Microsoft is to replace its paid-for antivirus product with a free one, citing an altruistic desire to spread protection around the world. But many are less convinced about the company's true motives, says internet-security expert Mary Landesman.
Last week, Microsoft announced it was doing away with its subscription-based consumer security suite, Windows Live OneCare.
In its place, Microsoft plans a free, standalone antivirus product, code-named 'Morro', which, the company says, will meet the needs of emerging markets. Countries cited by Microsoft as being in this category include Brazil, China and India.
Microsoft's motives
Some have suggested poor market share is the driving force behind the decision. Others point to competitive motives, as Microsoft aims to put pressure on rival antivirus vendors Symantec and McAfee.
According to Microsoft, the move is much more altruistic. It is intended to "remove the barriers" that keep a large percentage of consumers from installing and using anti-malware protection.
However, if protecting emerging markets really is the goal, the decision certainly doesn't appear to be tied to infection rates.
Less than two weeks before the OneCare announcement, Microsoft released its Security Intelligence Report, which identified China and India as among the 25 countries with the lowest infection rates. Brazil, conversely, had one of the highest.
This inconsistency gives some credence to the poor-market-share argument. But, if poor market share is the reason, why bother with a free version? After all, at $49 (£33) for up to three PCs, OneCare was already one of the cheapest security suites on the market and free, standalone antivirus solutions are already available from other vendors.
Since the Microsoft announcement specifically mentioned Brazil, China and India, it's worth considering what these three countries have in common.
Counterfeit software
Each of the three has been identified as among the top countries for the trade in counterfeit software. And Microsoft chief executive Steve Ballmer has repeatedly blamed counterfeit software for poor Vista sales, with Brazil, China and India having been mentioned on several occasions.
Attempts to curb the counterfeit-software trade via Windows Genuine Advantage appear to have backfired in each of the three countries, eventually resulting in lowered prices for Vista. Yet, despite concerns over counterfeit software, Brazil, China and India were identified in Microsoft's 2007 annual letter to shareholders as countries with "impressive growth... which all delivered revenue growth that topped 40 percent".
It seems unlikely that Morro would be used as a tool against counterfeit software. Adoption rates would probably be a challenge when two out of the three countries mentioned have very low infection rates, according to Microsoft's data.
And building anti-counterfeiting functions into Morro would cause even more negative fallout than Windows Genuine Advantage.
In any event, the entire emerging-market focus seems questionable.
Infection rates
The recent Microsoft Security Intelligence Report points out an inverse correlation between infection rates and internet use. According to Microsoft data, the higher the internet adoption rates, the lower the rate of infections; the lower the internet adoption rates, the higher the rate of infections.
One could safely assume that, in countries with high internet use, the level of computer knowledge and system-safety practices have increased, along with the adoption of antivirus software. If so, the emerging markets to which Microsoft refers should fall into the category of low internet use, high infection rates.
Yet the three countries specified in the OneCare announcement don't support this argument. Brazil, China and India all have below-average internet use, and both China and India have rates of infection well below the norm.
Perhaps the real reason OneCare is being unexpectedly retired is that it simply costs too much to support, both from a monetary and public-relations standpoint, and thus there's been no real return on the investment.
After all, most users view their antivirus software with some antipathy, and this could border on animosity where Microsoft is concerned.
Microsoft cutting losses?
Regardless of how invalid their argument may be, many might see Microsoft offering a paid antivirus solution as a form of extortion. In this time of belt-tightening, perhaps Microsoft simply decided to cut its losses on a product that hasn't provided high returns, monetarily or otherwise.
Viewed from this angle, a free antivirus offering actually makes sense.
The Microsoft Malicious Software Removal Tool (MSRT), which has been offered free since inception, is limited to a much smaller set of malware than the full Microsoft antivirus engine — or any other antivirus engine, for that matter.
And the MSRT lacks a real-time component, reducing its effectiveness for removal of infections and rendering it incapable of prevention.
Despite these limitations, by virtue of being pushed through Windows updates, the MSRT enjoys relatively widespread adoption and the reports it generates form the basis of much of the Microsoft Security Intelligence Report.
Providing a fully functioning antivirus scanner free of charge would eliminate the support, PR and adoption woes of Windows OneCare, while increasing Microsoft's insight into users' desktops.
The question then becomes: will it benefit users?
Mary Landesman is the senior security researcher for ScanSafe.
Talkback
I think If microsoft wanted to dissable pirated windows with their genuine advantage tool they could easily. What they do in the real world is to turn the odd desktop background black here and there. Some believe that there is a an unspoken hands off policy towards pirated windows machines in the third world.
I believe that for many years companies such as symantic and mcafee have made vast profits from the vunerabilities that exist in windows operating systems. Vunerabilities that really are microsofts responsibility to fix, and this I feel is the real intention of the "morrow" project.
No money should be taken for this kind of software from the vendor that created the OS and really it's just windows being fixed at last, Of course it will break again but I think that MS are best placed to come up with the right patches and I do look forward to trying out this new plug when it is deployed mid next year.
Sometimes it isn't about the money with microsoft, it's about product placement as well. The Xbox 360 being a fine example. Microsoft will never turn a profit on this machine, and they always Knew this. But there are two reasons for continuing anyway.
1: For the love of it. Yes really.
2: Product placement in the real world. By this I mean the stratergy is to get the 360 into everyones home/livingroom and hope it becomes used as a central media hub.
3: Morrow I think will restore faith in microsoft and its windows OS.
4: Just look out for apple the new dark overlords.
Gee its only taken them what 20 years? Of course if ActiveX and bad code hadn't made it so easy to attack the OS, maybe they wouldn't have to be offering this "service patch" for free now or for that matter would it be needed now.
Maybe somebody in their accounting department finally did a cost analysis of what it was costing them in profits when the OS software was so "hole-y"?
As for who gains, I would say the types of home user who just don't bother with security issues in general and aren't aware of the free offerings out there. I'm sure MS will imform people with open systems via windows update and the genuine advantage nag tool.
Maybe, Microsoft has a secure Windows operating system (Vista SP1) which does not need anti-virus.
I have been refusing to pay the anti-virus mafia ever since they have put the prices up back in 2002 ( in 2001 NAV annual subscription was £2.99 and NAV was coming free with new PC).
Few simple precautions is all anyone needs
1. Never use internet browser in administrator account.
2. Never use e-mail client in administrator account.
3. Never install anything that is just offered to be installed (in browser or otherwise). Install the software you need from the sites you know and CD you buy.
4. Regularly (daily) back up you files.
5. Test you backup/restore procedures. Make sure they work in the time frame expected.
6. Know where you installation CDs are (in case you have to re-install).
7. Keep Windows (and other software) up-to-date (as long as updates are free of charge).
8. Avoid opening e-mail attachments if not in PDF/JPG format.
Mitcho
This post has been removed by a moderator.