Microsoft will be offering a free anti-malware suite codenamed “Morro”, from the second half of 2009, according to a press release:
This streamlined solution will … provide comprehensive protection from malware including viruses, spyware, rootkits and trojans. This new solution, to be offered at no charge to consumers, will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs.
It’s a good move. Here’s why:
- The current situation is calamitous. Even users with fully paid-up anti-virus solutions installed get infected, as I recently saw for myself. PC security is ineffective.
- The practice of shipping PCs with pre-installed anti-virus that has a trial subscription is counter-productive. There will always be a proportion of users who take the free trial and do not renew, ending up with out-of-date security software. A free solution is better – several are available now – if only because it does not expire.
- Microsoft wants to compete more effectively with Apple. It is addressing an extra cost faced by PC users, as well as (possibly) the poor user experience inherent in pre-installed anti-virus trialware.
- The performance issue is also important. Anti-malware software is a significant performance drag. Microsoft is the vendor best placed to implement anti-malware that minimizes the drag on the system.
Counter-arguments:
- Only specialist companies have the necessary expertise. I don’t believe this; Microsoft’s investment in security is genuine.
- Single-supplier security gives malware a fixed target, easier to bypass. There’s some merit to this argument; but it is weakened by the fact that the current multi-vendor scenario is clearly failing. Further, the Mac is a fixed target that does not appear to be easy to bypass.
All of this is hot air compared to the real challenge, which is securing the operating system. Vista is progress, Windows 7 not much different according to my first impressions.
Why not just use another operating system? There’s a good case for it; ironically the theory that a large factor in Windows insecurity is its dominance can/will only be properly tested when an alternative OS is equally or more popular. If people continue switching to Macs perhaps it will happen some day. Windows is still hampered by its legacy, though my impression is that Vista’s UAC is having its intended effect: fewer applications now write to system areas in Windows, bringing us closer to the day when security can be tightened further.
What about business systems? This is one area that needs clarification. Microsoft says Morro is only for consumers. Why should businesses have to pay for a feature that consumers get for free? On the other hand, some equivalent initiative may be planned for business users.
Another counter-argument is that it increases Microsoft’s monopoly and puts all the antivirus people out of business. Instead Microsoft should be working to make their software secure.
Just my 2c, Gary
But the computer manufacturers are getting a kickback from the AV companies – so how will this move stop the pre-installed trialware problem?
Particularly because (my understanding) this product won’t be built into Windows but will be a separate download.
The non-tech savvy users will still have the same problems.
I agree with all of your points and I have to add 1 more to the Counter-arguments. Microsoft is one of the worst about writing bloated code. If they really attempt to do a “decent job” at antivirus and anti spyware, it will be the slowest running antimalware software ever.
Of course, they could just do it the same way they’ve done everything else and just make it good enough to get by. This may make it a bit faster… BUT you can bet they’ll make it uber-convenient. This is how they won the browser war.
They will not make a great piece of software, just good enough to use and put it on every computer they ship to make it convenient for Average Joe. Sadly, using this tactic they will probably win the antimalware war too.
Tim
Regarding the business side of all this, I’m going to guess that it’s going to be about configuration management: having your Windows Server R2 regularly analyzing the PCs on the local network to see that they’re configured properly according to the company policy. This will, as a byproduct, ensure that malware is removed by the configuration process.
Cheers, Julian
Microsoft writes a fundamentally secure operating system and then compromises the security in order to support legacy applications, ergo it becomes a monopolistic supplier shipping shoddy products.
Microsoft then provides its own free antivirus software to plug long-standing gaping holes in Windows’s defenses and remedy deficiencies in third-party products, ergo it is a monopolistic supplier seeking to put these third parties out of business.
Damned if it does, damned if it doesn’t…