Will Microsoft Corner the Desktop Security Market?

Microsoft plans to offer a free antivirus product, code-named "Morro," in the second half of this year, when the company removes Windows Live OneCare from the retail market. But cautious consumers may want to keep their current antivirus programs, given Microsoft's dubious track record with antivirus apps.

Back in 1993, in versions 6.0 through 6.22 of the MS-DOS operating system, Microsoft provided a free, no-frills version of Central Point Anti-Virus (CPAV). The rebranded Microsoft Anti-Virus product had no update capacity and recognized about 1000 known viruses (a lot at the time).

Ten years later, when Microsoft started buying antispyware and antivirus companies, the commercial antivirus community looked on anxiously. Would Microsoft bundle its new security apps within the Windows OS? Even before the first beta of Windows OneCare appeared in 2005, McAfee and Symantec were talking publicly about their plans to go head-to-head with the software giant on desktop security.

Released as a stand-alone security product in May 2006, Windows Live OneCare included a revamped GeCAD antivirus engine (which Miceosoft had acquired along with Romania-based antivirus firm GeCAD in 2003), Microsoft Windows Defender antispyware protection, and the Windows Firewall, plus system diagnostic tools, backup capabilities, and a way to monitor home networking. OneCare felt less like a suite and more like a clever repackaging of free tools that were already available; consumers were essentially paying $50 for antivirus signature file updates.

OneCare did force changes within the antivirus community. McAfee responded in late 2006 with its McAfee Total Protection system, a suite offering home network monitoring and an enhanced version of the McAfee Internet Suite. The following year, Symantec introduced Norton 360, a more unified product that added online backup to Norton Internet Security.

Yet in the first independent antivirus testing of OneCare, organizations faulted Microsoft for missing known malware. Andreas Clementi of AV-Comparatives.org wrote in his February 2007 report that OneCare didn't meet the minimum requirements for participation. "Due [to] that, its inclusion in future tests of this year [will] have to be re-evaluated."

Performance has improved. Microsoft hired Vincent Gullotto from McAfee to head Microsoft's Security Research and Response team, and it later added experts from other name antivirus companies to its roster. In the latest On Demand scanning test from AV-Comparatives.org, Microsoft OneCare 2.5 scored as well as McAfee VirusScan Plus 2008 did.

All is not perfect, however. In May 2008, OneCare mistook Skype, a common voice-over-IP application, for a piece of adware, an embarrassing false positive. Nor has Microsoft dominated security software as the antivirus community once feared. Current estimates put Microsoft's share of the retail desktop security product market at only 2 percent.

In its press release announcement for Morro, Microsoft states: "This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware."

Microsoft says that Morro won't have all of OneCare's features--the diagnostic tools, for example, and probably backup. Morro will protect desktops against viruses, spyware, rootkits, and trojan horses, but whether Microsoft will offer it to all users via Windows Update or make it standard in future OSs such as Windows 7 is unknown.

Microsoft currently provides a Malicious Software Removal tool with its monthly updates, though most people are unaware of it. The tool, which targets specific malware, has had an impact. In 2008, experts cited Microsoft's aggressive removal of the bots associated with the Storm worm as a major factor in the botnet's declining infection rate. It is unclear whether Morro will complement or replace the Malicious Software Removal tool.

Even if Morro proves to be a first-rate antivirus program, commercial vendors may not suffer. Windows Defender, Microsoft's antispyware program (and originally a repackaged version of Giant AntiSpyware, which Microsoft bought in November 2004), has been available for download since 2005 and ships with most versions of Windows sold today; Windows Defender is one of the few major antispyware apps still available, but not because Microsoft cornered the market. Instead, antivirus companies bought up the other solo players.

The built-in Windows Firewall (formerly Internet Connection Firewall) is another free security tool from Microsoft. Though it's better than nothing, it blocks only incoming Internet traffic. Windows Vista's firewall can block outbound Internet traffic, too, but this feature is switched off by default. Many people find the free, two-way personal firewalls from ZoneAlarm and Comodo to be easier to use and more effective.

Since neither Windows Defender nor Windows Firewall has displaced commercial antispyware and firewall solutions, is a free antivirus product from Microsoft likely to fare any differently? For the past eight years antivirus vendors have coexisted with the free version of AVG. Perhaps Microsoft's product will simply prompt Symantec, McAfee, and others to offer free versions of their own antivirus products. And that might not be a bad thing.

Subscribe to the Security Watch Newsletter

Comments