Windows 8 Antivirus
In a move that is likely to anger the antivirus industry, Microsoft is adding security features from its Security Essentials program to Windows 8. This is good news for consumers, but bad news for the antivirus industry. Microsoft should have been doing this since the release of Windows 95. While many of us do simultaneous facepalms and giggle at a decade-late decision, others question the legality of doing so. A multi-billion dollar industry has grown, based on the absolute porous operating system that is Microsoft Windows.
That’s right. Microsoft this week began offering U.S. customers its free antivirus program via Windows’ built-in update service, a move one major security firm said may be anti-competitive. Microsoft is adding features from its Security Essentials program, which is currently available as a separate download for Windows users, to the Windows Defender package already built into Windows. This means that Windows 8 users will get out-of-the-box protection against malware, along with firewall and parental controls from within Windows without requiring users hunt down a separate download or buy new software.
Microsoft started adding Security Essentials to the optional download list seen by U.S. users running Windows XP, Vista or Windows 7 when they fired up the operating system’s update service.
“Commercializing Windows Update to distribute other software applications raises significant questions about unfair competition,” said Carol Carpenter, the general manager of the consumer and small business group at Trend Micro, on Thursday.
“Windows Update is a de facto extension of Windows, so to begin delivering software tied to updates has us concerned,” she added. “Windows Update is not a choice for users, and we believe it should not be used this way.”
Microsoft defended the practice, saying it was giving customers a convenient way to acquire antivirus software.
“We are always looking for the most effective and efficient ways to ensure our customers are protected against viruses, spyware and other malicious threats,” said Jeff Smith, director of marketing for Security Essentials, in an e-mail reply to questions. “By offering Security Essentials as an optional download for PCs that are unprotected, we make it easy for those who want and know they need protection, but for whatever reason have not gotten around to installing it.”
Other security vendors, including Symantec and McAfee, declined to say whether they, like Trend Micro, viewed Microsoft’s move as anticompetitive or unfair. Instead, they downplayed Security Essentials’ effectiveness.
“It’s clear that today’s threat landscape requires more comprehensive protection than what Microsoft Security Essentials offers,” said Symantec in a statement. “From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime.”
McAfee took the same tack.
“Options that provide an elementary level of security, including Microsoft Security Essentials, mostly rely on traditional protection mechanisms,” McAfee said. “McAfee products offer not only more features but most importantly, McAfee products offer real-time protection using cloud-based intelligence to combat even the most sophisticated threats.”
All three vendors scoffed at the idea that they’re scared of free antivirus rivals, and by implication, Security Essentials. “We’ve competed against free for a long time,” said Carpenter. “We’ve not seen [free products have] much impact on our market share.”
This isn’t the first time that security companies and Microsoft have butted heads. Basically Microsoft is saying they are worried about the security of its users and they need to make sure they are protected. Perhaps Microsoft is trying to position itself as a provider of secure Operating Systems given the market perception of Linux, Apple and potentially Google as having more secure alternatives to Windows OS, but that’s a different story.
We agree with Microsoft; it’s better to have some protection than not having any at all. However the way the guys in Redmond are executing the idea is risky from a security perspective and could very well make the malware situation much worse for Internet users. That’s why we encourage Microsoft to continue using Windows/Microsoft Update but instead to push all free antivirus products available on the market, not just MSE.
These are the reasons why pushing only MSE from Windows/Microsoft Update is a very bad idea:
MSE is not a good solution to the malware problem. While the argument of protecting users who do not have AV is commendable, the reality is that MSE only installs on computers with a valid Windows OS license (paid to Microsoft).
The problem is that an estimated 40% of worldwide computers connected to the Internet are running pirated software and spreading viruses, especially in China, Latin America, Asia, Southern Europe, etc. So while Microsoft wants us to think it is doing this out of the goodness of their hearts, the reality is that the measure will have little impact as millions and millions of unlicensed Windows PCs will continue spreading viruses and infecting the rest of us.
Even Microsoft itself acknowledges that malware infections are more prevalent in illegal copies of Windows: “There is a direct correlation between piracy and the malware infection rate” said Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center. If that’s correct and the objective is truly to protect users from malware, then why doesn’t Microsoft allow MSE to install in pirated copies of Windows OS?
Monocultures are a hacker’s paradise. If pushing MSE via Windows/Microsoft Update is very successful it will end up creating a monoculture of hundreds of millions of users having the same antivirus product. Right now hackers have to worry about bypassing multiple antivirus products and protection layers every time they release a new piece of malware. Having to bypass only one AV product makes their life so much easier. This alone will allow hackers to push more new malware that bypasses MSE exclusively and infect many more users with every new variant. Alternatively, reverse engineering of MSE and related Windows components will boom, potentially discovering zero-day vulnerabilities which could cause infections in tens of millions of PCs with a single attack. Monoculture in Operating Systems is in and by itself bad. Monoculture in security is A VERY BAD THING.
- Insufficient Detection
Even though MSE is a good basic product, from a detection perspective it has not proven itself to provide sufficient protection according to the latest independent comparative studies: AV-Comparatives.org’s latest On-Demand Test ranks MSE 15 out of 20 in signature detection while vendors with alternative free antivirus products were ranked well above that. In AV-Test.org’s latest Real-World Test MSE could not achieve the minimum score to obtain certification, while vendors with alternative free antivirus products did. MSE was ranked as one of the worst three products.
- Not Enough Prevention
There are other free antivirus alternatives on the market which offer much more than just reactive signature detection. These more advanced (and still completely free) products have multiple security layers which provide users with proactive protection, such as web filtering, behavior blocking, instant messaging filters, etc. MSE provides very basic antivirus protection, certainly not enough to protect users against today’s malware threat landscape.
- Secure the Operating System itself
Even though Microsoft has made significant improvements in securing the OS in recent years, there is still a long way to go as witnessed by the constant zero-day vulnerabilities that are published every month, such as the incredibly dangerous LNK vulnerability that Stuxnet exploited. Microsoft’s security resources should work on making the OS more secure, not just putting a band-aid on it. Who knows, maybe someday if Microsoft manages to really make their OS secure, antivirus products won’t be needed anymore. But until that day comes, Microsoft should make a serious development effort to secure the OS from the ground up and not limit the security tools currently available to its users.
In summary, while it’s commendable that Microsoft is trying to protect users, offering only “their” basic MSE antivirus provides neither sufficient protection against today’s threats nor does it solve the malware problem of millions upon millions of pirated PCs who will continue spreading viruses. In fact, it can easily achieve the contrary by making it easier for hackers to infect users. Microsoft should offer the complete portfolio of more advanced and secure alternatives of free antivirus products and time-limited versions of paid security suites, allowing users to choose any of them from the Optional Windows/Microsoft Update.
But wait, there’s more! Another new security feature being baked into Windows 8 is protection from bootable USB drives that are infected with malware. They finally disabled this six-year flaw with Windows 7, and earlier this year they disabled the AutoRun feature on all earlier releases. It took Microsoft six-years to fix this! This was one way, to bypass all security in a commercial site, drop a few USB drives setup with autorun and just add in your own hidden malware. Someone will pick one up and plug it into their computer.
While consumers are going to be happy about this new addition to Windows, the antivirus industry isn’t going to be happy. Several companies threatened to sue when Microsoft first offered Security Essentials to users via Windows Update. This move is likely to kick off more talk of lawsuits.
What happens if you install another antivirus program? It will work like Microsoft Security Essentials in that it will automatically shut down if it detects another security program installed. I can see this now being exploited in the future, with fake signed antivirus software.
Windows exploits never cease… this why I can 99.9999% guarantee to a customer, that if they learn to use one of the Linux distributions that I mention, namely Linux Mint. That all this mess goes away and puts you back in control of your digital appliance and allows you to do more work.
