Microsoft "Morro": explicitly explained, fact from fiction

Microsoft "Morro": explicitly explained, fact from fiction

Summary: "Morro", Microsoft's new anti-malware solution has baffled many. Why? What? How? When? Most of your questions answered in explicit, uncut and occasionally graphic detail. Article


Update: this post is considered out of date and incorrect. Please follow this link to an explanatory post.

Microsoft's decision to pull the plug on Windows Live OneCare was, let's face it, one of the best ideas the company has made in a long while. The anti-virus and firewall solution was just plain awful; with high expectations from users and the media, and the inability to deliver the goods, or in this case, prevent the bad's from getting in. It was a bad first attempt at making an operating system secure.

There is a lot floating around at the moment, and as a younger, more naive user as a number of my most eminent readers quite regularly point out, there are some interesting things yet to discover about Morro.

I may as well point out now, with my research and understanding, Morro will be more of a web anti-virus than a file anti-virus. Most threats come in from the Internet nowadays, with broadband connections keeping the web juices flowing constantly. The bandwidth issue mentioned later on will make this more apparent.


"Morro", the codename for the new anti-malware solution which Microsoft will be plugging to the world by the end of the year, and is Microsoft's second attempt at an anti-malware solution for Windows. However, unlike Windows Live OneCare which can be bought as a subscription, or Windows Defender which is included as a basic anti-spyware solution in Windows Vista onwards, Morro is almost entirely cloud based.

Instead of scanning every file or network packet as they arrive into the computer from the web or an external device, it creates a virtual tunnelbetween your incoming Internet pipe at the back of your computer to a Morro data center, which scans every byte and packet for malware.

Now, if you had a 5MB image which was laced with an amyl-nitrate virus of doom, would this mean that the image would be uploaded, scanned in the cloud (almost instantly due to the vast computational power) then flagged as OK afterwards? This would surely use up a lot of bandwidth, but we simply don't know yet.

With some anti-virus products on the market costing around $40 for an annual subscription, Morro will be provided for free. It will almost certainly not be part of Windows 7, as this will kick off a storm in Brussels and potentially spark a million lawsuits.


We do know, on the other hand, that it will be a software+services solution which uses the cloud computing power to check for malware instead of using your computer's processor to do the work. But instead of using local computing power, it'll surely just substitute this for bandwidth? Try and imagine this though:

On an ordinary setup, the website you visit has malware embedded into it. It flows across the Internet, into your pipes in your house and gets picked up by your anti-virus software on your computer, before it gets chance to access anything on your hard drive. This process can be slow, by scanning packets flowing in and out (mostly in), detecting bits of malicious code in programs and services.

Morro works by utilising mass data center power, with networked and meshed computational power which surpasses that of God him/herself. By acting as a barrier in the cloud between your computer and the rest of the web, it scans your traffic before it reaches your computer... I think. Blame anyone but me for misinterpreting the information, because there's a lot of speculation at this stage.

Considering I did these diagrams whilst I was hammered last night, it's not a bad representation if I'm honest.


It'll be around for the release-to-manufacturing of Windows 7, so by the time you get your copy of Windows 7 installed, it should be out there ready to download and use.

In the meantime, it will most likely be released for beta testing this summer or towards the autumn. It seems Microsoft is doing a relatively good job of aligning other releases which compliment Windows 7 as much as possible; Office 2010, the next-generation office suite as well as Morro seem to be thrown out into the big bad world all at the same time.


Morro will be slimmed down to provide simple anti-malware features, including anti-virus, spyware scanner, whilst detecting and removing rootkits and trojans. It may well include a firewall, or if all Internet traffic is channelled through the cloud data center first, it will be included behind the scenes. I don't really have the necessary technical skill to know whether this will work effectively or not though.

Some claim that Morro won't be enough to satisfy the need for threat-management on computers today. In one report, Janice Chaffin of Symantec, said:

"Microsoft's free product is basically a stripped down version of the OneCare product Microsoft pulled from the shelves. A full Internet security suite is what consumers require today to stay fully protected."

My previous post explained Microsoft's cloud computing strategy - what it is, how it works, and more importantly why it is there. Part of the cloud computing component, Morro will be the first anti-virus in the cloud, in theory, but Panda got in there first by releasing theirs before Morro was even formerly announced.

How it will remain free is beyond me. The only viable way Microsoft makes money out of these things is by providing advertisements to their programs and applications. This is not only why Windows Live and other Microsoft products are free, but you'll find it's why the Internet as a whole is pretty much free.

As always, feel free to leave your comments and questions below and I'll give it my best shot in answering them.

Topics: Microsoft, Browser, Hardware, Operating Systems, Security, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • sounds.....

    Sounds terrible.

    It's a great idea, however I can see this breaking all sorts of crap (Remote access programs, SSL VPN connectivity etc.).

    Sounds like the solution could easily be worse than the cure. But we'll see won't we?

    - Sam
    • So we send all of our data through Microsoft...

      Just what we need. Not only will the NSA be filtering all data traffic through their computers, but now Microsoft will be doing the same thing? No thank you. I'll keep my local data, programs, and scanning software. "Everything in the cloud" is a retarded idea looking for a non-existent problem to solve.
      • actually....

        as it isn't much more than a proxy, it's a great idea so far as malware protection is concerned.

        But you are absolutely right, I am uncomfortable using a marketing company to perform this service for any price be it google microsoft yahoo or whomever.

        This is the type of service you pay for, or better yet do yourself.
        • Indeed - a privacy issue

          We had an interesting Morro-blog the other day where some people (rtk comes to mind) vehemently reject the notion that MS would be even capable of anything less than honorable, based on Microsoft's stellar clean legal record. Uh oops - change that into: repeatedly blemished legal track record.

          I would not trust Microsoft with my data, thank you.
          • honestly, who cares?

            Microsoft, Google, Yahoo whatever I wouldn't trust any of these outfits with my traffic in this manner. It's not that they are sneaky, I am sure they will disclose the privacy ramifications as part of the EULA. But from my point of view the costs outweighs the benifits.

            And on a different note, Microsoft's privacy record is as good or better than just about any company out there.

            - Sam
          • You may not care...

            but those who, unlike you, have valuable private data should be very concerned with his threat.
            InAction Man
          • Jumping to conclusions

            I think the author of this article has their information wrong to be honest. From what I have read and been told about the product (from Microsoft) it is going to be essentially no different than what other Antivirus Programs do. I was told the main reason it is going to be downloadable and free is because if they included it with the OS their would be more Anti-Trust action. While protecting your personal data is extremely important I do not think the paranoia and assumption that is going on here is warranted. There are a lot of Virus/Malware writers out there and Microsoft is looking to try and secure their OS from this. Sure they will use their marketing power to promote it but that is not necessarily a bad thing. You know how many people go without an AV or let theirs expire and do not even realize that there are good FREE alternatives out ther. Too many. I see 100's of personal computers a year like that and that is just doing side work. When I was a bench tech I think about 70% of the computers that came in had expired protection or no protection at all. Can't anyone just take this as a good thing and Microsoft giving out free software to help protect you and their products?
          • Yes and no

            1. Yes it is good that MS will provide free antivirus.
            2. No it is not good that MS will get people's private information "on the side"

            And where do you think MS gets its money from to develop and maintain Morro? Did you *really* think it was free? Come on man. The deal is this: you provide personal information in the form of internet usage. In the EULA that you signed up for when you started, you sign away all rights to whatever (and knowing MS, probably your car and 1st child as well, if not your wife), and MS will commercialize the information by selling it to marketing agencies.

            Did you REALLY think that Microsoft's business model is of producing and maintaining products for free?

            Hell no!
          • Nice straw man, but no

            Myself, and others, vehemently rejected the notion that MS could do it, since it's an unworkable suggestion, nothing at all to do with honor or legal records.
  • RE: Microsoft Morro ...

    If it's really "in the cloud" why is there any software to install on your system?
    M Wagner
    • Because...

      something on your system has to know to route everything it receives across the wire to "the cloud" and to receive it along with a possible status like "clean", "infested", etc. This is going to have to be pretty damn good protection because it is going slow things down a bit.
    • Mark, good question

      As I mentioned, it's a Software+Services jobbie so it involves 95% cloud and 5% client side. Considering all the computational stuff is done by Microsoft, it's not too bad. My guess is that there needs to be some connection between you, the user, and a dedicated part of the Morro datacenter so that it can identify who you are in terms of the threats. Otherwise, it won't know how to connect back to you and report on the threats it faces. See what I mean, or is that a bit more confusing?
      • Your entire blog post is a guess.

        This isn't a software+services jobbie, as symantec told you in your quote, it's onecare cut down.

        Where, beside the PC world opinion blog, did all this nonsense come from?
        • Yes it is- OneCare Cut Down

          Just Antivirus/Malware scanning. It is an installable client and will probably look and feel a bit like one care. It will not have the extra features One Care gave like Performance Tune ups and Automated Backup. Maybe a few other features missing too.

          This entire Blog should be removed because it is entirely an assumption based off someone else's assumption.
          • And with the word "fact" in the title no less!

      • Now that more info has come out

        including Thurrot's blog:

        "A lot of what you may have read about MSE online, however, is untrue. It is most definitely not a "cloud computing" AV solution, whatever the heck that was supposed to mean"

        Not only that, to further kill this fantasy that Zach, nouse and pc world concocted, it'll be available for public beta on the 23rd.

        Only a few more days boys, time to get on your FUD-cycle and pedal like mad!
  • I could be wrong but

    I think that "Morro" will be a downloadable and installable application. They way I was explained to it by my Microsoft rep that is the case. They wanted to include it with the OS but like everything else if they did they would get slapped with another Anti-Trust case or some BS. Which is why you see many of their included Applications moving to the "cloud" so to speak.
    • It will likely become another part of Windows Live Services

      Like Windows Movie Maker, Photo Editor, Writer,
      and the likes of which.
  • RE: Microsoft Morro

    To say (as has been said recently) that Microsoft will route (all internet) information through the cloud to check for viruses is categorically incorrect and it would be a much better service to your readers, Zack, if you check your facts before you post.

    Real-time protection means that a user is alerted - IN REAL TIME - to the presence of a virus and acts on that information. This is not some big brother scenario like you state. Real time protection is beneficial because it requires far fewer scans and makes the product less intrusive to the user.

    Symantec and McAfee are spreading lies because they are afraid they will be going out of business. Well, good riddance, fellas. Free does not mean poor quality amd that scares the hell out of them.

    • And they can go out of business for all I care

      I stopped using them after making the jump to Vista... Haven't looked back since :)
      The one and only, Cylon Centurion