Microsoft recently started installing its Microsoft Security Essentials (MSE) free antivirus product via the Operating System update mechanism to computers which don’t already have an antivirus installed. Basically Microsoft is saying they are worried about the security of its users and they need to make sure they are protected. Perhaps Microsoft is trying to position itself as a provider of secure Operating Systems given the market perception of Linux, Apple and potentially Google as having more secure alternatives to Windows OS, but that’s a different story.
We agree with Microsoft; it’s better to have some protection than not having any at all. However the way the guys in Redmond are executing the idea is risky from a security perspective and could very well make the malware situation much worse for Internet users. That’s why we encourage Microsoft to continue using Windows/Microsoft Update but instead to push all free antivirus products available on the market, not just MSE.
These are the reasons why pushing only MSE from Windows/Microsoft Update is a very bad idea:
- MSE is not a good solution to the malware problem. While the argument of protecting users who do not have AV is commendable, the reality is that MSE only installs on computers with a valid Windows OS license (paid to Microsoft).
- The problem is that an estimated 40% of worldwide computers connected to the Internet are running pirated software and spreading viruses, especially in China, Latin America, Asia, Southern Europe, etc. So while Microsoft wants us to think it is doing this out of the goodness of their hearts, the reality is that the measure will have little impact as millions and millions of unlicensed Windows PCs will continue spreading viruses and infecting the rest of us.
- Even Microsoft itself acknowledges that malware infections are more prevalent in illegal copies of Windows: “There is a direct correlation between piracy and the malware infection rate” said Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center. If that’s correct and the objective is truly to protect users from malware, then why doesn’t Microsoft allow MSE to install in pirated copies of Windows OS?
- Monocultures are a hacker’s paradise. If pushing MSE via Windows/Microsoft Update is very successful it will end up creating a monoculture of hundreds of millions of users having the same antivirus product. Right now hackers have to worry about bypassing multiple antivirus products and protection layers every time they release a new piece of malware. Having to bypass only one AV product makes their life so much easier. This alone will allow hackers to push more new malware that bypasses MSE exclusively and infect many more users with every new variant. Alternatively, reverse engineering of MSE and related Windows components will boom, potentially discovering zero-day vulnerabilities which could cause infections in tens of millions of PCs with a single attack. Monoculture in Operating Systems is in and by itself bad. Monoculture in security is A VERY BAD THING.
- Insufficient Detection. Even though MSE is a good basic product, from a detection perspective it has not proven itself to provide sufficient protection according to the latest independent comparative studies:
- AV-Comparatives.org’s latest On-Demand Test ranks MSE 15 out of 20 in signature detection while vendors with alternative free antivirus products were ranked well above that.
- In AV-Test.org’s latest Real-World Test MSE could not achieve the minimum score to obtain certification, while vendors with alternative free antivirus products did. MSE was ranked as one of the worst three products.
- Not Enough Prevention. There are other free antivirus alternatives on the market which offer much more than just reactive signature detection. These more advanced (and still completely free) products have multiple security layers which provide users with proactive protection, such as web filtering, behavior blocking, instant messaging filters, etc. MSE provides very basic antivirus protection, certainly not enough to protect users against today’s malware threat landscape.
- Secure the Operating System itself. Even though Microsoft has made significant improvements in securing the OS in recent years, there is still a long way to go as witnessed by the constant zero-day vulnerabilities that are published every month, such as the incredibly dangerous LNK vulnerability that Stuxnet exploited. Microsoft’s security resources should work on making the OS more secure, not just putting a band-aid on it. Who knows, maybe someday if Microsoft manages to really make their OS secure, antivirus products won’t be needed anymore. But until that day comes, Microsoft should make a serious development effort to secure the OS from the ground up and not limit the security tools currently available to its users.
In summary, while it’s commendable that Microsoft is trying to protect users, offering only “their” basic MSE antivirus provides neither sufficient protection against today’s threats nor does it solve the malware problem of millions upon millions of pirated PCs who will continue spreading viruses. In fact, it can easily achieve the contrary by making it easier for hackers to infect users. Microsoft should offer the complete portfolio of more advanced and secure alternatives of free antivirus products and time-limited versions of paid security suites, allowing users to choose any of them from the Optional Windows/Microsoft Update.
Note: this post is being published simultaneously in Panda Research, PandaLabs and PandaInsight blogs.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
44 comments
You are clueless. I think you are just worried that with the demise of insecure XP and the rise of Windows Vista/7, and most importantly with the introduction of the greatest security solution for Windows 7 – MSE, third-party security softwares are going to become obsolete very soon.
1. Windows 7 uses advanced DEP and ASLR protection, plus UAC and Protected Mode in IE8/9, and AutoPlay is disabled by default for removable devices. These are more than good enough to keep your system free from malware.
2. MSE is the best security add-on on top of what Windows 7 provided out of the box. This is the single most useful security product I have used in all my life. Its detection rate is the best among all free antiviurs softwares. But most importantly it keeps me safe without affecting the system performance at all. MSE integrates with Windows 7 like no other software does.
3. MSE utilizes DEP and ASLR better than any third-party solution.
Bottom line is, I will never ever in my life again use a third-party solution. All my family and friends use MSE on Windows 7 and they haven’t had a single problem in the last year and a half. Fact is, when it comes to making software of any kind, Microsoft is the best.
@AntiLuddite I’m not sure if you’ve read the entire post or if you’re just a troll venting off. Please read it again carefully. We actually applaud Microsoft for pushing AV via Windows Update. What we’re saying is that its wrong to “only” push MSE as there are more complete & safer alternatives out there that a bare-minimum reactive signature AV. Consumers should have the right to choose which level of AV protection they want.
@Pedro Bustamante
I have read your post very carefully indeed, and have responded accordingly. Your post is as much about bashing MSE as it is about the update system. You make quite a few subjective and down-right false remarks about MSE. For example, according to AV-Test, MSE on Windows 7 is certified and rated as one of the best security products. But you chose to lie about it in your post.
But most importantly, your assessment that MSE is somehow less secure than Panda (or other third-party solutions) is unprofessional and according to me, completely wrong. MSE is one of the most solid antivirus solutions for Windows 7, as it builds on top of Windows 7’s already great out-of-the box security measures. Because of that I have found MSE to be more secure and less performance-hungry than any other security product.
And finally about the update system. MSE is offered as an optional update to only those users who have no security software installed on their systems. They are free to choose any third-party software if they feel like it. Why should Microsoft advertise third-party software on their operating system? Especially with something as important as security products they simply cannot take the risk of recommending third-party software to their billions of customers. If things go wrong after installing any of those products, then Microsoft will have to bear much of the responsibility for the damage. So your suggestion that third-party software like Panda should appear on Windows Update is completely ridiculous.
@AntiLuddite Regarding your first comment about AV-Test.org, you can verify this at http://www.av-test.org/certifications.php. As you can see MSE didn’t receive the minimum protection score to reach certification.
Regarding the second point about being a bare-minimum AV, this is not opinion but fact. MSE does not include a web filter. MSE does not include a behaviour blocker nor HIPS. MSE does not include P2P nor email protection. Etc.
Finally about the update mechanism, we actually applaud Microsoft for doing this. But it would be better if consumers had choices and not limited to “only” MSE which, according to my previous 2 arguments, might not be enough protection for people that need better security.
@Pedro Bustamante
On the ww.av-test.org link, the test that was carried out on Windows XP SP2 – didn’t give MSE a certification. On the other hand, the tests that were carried out on Windows 7 rated MSE as one of the best security products.
@AntiLuddite Are you looking at the same page? In 2010/Q2 (under Windows 7) there were nine other scanner who performed better at detection. I’d hardly call that “one of the best”. In 2010/Q3 there were 13 other scanners who performed better at detection than MSE. MSE didn’t even achieve the minimum score for certification.
@Pedro Bustamante
In 2010/Q3 the tests were not carried out on Windows 7. They were done on XP SP2 which is an ancient OS which does not have DEP or ASLR support. So they are pointless.
2 weeks ago they pushed Windows Live Essentials 2011 as an important update and now MSE … Microsoft is totally abusing Windows Update!
Haha. You guys are just scared of competition.
It’s MS software to do with as they please. If they want to give us protection against the threat of computer viruses for free, so be it.
They give it away for free, people gripe, if they were to charge for it, people would gripe.
I don’t get humans somedays…
@Tyrnaan I don’t think you read the post above… we don’t want MSFT to stop giving their AV for free. We want them to continue doing so. The point is that they should make *all AVs* available for free via WU, not only theirs. By doing so it will benefit consumers as they will have more options to choose from.
Wow i don’t see how you can attack Microsoft in that way. For years Microsoft has depended on AV developers to protect their users from protection. And time after time AV developers seem to fail. Microsoft now has hardcore competition with apples mac os which so call has no virus which is not true but their less likely to get any. I agree with you with 3. and 4.completely. I myself rarely use MSE alone. But as for #1 you got to be kidding me. Pirated MS OS is just as pirated AV it hurts. Pirated MS doesn’t allow windows update at all. Your acting like MS is giving away their os for free. They are not. And pirated OS users are not their customers they want to protect their customers so they can have a great experience with their os. I don’t even think MAC allows pirated copies of their os to do much either.
and as for the main reason you made this post “All AV’s available for free via WU, not only theirs” i can understand WU reading AV program to see if it need to be update and requiring it to update but for putting it on a choice on WU that’s funny. Seems like you want some free advertisement. http://www.microsoft.com/windows/antivirus-partners/windows-7.aspx
http://www.microsoft.com/windows/antivirus-partners/windows-vista.aspx
http://www.microsoft.com/windows/antivirus-partners/windows-xp.aspx
I Support non-Pirated OS i tell my customers to install MSE if they say it doesn’t work i automatically know they have a pirated OS and Referred to these pages depending on what OS they have. And then tell them good luck.
I’d stay away from it. Especially if you’re running a “questionable” copy of a Windows operating system . The first Update of the virus definitions will “flag” it, if you know what I mean.
If Windows Update only pushes out MSE to those PCs that don’t currently have an AV solution installed, then those consumers weren’t too worried about having options to choose from in the first place. For those that don’t think for themselves, it’s a good option. The rest of us either already have an AV installed, or know how to uninstall MSE and install something else.
I completely agree with the article and the viewpoints within. What I disagree with is the manner in which someone presents their opposing view. Clearly there is a lack of respect and total loss of finesse in presenting a disagreement or opposing viewpoint. Bursting forth hurling an accusation of being clueless suggests arrogance and is wholly unnecessary here. Comments are solicited, not an invitation to wage war.
What is more perplexing is replying without seeming to have read AND comprehended what was read before leaving a comment. How can an observation be made about Panda being afraid of competition when #4. is highlighting other free alternatives?
I read the article all the way through. I currently use Windows XP and started with Microsoft on Windows 3.1. I have experienced all the years that Microsoft has tried to execute strategies for the supposed benefits of the users. Many of them were wrong turns and redoubling efforts in another direction had to be made.
This well-written article merely makes a suggestion which I agree with as a MS Windows customer.
MSFT won’t ever do it.
It took a legal settlement with the European Commission to make them push KB976002 to EU users. I think a European antivirus manufacturer should do what Opera did, even if an Antivirus Choice screen would only apply to a minority of the Windows users.
@Dwight The point about MSE not installing under unlicensed OS copies is not about piracy but about the malware problem. We all know malware is more prevalent in pirated versions, so if a move is made in the name of fighting malware, it should encompass the entire malware problem, not just a portion thereof. Otherwise it seems to me as if the move is more about piracy than malware.
@Ciance Point well taken Ciance. Thanks for your comment!
@Pedro Bustamante I dont know what i understand what your which is protect all instead of one. all being the users who pay and the users who dont pay Pirates. but am not like MS why should i help support a pirate if the pirate doesnt support me. Qutoeing my self “I Support non-Pirated OS i tell my customers to install MSE if they say it doesn’t work i automatically know they have a pirated OS and Referred to these pages depending on what OS they have. And then tell them good luck.”
pirated OS makes my job harder. but it also brings me money. i dont preech ‘dont use pirated os’ but i do not support or install pirated os on others computers.
hey am not trying to say ms should not put other free av on they WU but why should day. It’s Microsoft Windows Update. not Every one we support Update. Pirated OS does not get any updates becuase after that first update which downloads and install that first anti-piracy program it doesnt allow any WU which means no MSE, no PANDA CLOUD, no antivirus for no one. MS gives no love to piracy OS its as simple as that. You cant say they are trying to stop all malware from being on all they OS priated or not. ITs more about Protecting MS PAid user. leave the Pirated os to other AV.
That’s hypocricy – I’ve tried various free antivirus for years and all they did was make my machine very slow. MS Security Essentials not only doesn’t slow it up, but found several Java exploits installed that even AVAST hadn’t found
MS can’t allow MSE to install in pirated copies since it could be providing false protection that way if it can’t ensure the OS hasn’t been tampered with. Pirated copies aren’t just using others’ keys, many times are hacked to install and you don’t know what else is there in the hack (rootkits etc.)
At the AV tests link it says “Usability” testing includes the system slow-down caused by the tools and the number of false positives and MSE gets higher score in that column than Panda (at Windows 7 tab, in which it passes the certification mark [12 total points I think it is])
Panda and other AV makers just don’t get it – the reason many power users and programmers etc. don’t use an AV at all is cause it’s either bugging them with popups and alerts all the time, or slowing down their machines
On an XP SP3 machine:
For over a year I used Defender, Avast, and AVG at the same time,. with no problems.
Updated to MSSE which disabled Defender and I later uninstalled Defender.
Due to many conflicts, uninstalled AVG. Running with Avast and MSSE is usually smooth but occasional conflicts either reboot the machine, lock it up, or turn of the MSSE protection, which in a few seconds announce it is off and gives the opportunity to turn it on again.
For those who advocate using MORE than one security product, what is the choice for an AV/Antimalware product to use with MSSE?
This is not true. As a consumer I expect Microsoft to keep my system secure and not charge me for it. As any security company will point out, malware takes advantage of insecurities of the OS. Thus it seems fitting the OS vendor help shore up my defenses.
Also, Microsoft’s Malicious Software Removal tool is FAR better than Panda’s removal tools and Microsoft’s AV is finding things that Kaspersky and McAfee haven’t, in my own tests done at home in past 3 weeks.
If your product was superior, you could justify charging for it.
Disagree. Disagree. I Disagree again.
1) How can having *zero* be better than having “something”?
2) It is provided by Microsoft Update, not Windows Update – there is a difference. Microsoft Update is an opt-in service for customers and is not an extension of Windows.
3) The target audience for MSE in this case is to focus on those users who are ignorant and haven’t exercised their right to locate a free (or pay) version of virus/malware software
Sorry, but I can’t disagree more and all I see are security companies focusing on $$$ and not on helping ignorant Windows user. MSE is a good product, IMO and I use it at home and no complaints…
-chris
@George Birbilis Your argument about pirated OS’s and not being able to protect them is just ignorant. AV products have been installing on top of unlicensed OS for 20 years and protecting them just as well as a licensed OS.
@joe Agreed, as a consumer you should expect your OS to be secure. But as we know it is not and malware and vulnerabilities still plague the OS, AV is still necessary. But the problem we are trying to show is that only have 1 AV being prevalent, just like having 1 OS being prevalent, makes it easier for hackers to infect your PC.
@Chris You obviously haven’t read the post above or you wouldn’t be saying this:
1) We never said *zero* is better than *something*. In fact the post above says the exact oposite.
2) The regular user wouldn’t know the difference. In fact, many MSFT products today (Office, Live, etc.) automatically turn on Microsoft Update by default. Most users have this enabled and they have not activated it themselves, it was activated by some other MSFT install. Regardless, this is a moot point as, according to the post above, we do not want MSFT to stop pushing AV via WU/MU, we simply want them to provide *options*.
3) Exactly, and this is what we are proposing, that they make it simpler for consumers to choose one.
In summary Chris, read the post as you’re obviously haven’t taken the time nor effort to even read nor try to understand our proposal.
now mse includes behavior blocking try latest mse beta 2 and you will see………..
I cant seem to find a link to download Microsoft Security Essentials on your website..
@Pedro Bustamante
I was curious where the drop down menu for choice of other AVs on your website is?
This is in essence what you are suggesting Microsoft do in THEIR OS. And this is exaclty what the EU forced MSFT to do with regards to the browser fiasco.
I agree with Pedro that there should be a choice of free AV just like it did with the browser ballot … and it should do it with free AV
Sorry but Pedro choose to combine two different time frames to defeat MSE. He says “If pushing MSE via Windows/Microsoft Update is very successful it will end up creating a monoculture of hundreds of millions of users having the same antivirus product.” Then he continues to say the AV test doesn’t give it a high grade.
This is version 1 of MSE. This was not suppose to replace another paid AVs. They are features missing from version 1. In the future, if more users do choose MSE, it will not be version 1. Sure they are better products then MSE 1, but Microsoft will continue to improve on MSE and in this theoretical future, MSE would have gone through many test and many updated versions. To say that MSE isn’t as good as others now as a reason why it may end up hurting security in the future to me is ridiculous.
Another thing is why should one company freely offer users to download and/or buy the product of another? That just doesn’t make sense. I choose to use many free AVs. Now I have chosen MSE. Under Windows 7, it works great. It is very light-weight compared to many other free AVs that i’v tried.
In the end Pedro, people are not retarded. They wont be just ONE AV. If a greater number of malware find ways circumvent MSE in the future, then people will just choose other free AVs. It’s as simple as that.
@MSCurious , @simon and @Alique try and look at it from a long-term perspective. What happened to the browser innovation after MSFT preinstalled IE with the OS? It pretty much died for about 10 years. But that’s not a big issue as its just a browser. Now take that lack of innovation to security and the implications can be more serious.
Also it is important to note that the AV industry has been very helpful with MSFT over the years, even after MSFT decided to compete commercially with the rest of the AVs while at the same time those “valued partners” continue to provide MSFT with access to samples, information about vulnerabilities, etc. to improve their OS. Yet at the same time these tactics of unethical competition hurt the business of those same “valued partners”. What will happen to all those benefits that MSFT gets from their “valued partners” after some or many of them are forced to go out of business? Where will MSFT get security information and pressure to innovate from?
I hope you are right and that MSE goes beyond “essentials” but I’m not holding my breath.
the report is evaluating MSE ver 1.0 and the current one is 2.0.375.0 so your point is not fair
Pedro, people are much more sophisticated now more then ever when it comes to technology and computers as apposed to the late 90’s, early 2000’s.
Nonetheless, It is absolutely in Microsoft’s best interest to have Windows protected against viruses and they will always be selective pressure on AV software from virus writers. If MSE doesn’t work out well enough, people will just buy other AV software. It’s just that simple; people are not morons. If MSE does capture say 90% of the market (Which it wont because people are not morons), allowing virus writers to easily circumvent MSE security, Microsoft themselves would probably just start promoting other AV software as alternatives; what ever works best to protect Windows.
IE is still integrated into Windows now, but many, such as myself, choose to use other browsers. Personally, I see no need for an updated Google chrome. Sure it would be nice though. Early on, there was no reason or pressure what so ever to innovate when it came to browsers. There are, and probably will be for a long time, pressures on with AV however.
@Pedro Bustamante
“Microsoft should offer the complete portfolio of more advanced and secure alternatives of free antivirus products and time-limited versions of paid security suites, allowing users to choose any of them from the Optional Windows/Microsoft Update.”
I do agree that monocultures are bad for competion and innovation. However, I already have the choice. The Internet is my choice.
Let the products compete on quality and not through government regulated mandates (forced choice?) at the expense of MSFT’s distribution channels.
Like I said, where is the dropdown menu on your website that I can download MSE, or any other AVs for that matter?
@MSCurios You don’t seem to understand, MSFT has a “direct” way of installing software into all PCs, which is something that neither Panda nor any other AV or any other software company has. How is that “allowing for competition” when they have an obvious advantage a getting their software pushed directly to the end user via WU?
The Internet and researching and trying out different softwares might be “your” choice, but the reality is that the vast majority of users are not advanced enough nor have the time to, researching different AVs and reading up on the latest news and comparatives of products out there.
@Pedro Bustamante
So your solution would be to force MSFT to directly push out Panda or any other AVs through their WU?
Sounds to me like you just want a free ride. I get it though, advertising can cost money. Making CDs and putting them around every corner (much like AOL did in the ’90s) can cost money.
And since the “vast majority of users are not advanced enough nor have the time to..” you want MSFT to foot your bill. What do I not understand exactly?
As long as MSFT labels MSE as non-essential I do not see the harm. Yes they have the advantage. It is within their rights to advertise their product inside their OS. Free advertising and distribution for other ‘competing” products, whether AVs or browsers, should not rest on MSFT’s pockets.
Just to be clear, I do agree with points 1-5 of the article. I disagree with the proposed solution.
@MSCurious You say “Yes they have the advantage. It is within their rights to advertise their product inside their OS.”
But its not within their right, its called unfair competition and there are laws against that. Using a monopolistic position in one market to gain an advantage in another market is illegal. Let’s not forget that while the basic MSE is free, Microsoft still sells licenses of their antivirus to enterprises, competing against the rest of AV vendors.
Microsoft is a monopoly? It’s very clear now. If MSE does succeed, Panda stands to lose millions. That’s why you’re here making up stories about Monocultures. Damned the customers for wanting a free antivirus with their OS. Damn Microsoft for finally taking the initiative to protect the OS from viruses.
@Alique Did you not read the post Alique? We’re not saying damn MSFT for the initiative. In fact we praise it. Abstract from above: “We agree with Microsoft”. All that we are saying is to give consumers a choice.
@Pedro Bustamante
It’s a catch 22 for Microsoft. If MSFT take no interest in securing their OS, they get blamed for being an unsecure haven of virii and malicious codes. If they want to protect their customers by giving out free AVs to those that already do not have them installed, they get called a monopoly and eventually will be forced to distribute every competitors’ AV software (much like that browser fiasco).
I find it odd that even ISPs are offering free AVs with their service. And for some reason, I found little to no new PCs sold within the last 2-3 years without some form of AV software pre-installed on it (and not MSE). And yet none of those were freely distributed through WU.
@Pedro Bustamante
How don’t we have a choice if Microsoft offers us a free AV? We get IE for free when we install windows, but we can still choose to use any other browser we want. We get a disk defragmenter also, but we can choose to use any which one we want.
If what you say is true about hackers finding it easier to circumvent MSE if it becomes widely used, we can choose to download another AV. Am I missing something here? Having MSE offered for free is better then no antivirus at all. Dell laptop comes with an AV also, but I don’t see you criticising that.
Should microsoft start offering disk defragmenters and browsers from other companies as well?
may i know how to enable me to vaccine the external hard disk NTFS drive. tq
Panda Good Microsoft Security Essentials no good have a look at a test done on Thu, 02/10/2011
Windows 7 x86 and x64.
http://www.anti-malware-test.com/