Microsoft tempts antitrust lawyers with expanded antivirus offering

Microsoft tempts antitrust lawyers with expanded antivirus offering

Summary: You want a good, solid, free antivirus program? Microsoft Security Essentials fills the bill nicely. Until recently, you had to download and install this software manually. Beginning this week, it's rolling out to all Windows users in the U.S. via Microsoft Update. So how long till antitrust lawyers begin squawking?

SHARE:

5-Nov: Updated to include more details on conditions that trigger updates as well as statements from Symantec, McAfee, and Trend Micro. Symantec and McAfee declined to comment on anti trust issues. Trend Micro, however, says the company is "obviously concerned and studying this matter further." See full statements at end of this post.

You want a good, solid, free antivirus program? Microsoft Security Essentials fills the bill nicely. Unfortunately, even though it was officially released more than a year ago, it's still one of the best-kept secrets in personal computing. Its installed base of 30 million users worldwide might sound big in raw numbers, but it's a drop in the bucket compared to the billion-plus Windows PCs in use.

All that's about to change, as Microsoft has now begun delivering Microsoft Security Essentials via Microsoft Update to customers in the United States (a pilot program in the UK started earlier this year). If Windows detects that you're currently running without up-to-date antivirus protection, this is what you'll see in the Optional Updates section [see update following figure below]:

Update 4-Nov 10:00 PDT: A few clarifying notes on the above description. Two caveats are worth noting that affect whether this Optional update is offered. First, the Action Center in Windows (Vista or 7) has to detect that no antivirus solution is currently available. That will certainly be true on a clean installation of Windows from retail media (OEM installations often include trial versions of security software), and it might also be true in the unlikely case you are using an antivirus program that doesn't communicate its status to Windows. If you have security software installed but have out-of-date definitions, it's up to that security software to prompt you to update. In addition, the Microsoft Security Essentials Optional update is only available on PCs that are running what Microsoft calls Genuine Windows. Properly activated systems or those that are still within the initial grace period after installation meet this criterion and should see this update if Windows can't detect an installed antivirus program. A copy of Windows that has not been properly activated after the grace period (including pirated copies of Windows that fail activation) will not be offered the MSE update.

Although this development might seem like a logical one for Microsoft, it's actually a big step—and a potentially risky one. Security software vendors have their antitrust lawyers on speed dial in anticipation of the day when Microsoft begins bundling antimalware protection directly into Windows. As a result, this long-overdue development is moving at glacially slow speeds.

Earlier this year, on the 10th anniversary of Microsoft's landmark antitrust defeat, I noted:

Microsoft Security Essentials is available to any Windows PC as a free download, but it’s still not available as part of Windows itself. The Windows 7 Action Center will warn you if you don’t have antivirus software installed, but clicking the Find a Program Online button takes you to this page, where Microsoft’s free offering is one of 23 options, most of which are paid products.

[…]

In this case, I think the mere threat of an antitrust complaint from a big opponent like Symantec or McAfee has been enough to make Microsoft shy away from doing what is clearly in its customers’ best interests.

So Microsoft moves slowly, deliberately, one step at a time. Previously, you had to seek out and download this free (and very effective) software on your own. Now it shows up under Optional Updates, if you know where to look. And Microsoft has upped the stakes by altering the license terms so that small businesses can install up to 10 copies of the software free of charge,

The logical next step, of course, is for Micosoft to classify this update as Important, where it will be offered as an automatic update on unprotected PCs (similar to the way the Malicious Software Removal Tool is delivered monthly). At some point, it can and should be fully integrated into the operating system itself.

As the screenshot above makes clear, this update was released roughly two weeks ago, on October 19, but it's only now beginning to appear on update screens across the United States. (Lee Mathews at Download Squad spotted this update in the wild last week. It wasn't available on my system then or even earlier today, when I checked for updates manually. Ironically, I was in Redmond at the time, meeting with the Microsoft Security Essentials team and discussing this very issue. It appeared on my system for the first time just a few minutes ago.)

I'm willing to bet that lawyers for the big security software vendors are looking at this development very carefully. Will they actually threaten legal action? Stay tuned.

Update 4-Nov: I asked Symantec, McAfee, and Trend Micro for any comment on this new decision by Microsoft. A Symantec spokesperson provided the following statement:

It's clear that today's threat landscape requires more comprehensive protection than what Microsoft Security Essentials offers. From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime. Unique malware and social engineering tricks fly under the radar of traditional signature-based technology alone - which is what is employed by free security tools such as Microsoft's.

Norton Internet Security and Norton 360 offer protection that is proactive, real-time and proven. Our Norton Insight technology automatically identifies new spyware, viruses and worms without relying on signatures alone and prevents threats from being installed on the system in the first place. In recent testing conducted by AV-Test.org, Norton 2011 led a pack of 12 competitive security offerings in both detection and remediation while Microsoft Security Essentials came in second to last. In addition, based on top results across a combination of protection and repair tests, AV-Comparatives awarded Symantec the "Best Product of 2009."

A McAfee spokesperson sends the following comment:

McAfee wants consumers to be safe online. Options that provide an elementary level of security are free products including Microsoft Security Essentials, however these mostly rely on traditional protection mechanisms.  McAfee products offer not only more features but most importantly, McAfee products offer real-time protection using cloud-based Global Threat Intelligence to combat even the most sophisticated threats thus ensuring complete protection and peace of mind. Availability of free options on the market has not had any impact on McAfee's Consumer business as evidenced by years of growth and all time record revenue in Q3 2010.

A Trend Micro spokesperson provides the following comment:

We support the overall movement among players in our industry -- including Microsoft -- to encourage the use of security software to protect the consumer's computing experience.

But Microsoft's apparent moves to begin delivering up to 10 free copies of Microsoft Security Essentials via Microsoft Update to customers in the United States have us obviously concerned and studying this matter further.

Commercializing Windows Update to distribute of other software applications as a de facto extension of Windows in our opinion raises significant questions about unfair competition and how best to serve the interests of consumers.  Windows Update itself is not a choice for users, and we believe should not be used this way.

We believe we have the best, competitive product with strong loyalty from our customers, and welcome competition on a level playing field. That is why we are concerned that Microsoft may be using its OS-based market leverage to drive its solution into the market as a so-called "optional" update, essentially boxing out other choices.

If that were to happen, it would not be good for consumers or the industry, and would warrant a  second look.

I will have a more detailed look at the current state of security software in a follow-up post.

Topics: Operating Systems, Enterprise Software, Microsoft, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

235 comments
Log in or register to join the discussion
  • Well Done Microsoft!

    I think this was a long overdue thing; they had to step up and stop the rot. Considering that they are offering this only as an optional update and that too on systems not having an antivirus software installed, I don't see why anyone should have a problem with that.
    nishsingh
    • I don't mind it as long as it stays optional.

      @nishsingh: If they move it to Important then I'll have a problem with it. I don't want A/V software on my systems. It's next to worthless and usually causes more problems than it prevents.

      With that said MSE is a great product. It doesn't try to be all things to all people. It has one purpose and does it well with minimal impact.
      ye
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        @ye

        No, it is NOT next to worthless. It is a very good investment in the health and security of your system, especially when Norton and McAfee update their things so regularly.
        Lerianis10
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        @ye
        " If they move it to Important then I'll have a problem with it. " :

        I don't understand why you'd say that. Even if it were Imp or Critical even, you still have the ability to not download it. If you're energetc to have the attitude you do, assumedly via experience and research, then I'd think the single click it takes to refuse the download and then one more clck to not have it offered again wouldn't be that much trouble.
        twaynesdomain-22354355019875063839220739305988
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        @Lerianis10 <br><br>"It's next to worthless"<br><br>Hackers love it when people say that.
        CobraA1
      • It's proven itself to be next to worthless countless times.

        @Lerianis10: [i]No, it is NOT next to worthless. It is a very good investment in the health and security of your system, especially when Norton and McAfee update their things so regularly. [/i]

        How many times have we seen someone post they caught some form of malware despite the fact they had A/V software installed? Too many times. It happened to a friend of mine recently.

        Meanwhile I've been running without it for over 10 years (except on my work laptop) and have had zero infections. This is because I rely on safe computing practices which are now the default in most operating systems (firewall enabled, non-privileged user use, patching, etc). This has worked great. The only human element is making sure I don't download and install unknown programs. That's it.

        A/V is reactive...by the time it's been added to the list someone has already been infected. Even when it is on the list A/V somehow manages to miss it. In addition it bogs down systems and causes more problems than it solves. The worst thing is most people rely on it and don't bother with the above security best practices. Especially the "Don't download unknown programs from the Internet" part. They figure they've got A/V and that will protect them.

        With that said the only A/V software I'm willing to consider is MSE. It does one thing, does it well, and doesn't cause problems. But I won't run it.
        ye
      • They're not loving it with me.

        @CobraA1: [i]Hackers love it when people say that.[/i]

        I can't recall the last time one of my personal systems was infected with malware. I'm thinking it was back in the DOS days when I was naive about computer security.
        ye
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        "I can't recall the last time one of my personal systems was infected with malware."<br><br>If people knew every time they had a bot on their system, bot networks would be almost impossible to create.
        CobraA1
      • I Pretty Much Agree with ye on This One

        @ye
        Antivirus software mostly just slows your computer down. It's almost like volunteering to have one relatively benign malware installed in order to try to avoid having others.

        Also, there's no reason you can't scan for malware occasionally with an on-demand antimalware program rather than an active one sitting in your tray all the time. When I do that, the only thing it comes up with sometimes is a few cookies.

        Assuming that people that don't run anti-malware in their tray probably are infected is silly. If you run behind a hardware firewall, keep Java, Flash, and Windows updated, and are careful about what you download and about running scripts from websites, you can remain pretty safe. Also, I've seen a computer with up to date active anti-virus software running on it get infected with malware right in front of my eyes from an as yet unpatched vulnerability in Flash or Java.

        Of course, most of the time at home, and a fair amount of the time at work I'm in Linux and don't worry too much about malware. Even running Linux though, is not an excuse to be stupid about online security practices. No operating system that I would want to use will protect you from your own stupidity. If you are willing to install it, then it will go on there.
        CFWhitman
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        "Also, there's no reason you can't scan for malware occasionally with an on-demand antimalware program rather than an active one sitting in your tray all the time."

        It is far, far better to have the scanners pick up malware when you download it BEFORE you execute it, rather than after. If you wait until after it is executed, damage may have already been done. Most AVs will hook into the browser and run a scan on software as it is downloaded.

        "Assuming that people that don't run anti-malware in their tray probably are infected is silly."

        You can't tell if a system is infected or not just by looking at it, sorry. And no, not all malware out there will bog down a system and slow it down noticeably.

        Rootkits are particularly nasty because they hide their tracks all over the place.

        "How many times have we seen someone post they caught some form of malware despite the fact they had A/V software installed? Too many times. It happened to a friend of mine recently."

        Do not confuse being imperfect with being worthless. No, they are not perfect, but that hardly makes them worthless.

        "If you run behind a hardware firewall, keep Java, Flash, and Windows updated, and are careful about what you download and about running scripts from websites, you can remain pretty safe"

        In other words, the only safe people are techies who bother updating everything all the time. Convincing my parents to keep their software up to date is like having teeth pulled, because they're so paranoid they'll mess something up. I do my best to keep them up to date, but I've yet to convince them to install updates ASAP rather than waiting for me to visit them.

        I am certainly aware that keeping up to date minimizes risks - and I consider AV software another way to minimize risks as well.
        CobraA1
    • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

      @nishsingh

      Agreed. Which company wants to stand up and say Microsoft is wrong? If they do they'd look like a bunch of goons who don't have internet security at the top of their list.
      Rob.sharp
    • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

      The problem is that they will drive many security companies out of business. The result will be a security monoculture where the only place you can get security is Microsoft - and where the only product hackers need to beat - is Microsoft's scan engine.
      This is not a good idea.
      avdude15
    • ?? Well done for making such a vulnerable system ??

      @nishsingh <br>I don't suppose you know of any OSes that are significantly less vulnerable to such a wide range of attack vectors?<br>If you like worrying about security issues particularly malware then choose MicroSquish. If you are serious about keeping systems secure then chose Linux, BSD or any other non-Windows OS.<br>Who profits from viruses and malware? Do you really want to continue paying them for the privelege of running such unsafe systems?<br>Regards from<br>Tom <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy">
      Tom6
  • FREE anti-virus softwares are everywhere

    I think there's nothing wrong here since there are already many FREE anti-virus softwares out there.
    iluvmsft
    • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

      @iluvmsft There were many free operating systems and web browsers but MS got into trouble over how they competed in those markets.

      (Also, being free to the end user doesn't imply the companies don't care whether or not you use their products. They want you to use them (else why would they waste time making them?) and usually intend to make money out of you using them (presumably by growing their brand name and gaining corporate clients).

      Personally -- and ignoring the law as law is a poor, hard-to-understand and often arbitrary indicator of wrong and right -- I don't have a problem with MS offering this or anything else with the OS, so long everyone is free to choose an alternative and so long as anyone is able to write an alternative with equal access to the OS/APIs.

      I am a little surprised MS are doing it, though. After rolling out the Browser Choice stuff to combat anti-trust issues it seems odd that they would do things like this in the anti-virus space.

      I'd be surprised if they don't get in trouble for this in the future, but not before they've gained a hell of a lot of users for their product. Maybe that's the plan?
      LeoD
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        @LeoD

        Not quite. In those days, browsers weren't free. If I recall, Netscape sold for $49. Microsoft bundled IE for free, with the stated intent (as shown by internal emails) of driving Netscape out of business.

        In this case, there are plenty of good AV programs out there for free, and Microsoft isn't causing them financial harm. As a non-lawyer, I see these as two completely different situations.

        Personally, I think it's a good move on Microsoft's part.
        msalzberg
      • Don't forget how MS screwed spyglass

        @LeoD
        While they were giving IE away for free, they screwed spyglass (the company who's code IE was based on) by telling them they'd get a percentage of sales. Guess what? 50% of nothing is still nothing.

        http://en.wikipedia.org/wiki/History_of_Internet_Explorer
        SpikeyMike
  • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

    I don't really see the connection between an anti-trust lawsuit and a FREE product, but then again I don't look at those kind of things very closely. I've always found politics and finance to be rather boring...that's what this is all about, you know, politics and finance while law is used merely as a means of supporting this tomfoolery. <br><br>All I see are inferior and costly products like McAffee that trick uninformed users into auto-renewing every year via credit card. I recently discovered that a version of McAffee included with a Dell computer (most likely a 90-day trial) had conned a family memeber into giving her credit card number, which in turn had been auto-renewing for an increasing amount each year, currently around $80. <br><br>It's kind of funny that these companies who have long taken advantage of customers, are now getting mad at Microsoft for offering a more effective product at no cost...because you can't really compete with "better" and "free" <img border="0" src="http://www.cnet.com/i/mb/emoticons/happy.gif" alt="happy"> May their departure be swift...<br><br>I'm guessing that Microsoft is offering this at no charge so that they can better compete with Apple, who's always boasting about how they have no virii. I don't really care for the whole Apple mentality so this is one of the few times that I'm actually going to say "go Microsoft!". Wish I could say the same for Windows 7, but oh well.
    safe-f_cking
    • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

      @safe-f_cking The thing is, Microsoft was found guilty of illegally maintaining a monopoly. As such, they may not leverage their monopoly position in one market to enter another market.
      Clearly, giving it away for free doesn't matter - they are entering a new (to them) market. If the security companies won't sue, the DOJ may.

      FWIW - If Microsoft wanted to enhance security, then they should shore up their OS, not bundle/include/give away an anti-virus package.

      -Mike
      SpikeyMike
      • RE: Microsoft tempts antitrust lawyers with expanded antivirus offering

        @SpikeyMike <br><br>Agreed. I've no problem with MS finally trying to secure their product... a task they have ignored and left to third party vendors for far too long. But the answer is definitely not to offer a "free" product that will drive the other vendors out of business. Note that, according to the terms of the free license, it is only available to individuals and small businesses with less than 10 computers for free. This will put a great deal of financial drain on the other vendors knocking many of them out of the market giving MS an unfair advantage in the corporate market.MS will have a vast net comprised of free users out there to catch the malware and add it to their definitions database leaving all corporate only anti-malware vendors behind in detection rates. True there are some companies that offer free anti-virus products for non-commercial use presumably to the same effect but MS created the problem first by not shoring up its OS. Now instead of doing that, it wants to capitalize on a market it helped create in the first place while driving out its competitors. <br><br>For those who think that the other commercial vendors should just start giving away their products for free to remain competitive... use your brains. They can't possibly remain competitive doing that any more than Netscape could have offered its product for free and stayed on top. Netscape actually did have beta copies available for free which served much the purpose that free AV serves for the AV companies. It didn't help, especially when MS was not only drawing income for their free browser by adding it to Windows (a paid for product) then raising the price of Windows based upon the value added offerings. (Not to mention all of the other actions MS took like crippling Netscape and strong arming PC vendors into declining any Netscape partner deals.) Netscape was the industry leader by being the best in the industry and still MS won out. MS was found guilty of many anti-competitive practices against Netscape and did settle with Netscape but the damage was done. Netscape was already dead along with the browser market. <br><br>The anti-virus market is a very lucrative one and MS wants to capitalize on that after it sold an OS that created it. MS should not be allowed to profit from the market by using anti-competitive means to gain advantage on its competition.
        techadmin.cc@...