unless their Windows Update tells them to download something.
I, personally, would not switch away from NOD32, as I believe it’s the best anti-virus program out there, but a free version from Microsoft that is available straight from a notification of Windows Update will help a lot of PC users.