Microsoft have released their free anti-virus and anti-malware software (codenamed ‘Morro’) to the public, under the name of ‘Microsoft Security Essentials’.
Microsoft’s intent to release free anti-virus software has been known for as long ago as 2004 when Microsoft bought out GeCad and Pelican Software.
Microsoft also purchased Giant Antispyware (which was generally considered to be a good product at the time) and later became Windows Defender, as well as being built into Windows Vista by default.
Microsoft previously had Windows Live OneCare, a paid subscription security suite including extras like parental controls and photo backup, but discontinued the product possibly due to user and industry-wide criticism of the product, and that Morro was already on the horizon.
Microsoft’s Security Essentials however takes a different approach to Microsoft security products of the past, and bucks the trend of competing anti-virus products: it’s lightweight.
MSE has been praised for it’s low resource usage and small installer (just 7MB for the whole thing, and no–that’s not a stub downloader; it really is just 7MB). Microsoft are targeting a worldwide market with MSE, for those who cannot afford the likes of Norton or McAfee and also those on dial-up connections. MSE is available in 20 markets, in 10 languages.
Reactions from competitors varied. Some thought it to be no threat to them, some thought that it raised certain anti-trust issues (though Microsoft will not be bundling it with Windows), and AVG welcomed the move as indicative of the need for free anti-virus solutions. In some places, a Norton subscription is the equivalent of a month’s wages–between virus scans, people do need to eat.
Personally? Well, much could be said about ‘providing the poison and the cure’, but I have to commend Microsoft. This is a genuinely good product that is light on resources. I am sick to death of bloated, spammy and frankly useless anti virus products. Even my favourite free product AVG is becoming large and unwieldy. The installer is 65MB, and the beta editions of the upcoming version AVG 9 weigh in around 90MB.
It really is time people got control of their machines back from these AV vendors, and MSE is the first product of its kind that I’ve seen that makes a real concentrated effort to do that. As a person fixing machines all day, thank you Microsoft, thank you.
I loaded the beta on my laptop a little while ago, and it was not bad.
you guys are killing me. Yes, all of you who voted this up to 4
Tell me, are you running an anti-virus lab? Yes? No? How do you know it is “good”? It is good if the detection rate is good, and in NO OTHER circumstance. But of course you have no clue about that simply by installing it. omg…
It is good when competent sources test it and find it to be good, certainly not because you guys think so.
yeah, and avg and other ‘free’ AV are consider good? i never said it was “good” I said it was “not bad”.
as for how i came to that, i did not do massive testing. i said i loaded on my laptop. and played with it. The AV engine is no worse then sophos or avg.
when, i scaned it aganist some old archives it found stuff neither avg or sophos was able to find.
and, when surfing “bad” sites it blocked stuff That sophos or avg never did. so, yea, my impression so far it not bad probley at least as good as sophos or avg.
Lightweight HIPS systems are better… like Eeye Blink (Home or Small Business level) or Triumfant Resolution Manager (Enterpise level).
Signature based prducts can’t prevent zero-day attacks and they are becoming more abundant.
As far as I know, Live OneCare is still around (I am using it).
http://onecare.live.com/standard/en-us/3/default.htm
Also, this Ars Technica article (http://arstechnica.com/microsoft/news/2009/09/first-look-microsoft-…)claims that MS will be pushing Live OneCare upon installation instead of MSSE to avoid antitrust problems.
Should I discontinue subscribing to Live OneCare and switch to MSSE?
I^aEURTMm going to be ditching AVG and installing MSE on my customer^aEURTMs computers to see how well it holds up for regular use and abuse. I install probably ~1000 copies of AVG a year, if not more. If things go good or bad with MSE, I^aEURTMll write a follow-up article in a month detailing my findings. My own personal use of the product doesn^aEURTMt really put it to the test in real life scenarios.
There is no reference in the Ars article regarding MS pushing Live One Care after you install MSE. You are misreading.
The fact is that Live One Care will go away and MSE is the one to stay.
Could this be based on the AV they bought a few years back?
.. if the reviews are to be believed, and it really does force Automatic Updates on, then it’s just malware. A trojan to get enforced “updates” onto machines.
I kinda like it. It’s actually lightweight and works well on my 3 year old lap with WinXP running in VirtualBox on Ubuntu 9.10.
they need to fix the software so it doesn’t pull updates through the windows update site. At my company we have a corporate level group policy that restricts access to download updates directly from the windows update server (they push selected updates directly to us but they won’t add updates for stuff like this). I installed this to try it out on a test box that was joined to our domain, and it downloaded the initial update, but when I tried to get it to update again it kept failing with an error. I had the same behavior for windows defender so I knew immediately it was because it is trying to pull definition updates through the windows update site.
seems like decent software other than this. I’ll probably install it on my personal system at home, just so I can get rid of the nag screens for avira free edition antivirus.
Is the program even meant to be used in a commercial machine?
Not really. That’s what Forefront is for.
I didn’t see anything that stated that it couldn’t be used in a commercial environment. But I wanted to try it out for evaluation purposes on a test box that I routinely reimage it wasn’t a production machine.
Sounds reasonable enough, having said that, if it’s meant for home users, then MS update IS the site to get updates from.
With that said, if you can push the updates out via WSUS it would suffice in a corporate environment also assuming the software is up to par with other offerings. Time will answer that latter for us.
Nice move from Microsoft. If this is as successful as it sounds it could bring a whole new generation of antivirus software, where taking over your pc isn’t the norm.
I just have one question: If Microsoft is competent to release what most seem to think is a decent AV and security sweet, why not just redirect that competence into plugging up your os in the first place? They have all those security features in the NT kernel, but rarely are they ever used and instead Microsoft waste time with things like UAC while giving their own programs a backdoor through it. Now, they develop an av solution… why not just fix it in the first place? Keep on top of the os with windows update while keeping this as a way to clean viruses that already have taken root, but when the av finds something immediately put it on the list of things to investigate and plug up for good. They did it with conficker after all, so they are capable of it. Conficker spread because of millions of outdated computers, and if users can’t use windows update due to pirated copies of Windows or whatever reason, then this av software updating through windows update isn’t going to help them either.
So you are one of the believers that other OS are immune to viruses?
Keep dreaming fool! It is all about market share!
Why isn’t Photoshop release for anything but Windows? Do you think that Adobe would not make a Linux version if they could make money with it? Like I told you earlier, it is about marker share.
Linux has a lion’s share of the server market. Presumably there is more important data held on servers than on desktop machines.
BTW, the GIMP is coming out soon at version 2.8. It will have a choice of traditional GUI or a single-window MDI mode, and it now supports wider colourspaces through GEGL. There is far too much competition in the Linux market for Adobe to be able to sell their hugely expensive paint program.
LinuxRunsOnSupercomputers(tm)
JustAroundTheCorner(tm)
WaitForTheNextThing(tm)
Edited 2009-09-30 10:22 UTC
SmellTheFear-1.02.1-ubuntu7.deb
LOL.
Now be honest, Photoshop is more than a paint program. That would be like saying GIMP is just a paint program, and it is much more than that. And actually, in current iterations, GIMP really does match Photoshop for features that the majority of the people want or actually use. GO GIMP!
I know, I was merely stirring.
However, I do stick to my point that it is hardly worth the huge expense of Photoshop just to get the program with the better name.
True, but don’t forget about the other route infections make it onto a machine – thru security holes/bugs in 3rd-party software, such as java, flash, video players, all the browser add-ons and extensions, etc. etc.
We’d still need a good AV to stop those, unless a complete re-architect of the OS is done to sandbox every single application/plug-in that runs on it…
Or perhaps we could add “execute permission” flags in the filesystems that could only be set via a local authorised user supplying a correct password, and we could make the kernel honour the execute permission flags instead of just running any file at all without question.
Or perhaps in addition we could make it so that every person who might want to run the code gets to examine the source code if they want to, and they can all verify that the source code makes the as-distributed executable, so that it can be audited before it gets to run on any end users systems.
Oh, wait …
Edited 2009-09-30 23:22 UTC
Percentage of Linux users that currently have the time/inclination/know-how to examine the source code for every bit of software running on his/her computer: 0.0001%
Percentage of Linux users that have to have the time/inclination/know-how in order for every Linux user to benefit from this process: 0.0001%.
As long as there are some individuals, somewhere, who did not write the code, but who nevertheless can read the code and understand it, and who use the code themselves, and who therefore have a vested interest in it being clean … then the code will be audited.
Don’t believe me? Then consider this … the system has an impeccable record. Perfect.
There has never been even one documented case ever of a piece of malware getting through to an end users machine via the open source repository distribution system. This is so even despite the fact that the vast majority of the users do not ever read the source code, nor would they be able to understand it if they did read it.
Many, many millions of users, many thousands of packages, many years of use of the open source software distribution system. No malware, ever. Impeccable record.
Edited 2009-10-01 01:44 UTC
Bursting your bubble right here. Your record isn’t impeccable anymore.
And it’s pretty biased because you consider “official” distribution repositories which are, in fact, tested and audited.
You’ve proven yourself biased once again.
(And there are execute flags, and the OS does enforce them, stop spouting random crap).
Edited 2009-10-01 13:56 UTC
Sorry … try again. That was a virus detected in 2002. This software does not get on to users machines via open source repositories.
In order to get such a virus, one would have to search the internet, find a dubious binary-only executable being pushed by someone (in your instance it was apparently a “Linux Korean contributed versions of Mozilla Suite 1.7.6 and Thunderbird 1.0.2”), download it with your web browser, save it yourself somewhere in the local filesystem, exit the browser, navigate to where you had saved the file, and manually set the execute permission flag, then manually run the program.
That is the backwards Windows-think way of getting software installed. Laborious, long-winded, requires a web browser, requires long and patient searches all over the net, and it is a huge security risk.
This instance has nothing at all to do with the open source repositories and package management system:
http://en.wikipedia.org/wiki/Apt-get
http://en.wikipedia.org/wiki/Synaptic_Package_Manager
http://en.wikipedia.org/wiki/Software_repository
The open source repositories and the package management programs are the system with the impeccable record.
The message is clear: don’t istall binary stuff you simply downloaded from the net from some unkown. Use the package manager.
PS: Please note that a software repository does not HAVE to be open source. It is ONLY the open source repositories for which an impeccable record is claimed.
Your challenge is to find even one recorded instance, at any time, over the many years these have been used, for millions of users, for thousands of packages, for many different versions, where a piece of malware has EVER got on to an end users system via the use of these open source repositories and package management programs.
The one virus you did find from 2002 is just not it.
Try again, troll.
Edited 2009-10-01 23:38 UTC
I am just a little curious here. Why would some go to all this trouble to find an odd case (all the way back in 2005) of a binary file on the Mozilla ftp mirror network with a virus infection, when that was nothing like the claim that was made that this search was an attempt to refute?
To what end? What was someone hoping to prove with this? That it is possible to hide a virus in binary files, even if they are for Linux? Of course it is, but so what? If anything, this instance supports the original claim made. If you want to try to infect a Linux system, you don’t do it via the open source repositories and package management distribution mechanism.
The system that has the impeccable record is the open source distribution system using open source software repositories and package managers. An essential feature is that anyone has to be able to download the source code, compile it for themselves if they want to, and then be able to verify that it makes the executable. It has to be auditable.
The system whereby one can get malware infections on ones machine is where one downloads binary files from somewhere on the internet and then one installs and executes them. As one routinely does with Windows.
Why is this simple fact apparently so hard for Windows fans to accept?
Edited 2009-10-02 01:17 UTC
Lots of malware doesn’t rely on holes/flaws in the OS.
For example, I recently got hit by the “Delphi” virus. It’s a virus that affects the Delphi development environment, and infects any program compiled by that Delphi environment. I happened to use a Delphi-built program and my anti-malware program detected it. I had to get an update from the developer to get a virus-clean version of the program. This virus doesn’t rely on any OS holes at all. As it turns out, all the virus does is spread, and only spreads if it finds a Delphi environment on the system. If the virus code actually tried something nasty, then it might rely on an OS hole to do so (though, something like trashing the user’s home directory wouldn’t require any holes).
Here’s a description of the Delphi virus, discovered just last month:
http://news.cnet.com/8301-27080_3-10312628-245.html
http://delphi.about.com/od/humorandfun/f/w32-induc-a-delphi-virus.h…
Other malware rely on holes that have been plugged by security updates, but people haven’t applied the updates.
Also, if I read what you’re saying correctly, Microosft already does what you’re suggesting. When a hole is discovered, a security update is issued with the next month’s scheduled update, or an out-of-cycle update is released if the problem is urgent enough. And each schedulted security update runs a malware quickscan that cleans out viruses that are on the system.
Edited 2009-09-30 17:13 UTC
They could patch every hole and lock it up tight, but that’s not going to stop users downloading and running meganfoxnude.exe
Yeah Photoshop has never been historically available on Macs or anything
I saw an Adobe PR telling that the porting work was too great, and there were little market. Photoshop is still a “power user” product, used by people (and usually enterprises) buying Mac/PCs and buying the Adobe licenses.