Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

What’s worse than paid for antivirus? Free antivirus

What’s worse than paid for antivirus? Free antivirus

  • Comments 8

Recently, Microsoft started packaging its free antivirus software Microsoft Security Essentials with its Windows Update service.  This is a smart move, right?  Users who don’t have any A/V protection would now have something and therefore they could reduce their vulnerability footprint.  The Malicious Software Removal Tool is also free but it is not real time; MSE is real time.  Hopefully, this move by Microsoft should help reduce the amount of malware infected computers out there and decrease the amount of cybercrime out there by denying malicious actors access to free resources.  Who could protest that?

As it turns out, PandaLabs and Trend Micro don’t like it.  From an IT News article:

Two antivirus vendors have criticised Microsoft over its decision to push out its free anti-virus (AV), Security Essentials, under its Microsoft Update service.

Microsoft began offering Security Essentials as a free program in late 2009, which drew little objection from AV vendors, however its decision to push it to customers in the US and UK during the past fortnight has triggered claims the process is anti-competitive.

"We think this is not fair," PandaLabs technical director Luis Corrons told UK technology news site, ITPro.

He added that the ubiquitous distribution of Microsoft's anti-virus would make it easier for criminals to develop malware that bypasses the blacklist.  The company wants Microsoft to continue pushing antivirus to Windows users, including illegitimate copy owners, but also include other AV programs in the update.  A Trend Micro executive raised similar concerns last week after the UK launch in late October.

To further drill down into PanadLabs’ beef with Microsoft:

"In summary, while it's commendable that Microsoft is trying to protect users, offering only 'their' basic MSE antivirus provides neither sufficient protection against today's threats nor does it solve the malware problem of millions upon millions of pirated PCs who will continue spreading viruses. In fact, it can easily achieve the contrary by making it easier for hackers to infect users," Bustamante wrote. "Microsoft should offer the complete portfolio of more advanced and secure alternatives of free antivirus products and time-limited versions of paid security suites, allowing users to choose any of them from the Optional Windows/Microsoft Update."

Methinks that Bustamante doth protest too much.  His argument is that Microsoft should be offering people a choice of other pieces of antimalware software and that by bundling in their own home grown solution, this gives them a competitive edge.  But on the other hand, these people aren’t even running any antivirus software at all.  Better to run something than to run nothing, and that is Microsoft’s point of view.  And Microsoft’s software definitely is slimmed down compared to more complete solutions from other vendors.  As a spokesman for Microsoft stated, better more limited protection than none at all.

What Bustamante is worried about is that these potential customers who are running nothing will start to run Microsoft’s A/V and will not run PandaLabs’ or Trend Micro’s A/V software.  Thus, by doing this Microsoft is reducing their potential pool of clientele.  While these people may or may not buy their software, if they have something they will not want their product.  Microsoft’s OS ubiquity gives them an unfair advantage, claim PandaLabs and Trend.  I believe that is the real reason they protest – the profit motive.  It’s all about the money and the loss of potential revenue.  It’s a fair point, I suppose.

Yet I think what these complaints miss is the fact that these people, despite already having the option of running free A/V, are still running nothing!  It’s unlikely that they would ever go out and buy their software if they haven’t bothered to get anything for free.  And also note the leverage that they want to insist on using – if Microsoft puts the time and effort into maintaining Windows Update, and they also point to other vendors’ products, then these other vendors are getting free advertising.  They get Microsoft to spread their image and then foot the bill for it.  Pretty good deal, it is like companies that sell clothing with their logos on it to consumers (Nike, Pepsi, etc); consumers buy the product and then advertise the product for the companies.  And consumers willingly agree to this.  Microsoft isn’t quite so willing to do that.

Ultimately, running something is better than running nothing.  Users who run nothing need to be coaxed into running something and if free software won’t do it, then maybe free software with a notification to the user indicating they can get something is the way to go.

Leave a Comment
  • Please add 2 and 6 and type the answer here:
  • Post
  • We predicted this would happen http://whrl.pl/Rcv9JA

  • Most of their comments are basically just thinly veiled complaints about losing business. All reviews I have seen say MSE works just as well as any other free alternative.

  • A security update is the software equivalent of an automaker's safety recall. It's the manufacturer's obligation to fix its defects.

    Third-parties became rich by feeding off software vulnerabilities.  Ironically, they have a vested interested in the continued production of buffer overrun exploits and social engineering threats as a way to sell product.

    The antivirus vendors would be out of business if Microsoft ever produced a securable version of Windows and associated apps. Despite years of security research, we're far from seeing software that can't be hacked.

  • Netscape had a successful argument that IE was unfairly competing with their browser, but Panda and Trend have no case here.  Microsoft made a product with security problems, and Panda and Trend sold a patch.  Then Microsoft patches their own product, eliminating the need for Panda and Trend.  That cannot be regarded as abuse of monopoly power, it's just Panda and Trend building a business on sand that washed away under them.

  • I'm firnly in the camp here that the security and integrity of the OS is the responsability of the vendor, so "in the box" AV is perfectly valid.  And that's ignoring the fact that 3rd party AV is becoming bloated monsters that actually drag some systems down.  

    Besides, the goal of MSE is to protect the users, the goal of 3rd party AV is actually sell prodict, and upgrades via protecting users.  the difference is subtle, but is why most 3rd party AV stuff is now getting full of useless features.

  • spy products, self defense products, gsm baton, spy pepper spray, spy

    gsm phonestun gun, Stun Baton baton, gsm bug  for <a

    href=http://www.one-stop-digital.com>www.one-stop-digital.com</a>

  • Well I'm normally anti-microsoft all the way but according to www.av-comparatives.org - Microsoft offers the Best A/V product. They should offer the best one, they have the most experience with malware. What Trend and Panda are worried about is the fact that their A/V sucks, costs too much and people won't be lured into buying it from them. The same applies about the worst a/v Norton.

    If you don't want to deal with viruses at all, I suggest using Linux.

  • I desagree with this, actually I ve had best results with free AV than with paid software, mmmmmm Im pretty mch happy with new one I download ZenOK Free Antivirus

    = freeantivirus.zenok.com

Page 1 of 1 (8 items)