Who gains from Microsoft's free Morro antivirus?

Microsoft is to replace its paid-for antivirus product with a free one, citing an altruistic desire to spread protection around the world. But many are less convinced about the company's true motives, says internet-security expert Mary Landesman.

Last week, Microsoft announced it was doing away with its subscription-based consumer security suite, Windows Live OneCare.

In its place, Microsoft plans a free, standalone antivirus product, code-named 'Morro', which, the company says, will meet the needs of emerging markets. Countries cited by Microsoft as being in this category include Brazil, China and India.

Microsoft's motives
Some have suggested poor market share is the driving force behind the decision. Others point to competitive motives, as Microsoft aims to put pressure on rival antivirus vendors Symantec and McAfee.

According to Microsoft, the move is much more altruistic. It is intended to "remove the barriers" that keep a large percentage of consumers from installing and using anti-malware protection.

However, if protecting emerging markets really is the goal, the decision certainly doesn't appear to be tied to infection rates.

Less than two weeks before the OneCare announcement, Microsoft released its Security Intelligence Report, which identified China and India as among the 25 countries with the lowest infection rates. Brazil, conversely, had one of the highest.

This inconsistency gives some credence to the poor-market-share argument. But, if poor market share is the reason, why bother with a free version? After all, at $49 (£33) for up to three PCs, OneCare was already one of the cheapest security suites on the market and free, standalone antivirus solutions are already available from other vendors.

Since the Microsoft announcement specifically mentioned Brazil, China and India, it's worth considering what these three countries have in common.

Counterfeit software
Each of the three has been identified as among the top countries for the trade in counterfeit software. And Microsoft chief executive Steve Ballmer has repeatedly blamed counterfeit software for poor Vista sales, with Brazil, China and India having been mentioned on several occasions.

Attempts to curb the counterfeit-software trade via Windows Genuine Advantage appear to have backfired in each of the three countries, eventually resulting in lowered prices for Vista. Yet, despite concerns over counterfeit software, Brazil, China and India were identified in Microsoft's 2007 annual letter to shareholders as countries with "impressive growth... which all delivered revenue growth that topped 40 percent".

It seems unlikely that Morro would be used as a tool against counterfeit software. Adoption rates would probably be a challenge when two out of the three countries mentioned have very low infection rates, according to Microsoft's data.

And building anti-counterfeiting functions into Morro would cause even more negative fallout than Windows Genuine Advantage.

In any event, the entire emerging-market focus seems questionable.

Infection rates
The recent Microsoft Security Intelligence Report points out an inverse correlation between infection rates and internet use. According to Microsoft data, the higher the internet adoption rates, the lower the rate of infections; the lower the internet adoption rates, the higher the rate of infections.

One could safely assume that, in countries with high internet use, the level of computer knowledge and system-safety practices have increased, along with the adoption of antivirus software. If so, the emerging markets to which Microsoft refers should fall into the category of low internet use, high infection rates.

Yet the three countries specified in the OneCare announcement don't support this argument. Brazil, China and India all have below-average internet use, and both China and India have rates of infection well below the norm.

Perhaps the real reason OneCare is being unexpectedly retired is that it simply costs too much to support, both from a monetary and public-relations standpoint, and thus there's been no real return on the investment.

After all, most users view their antivirus software with some antipathy, and this could border on animosity where Microsoft is concerned.

Microsoft cutting losses?
Regardless of how invalid their argument may be, many might see Microsoft offering a paid antivirus solution as a form of extortion. In this time of belt-tightening, perhaps Microsoft simply decided to cut its losses on a product that hasn't provided high returns, monetarily or otherwise.

Viewed from this angle, a free antivirus offering actually makes sense.

The Microsoft Malicious Software Removal Tool (MSRT), which has been offered free since inception, is limited to a much smaller set of malware than the full Microsoft antivirus engine — or any other antivirus engine, for that matter.

And the MSRT lacks a real-time component, reducing its effectiveness for removal of infections and rendering it incapable of prevention.

Despite these limitations, by virtue of being pushed through Windows updates, the MSRT enjoys relatively widespread adoption and the reports it generates form the basis of much of the Microsoft Security Intelligence Report.

Providing a fully functioning antivirus scanner free of charge would eliminate the support, PR and adoption woes of Windows OneCare, while increasing Microsoft's insight into users' desktops.

The question then becomes: will it benefit users?

Mary Landesman is the senior security researcher for ScanSafe.