Feeds

MS hits back in Security Essentials row

It's all opt-in, so what's the beef?

SANS - Survey on application security programs

Microsoft has said its rivals and the media have misunderstood its plans to offer its freebie anti-virus scanner to Windows users without security protection via its Microsoft Update service.

Earlier this week we reported how Panda Security and Trend Micro both viewed the offer of Security Essentials via "automatic downloads" and Microsoft update services as damaging for choice and anti-competitive.

Panda, for example, suggested that users should be offered a ballot screen listing a range of possible options for obtaining anti-virus software instead of being presented only with Microsoft's offer, an approach that fosters monoculture.

Trend Micro said Microsoft's approach of offering the updates via Microsoft Update (which offers updates for Office and other applications) rather than Windows Update is a distinction that would be lost on most ordinary consumers and small business users.

A Microsoft spokesman responded on Thursday by saying that the difference is important because Microsoft Update is an opt-in service. In a statement, Redmond's spin doctors took umbrage at the suggestion that Microsoft is pushing Security Essentials as an auto-download.

Microsoft Security Essentials’ availability over Microsoft Update is not an "auto-download" as your headline and our valued security partners suggest.

Microsoft Security Essentials will be available as an optional update to customers through the Microsoft Update Website (for XP) and through Windows Update, if the user has opted in to the MU service. Microsoft Security Essentials will only be offered to those genuine Windows customers who have no antivirus solution detectable through Action Center in Windows.

The fact is that Microsoft is always looking for the most effective and efficient ways to ensure our customers are protected against viruses, spyware and other malicious threats. Despite the broad availability of anti-malware software, we still find that many consumer and small business PCs remain unprotected.  By offering Microsoft Security Essentials as an optional download for PCs that are unprotected, we make it easy for those who want and know they need protection, but for whatever reason have not gotten around to installing it.  Now they can download the software when they perform their other system updates without having to search the web or make a special trip to the store.

Luis Corrons, technical director of PandaLabs, said its objection that Redmond was pushing Security Essentials without giving users an informed choice remains.

"The problem we see is not about using Microsoft Update and Windows Update, but about pushing only MSE and give no choices to the users, Corrons told El Reg. "Choices that in fact are better."

Redmond began offering baseline security protection to consumers through Microsoft Security Essentials more than a year ago. Reviews of the product have been largely positive.

Microsoft extended the offer of the freebie anti-virus scanner to small business in September, and it's tempting to think that this is the real focus of Trend and Panda's gripe, though neither have said as much.

None of the established freebie antivirus scanner firms - AVG, Avira and Avast - has complained about changes in how Microsoft Security Essentials is being offered. Each focuses on persuading a percentage of users of its freebie scanners to upgrade and none has reported a decrease in downloads as a result in Microsoft's entry to the market segment.

Typically the likes of AVG, when pressed, point out that they have more experience than Microsoft in developing security scanners while arguing that their products are technically superior because they include behaviour-based malware detection, for example. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.