Security

Updated at 2:40 p.m. PDT with comment on what happens if a user already has antivirus software installed and at 1:45 p.m. with AVG comment.

Microsoft will launch a public beta of its anti-malware service, Microsoft Security Essentials, on Tuesday as it phases out its Live OneCare suite in favor of a simpler free consumer security offering.

Microsoft Security Essentials, which will run on Windows XP, Vista, and Windows 7, will be available in the U.S., Brazil, and Israel in English and Brazilian Portuguese. A public beta version for Simplified Chinese will be available later in the year.

The service works like traditional antivirus products in which client software monitors programs on a PC. When something changes on the computer, such as files being downloaded or copied or software trying to modify files, the system checks against a set of malware signatures in the client program to see if the code matches the signature for known malware. If so, it blocks it from getting downloaded.

If no signature match is found, the system will ping the server-based Dynamic Signature Service to see if any new signatures are available and, if so, it removes the malware. If it appears to be new malware, the Dynamic Signature Service may request a sample of the code in order to create a new signature.

The service updates its anti-malware database constantly and publishes new antivirus signatures to Microsoft Update three times a day, Alan Packer, general manager of Microsoft's Anti-Malware team, said in an interview on Thursday.

"The hope is that people who install Security Essentials and enable auto updates in their Windows configuration will be protected" automatically, he said.

The service also includes new technologies that help protect against rootkits, programs that are designed to hide the fact that a PC has been compromised, and is also designed to run efficiently by scanning when the PC is idle and conserving on memory usage.

If you already have antivirus software installed you probably don't need this service. Security Essentials doesn't detect if you have security software installed but does provide a message upon install that says two antivirus products aren't necessary and could interfere with each other, Packer said.

Microsoft announced in November that it was dropping its Live OneCare service in favor of a slimmed-down free offering designed to encourage more people, particularly those who don't want to pay for it and fear it will slow down their computer, to use antivirus software.

The new service lacks features like managed firewalls, performance-tuning, backup and restore, printer-sharing and multi-PC management that the OneCare service offered.

"We don't see Security Essentials as a direct competitor to other free products and suites," which try to "upsell" users, or get them to eventually pay for a product, Packer said. "We're targeting people who aren't protected" already.

A spokeswoman for AVG, likely the main rival to Microsoft's service, said AVG offers a free Internet security suite that has advantages because it is operating system agnostic and was developed by a company that specializes in security products.

Asked what Microsoft's strategy is for mobile, Packer said he couldn't comment on what the Windows Mobile team is doing.

"In general, the way we look at mobile from a security standpoint is that you are better off preventing the malware from getting on a mobile device rather than trying to run anti-malware or antivirus software," he said. "We haven't targeted mobile antivirus software because we felt that's not the right approach."

Microsoft Security Essentials will be available for download from Microsoft's Web site beginning on Tuesday.

This is what the interface will look like when the service finds that the PC is clean of malware infections.

(Credit: Microsoft)

This screenshot shows what a user will see when Security Essentials finds malware on the PC.

(Credit: Microsoft)

Since its introduction in 2006, Microsoft's Windows Live OneCare has altered the antivirus landscape. With Tuesday's announcement that Microsoft will no longer be selling the product in retail outlets but offering a new free version, code-named Morro, starting in the second half of 2009, it's sure to change the field once again.

Since Microsoft bought Romania-based antivirus firm GeCad five years ago, there has been fear among the commercial antivirus vendors that the software giant would simply bundle its malware protection within the next version of Windows. While that didn't happen--and it's unlikely to happen--Microsoft's addition to the market has forced its competitors to make some changes even though Microsoft hasn't become the huge player once feared.

Even before the first beta in 2005, McAfee and Symantec were talking about plans to go head to head with the software giant. McAfee announced plans around Project Falcon, and Symantec launched Project Genesis.

Microsoft OneCare entered the market in May 2006 as a "desktop IT department" and inspired a new breed of "omni security suites" that went beyond the traditional Internet security suite. I wasn't impressed. Although OneCare offers the revamped GeCad antivirus engine, Microsoft Windows Defender antispyware protection, and the Windows Firewall, along with system diagnostic tools, backup capabilities, and a way to monitor home networking, I think that the interface is clunky and that the tools aren't necessarily top of the line. And, I'm on record as calling OneCare SopranoCare since it seems wrong to me to have to pay the company that broke your operating system to fix it.

But at its introduction, Microsoft did shake up the antivirus landscape. OneCare was priced at an absurdly low $49.95, and it protected up to three PCs. At the time, Symantec's Norton Internet Security and McAfee's Internet Security were both priced at over $100 for their three-user packages. Today, three-user packages well under $100 are common.

Symantec responded in 2007 with its Project Genesis-produced Norton 360, a unified product that took Norton Internet Security and added online backup. But Symantec didn't just add to its existing product, it reinvented the product, producing a new one with a fully integrated interface marketed for the average home user. And at around $70, it could be used on up to three PCs.

McAfee also responded with its Project Falcon-produced McAfee Total Protection, also priced around $70 for up to three PCs. It too offers home network monitoring and premium or enhanced versions of the McAfee Internet Suite.

But McAfee and Symantec both had something Microsoft did not: effectiveness.

Almost two years ago, independent antivirus-testing organizations faulted OneCare for missing known malware. Andreas Clementi of AV-Comparatives.org wrote in his February 2007 report (PDF) that OneCare did not meet the minimum requirements for participation. "Due (to) that, its inclusion in future tests of this year (will) have to be re-evaluated."

Microsoft began hiring longtime antivirus experts from competitors, and it appears to have paid off. A few years ago, Vincent Gullotto came over from McAfee to head Microsoft's Security Research and Response team. Microsoft has since added experts from F-Secure, Sophos, and elsewhere to the team. And it shows. In the latest On Demand scanning test from AV-Comparatives.org, Microsoft OneCare 2.5 scored as well as McAfee VirusScan Plus 2008.

All is not perfect, however. In May, Microsoft mistook Skype for a piece of malware. And the Windows Firewall, while Microsoft insists otherwise, is not a truly two-way firewall; there are a great many outbound exceptions within the Microsoft version. A Microsoft representative said "If we turned on outbound filtering by default for consumers, it forces the user to make a trust decision for every application they run which touches the network." Given that other firewalls have outbound filtering, I still don't see why Microsoft can't.

The free version of Morro won't have all the current bells and whistles of OneCare; Microsoft says the diagnostic tools won't be included. Although the final feature set won't be known for a while, just having a free antivirus/antispyware/personal firewall product from Microsoft is bound to shake things up.

With traditional antivirus protection perhaps becoming obsolete, maybe it's time that Symantec and McAfee start offering free versions of their own antivirus products--something that I've said for years.

Microsoft's decision to offer free antivirus software puts rivals such as McAfee and Symantec in a tough position.

To be sure, those two--and other rivals--will be able to tout products that offer a broader range of features than Microsoft plans to deliver with "Morro" next year. At the same time, "nada" is a tough price to compete against.

That raises the question of whether those companies or others may look to antitrust regulators for help. We've put queries into those companies and also posed the antitrust question to Microsoft. I'll let you know what we hear back.

One thing in Microsoft's corner is the fact there are already free antivirus products on the market, such as AVG, though typically security vendors look to upsell consumers from low-cost or free products to higher-end ones.

Microsoft appears to be getting out of the paid security software business, at least on the consumer end. (Microsoft still plans to offer paid security products for businesses).

Also, Microsoft said it plans to deliver Morro as a free download rather than bundling it with the operating system--another move that could dampen some antitrust concerns.

It's unclear whether giving away software that others charge for will ultimately be enough to justify regulatory action. Although one antitrust lawyer predicts rival security firms will complain and that antitrust authorities will listen.

"Sure, there will be antitrust issues. They're just...daring the antitrust authorities to knock it off," said Daniel Wall of the San Francisco firm of Latham & Watkins. "This is an old issue, the notion of them giving away for free products that others sell and it is absolutely guaranteed to get the attention of the antitrust authorities in Europe, Korea, Japan, and other jurisdictions."

"They're incorrigible," Wall said of Microsoft.

Antitrust regulators in the U.S. have tended to focus on harm to consumers as opposed to competitors. Authorities in Europe and Korea have taken a broader view, taking action against Microsoft for actions deemed to hurt competitors, such as bundling its media player into Windows.

Both Europe and Korea have required Microsoft to offer versions of its operating system without certain components. In this case, though, Microsoft is not talking about distributing the antivirus code as part of Windows itself.

Representatives from Microsoft, Symantec, and McAfee were not immediately available to comment.

CNET News' Elinor Mills contributed to this report.

Update 4:45 p.m. PST: Here's what Microsoft had to say.

"We are focused on addressing the security needs of consumers," Amy Barzdukas, a senior director in Microsoft's Online Services and Windows Division, said in a statement. "We will, of course, continue to comply with any government rulings."

Update 6:25 p.m.: And we got comment from security firms McAfee and Sophos.

McAfee spokesman Joris Evers, asked if his company would raise an antitrust complaint over Microsoft's move, said: "It's too early to say anything about that."

Over at Sophos--which focuses on the enterprise market and so doesn't compete with Microsoft's consumer security products--Senior Technology Consultant Graham Cluley predicted antitrust issues would not arise.

"I am no expert on such things, but provided Microsoft does not bundle 'Morro' in with its operating system I would be surprised if there were antitrust issues," he said in an e-mail. "Anything which encourages more people to run antivirus has to be good news for all of us."

Asked if Microsoft would ever consider bundling the security features into Windows, Microsoft's Barzdukas said: "I can't foresee such a time."

Updated at 6:15 p.m. PST with Microsoft and McAfee comment, at 5:30 p.m. with Sophos comment, and at 4:40 p.m. with customer comment.

Windows Live OneCare logo

(Credit: Microsoft)

Microsoft on Tuesday said it is changing its strategy for offering PC antivirus software, with plans to discontinue its subscription-based consumer security suite and instead offer individuals free software to protect their PCs.

Code-named Morro, the new offering will be available in the second half of 2009 and will protect against viruses, spyware, rootkits, and Trojans, the company said in a statement.

With the arrival of Morro, Microsoft plans to stop selling the Windows Live OneCare service, although the two services are not identical. Morro lacks OneCare's non-security features, such as printer sharing and automated PC tuneup. Morro will, however, use fewer resources than the subscription-based offering, making it better suited to low-bandwith systems and less powerful PCs.

Microsoft decided to switch to a free product because there are still so many PCs out there that lack any antivirus software.

"Because they're not concerned about malware, the number of people who don't have antivirus software or don't keep it up to date exceeds 50 percent in developed markets, and it's worse in emerging markets," Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft, said in an interview. "Live OneCare was tailored for developed markets with broadband...and it's not meeting the needs of a lot of customers."

Asked why the company wouldn't just offer both the free and subscription versions, Barzdukas said: "Having core anti-malware at no charge for consumers, we believe, we will protect more consumers that way." Consumers who want more than the features Morro will offer have "fine alternatives from third parties" to buy, she added.

Despite the fact that McAfee stands to lose paying customers to Microsoft's new free software, McAfee spokesman Joris Evers said the news signaled a defeat for Microsoft.

"Consumers have voted; OneCare, in its two years on the market, has achieved less than 2 percent market share," he said in an interview. "Microsoft is giving up and has defaulted to a dressed-down freeware model that does not meet consumer security needs. This is good news for McAfee."

Barzdukas dismissed the notion that Microsoft was responding to market share or competitive pressures. "If the current approach isn't working... (as far as protecting consumers broadly) we need to go with a new approach," she said.

Asked if Microsoft would ever consider bundling the security features into Windows, Barzdukas said: "I can't foresee such a time."

Representatives from Symantec could not be reached for comment Tuesday.

Graham Cluley, senior technology consultant at Sophos, said the news doesn't impact his security firm because it focuses on the enterprise market.

"I think this announcement may cause some sleepless nights for the chiefs at McAfee and Symantec--they've always done well out of the consumer anti-virus market, and with tougher financial times ahead of them (they) won't be pleased to see the possibility of that evaporating further," he wrote in an e-mail response to questions.

Microsoft had been selling Windows Live OneCare for $49.95 per year, which covered up to three PCs and offered centralized backup and optimization features in addition to security capabilities.

Windows Live OneCare will continue to be sold for Windows XP and Vista via retailers through June 30, 2009, and direct sales will be gradually phased out as Morro becomes available. "Microsoft will ensure that all current customers remain protected through the life of their subscriptions," the statement said.

Morro, which will be available for download over the Internet, will work on Windows XP, Windows Vista, and the upcoming Windows 7.

The news frustrated OneCare customer Cas Purdy who complained on Facebook: "I just paid for OneCare. I'm kind of bitter."

Purdy, who heads up public relations at security firm Websense, said in a follow-up phone interview that he paid for his OneCare subscription a few weeks ago for his home laptop. Websense does not compete with Microsoft on consumer software.

"I'm all for a free tool but given that I just paid for it...we'll see," he added.

Microsoft's Barzdukas said customers should contact customer support if they have a concern. "We will absolutely do the right thing by our customers, and if the customer wants to call our free phone support line we'll make sure they are happy," she said.

A posting on the Windows Live OneCare Team Blog has a detailed FAQ for customers.

Microsoft started selling OneCare in May 2006, three years after signaling its intent to enter the security software market with its purchase of Romania's GeCad.

Although OneCare received only mixed reviews, it significantly shook up the security software market, resulting in generally lower prices.

The software maker has also started selling its Forefront line of security software for businesses and indicated at its Microsoft Online launch on Monday that it plans to expand its lineup of hosted security services.

CNET News' Ina Fried contributed to this report.