Microsoft (MSFT) thinks everyone who runs Windows should be using antivirus software. I can just hear the cynics saying: "They ought to know—it's their buggy software the hackers are exploiting." In fact, over the past five years, Microsoft has made huge strides in protecting its systems against attacks. Now it's moving to the next level.
Microsoft works hard to make sure its programmers write secure code. But the company's executives know that even with the most diligent process, there will always be flaws that provide openings for the bad guys. They also know that an unprotected system is a peril not only to its owner, who risks the loss of user names, passwords, and other vital information, but also to the community. A large percentage of the malicious programs out there are designed to capture PCs so they can be used to spew spam or launch attacks.
A few years ago, Microsoft tried, unsuccessfully, to get into the paid security business with a service called OneCare. Now management has decided that if they can't sell it, they will give it away. Microsoft Security Essentials is a basic antivirus program that scans your system for malware, checks files that you bring into your computer through downloads or media such as flash drives, and tries to block sneak downloads from hostile Web sites. It works with Windows 7, Vista, and XP and is available for download now as a test version. The final product is due before yearend.
Giving away antivirus programs is nothing new; AVG , Avast!, and others have long provided free programs. But Microsoft throwing its weight and marketing might behind such software could make a big difference.
I tried Security Essentials on several systems and found that it installed easily and worked flawlessly without noticeably slowing performance. The German lab AV-Test ran its standard tests on Security Essentials and declared it to be "very good" compared with competing products.
At the same time, I don't think Security Essentials is about to drive paid offerings from the likes of Symantec (SYMC) and McAfee (MFE) off the market. These companies sell a variety of security products and services ranging from around $40 to $80 a year for up to three computers, and all are far more comprehensive than Security Essentials. The for-pay offerings include firewalls, anti-phishing defenses, parental controls, and in some cases data backup services.
Still, I have grown disenchanted with these heavyweight packages. Many of the features duplicate what is already built into operating systems and browsers. Vista and Windows 7, for example, have solid parental controls, and Internet Explorer 8 and Firefox 3.5 have defenses against both phishing attacks and "drive-by downloads" of malware from Web sites.
While the firewalls included in the paid products offer much more detailed control than the built-in Windows firewall that Security Essentials relies on, the overwhelming majority of users never touch these settings. And Symantec's Norton Internet Security, which I use on my home Windows systems, has recently developed the annoying habit of demanding that I reboot my system to install updates a couple times a week.
Unfortunately, I don't expect computer makers will install Security Essentials on new PCs. Antivirus software makers pay to have trial versions of their programs loaded. With margins tight, manufacturers want that revenue. Trouble is, many customers never renew after the 30- to 90-day trial period runs out and are thus left unprotected. Microsoft's "good enough" offering is exactly that, and it marks important progress in the fight to keep computers safe.