Updated at 1:15 p.m. PST Wednesday with comment from Symantec and at 11:45 a.m. PST Thursday with comments from McAfee and Kaspersky.
For some security companies, Microsoft's decision to offer a free anti-malware product, code-named Morro, won't result in a dramatic change in how they do business.
Morro will be available in the second half of 2009 and will protect against viruses, spyware, rootkits, and Trojans, according to Microsoft.
"With OneCare's market share of less than 2 percent, we understand Microsoft's decision to shift attention to their core business," Joris Evers, director of worldwide public relations for McAfee, said in an e-mail.
As for confronting a free malware solution from a software giant, Evers said, "With more malware attacks than ever before, we believe our advanced technology, commitment to consumer education, superior protection, dedicated focus on security, and our 20-plus years in this business will provide consumers the confidence to choose McAfee as their trusted adviser and expert in security."
Justin Priestley, senior vice president of consumer sales at Kaspersky Lab's Americas division, also seemed not that concerned at the prospect of facing a free security solution from Microsoft.
"Having entered the U.S. consumer market at the same time as Microsoft, we initially viewed them as a formidable player. They've continued to hold a very low market share in the consumer market, and we don't expect the exit of OneCare to change the playing field drastically," Priestley said. "With the increasing threat malware and Web attacks pose, security is as important as ever, and we believe people will continue to choose antimalware software based on the quality of protection and will choose the highest-level product available."
Rowan Trollope, senior vice president of Symantec's consumer business, characterized the announcement as a "capitulation by Microsoft, and a reinforcement of the notion that it's simply not in Microsoft's DNA to provide high-quality, frequently updated security protection."
Here's the rest of his statement, provided via e-mail:
Consumers have already rejected OneCare, even though it entered the market at a lower price, because OneCare offered substandard protection and poor performance, as evidenced by scores of third party reviews. The offering only gained modest market share and ultimately was deemed unsuccessful in the marketplace.
Making a significantly scaled-back version of that same substandard security technology free won't change that equation. Simply put, innovation and protection matter. So even if it's free, the Microsoft "OneCare-light" offering will certainly fare worse than its predecessor, essentially putting consumers at increased risk without additional protection.
Additionally, our research clearly indicates that, after effective protection, what consumers care most about in a security product is performance. OneCare is widely recognized as one of the most egregious offenders in hogging system resources.
On Tuesday, Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft, had dismissed similar criticism from McAfee. "If the current approach isn't working (as far as protecting consumers broadly), we need to go with a new approach," she said.
A representative for AVG Technologies, maker of AVG Antivirus, told CNET News on Wednesday, "We view this as a positive step for the AV (antivirus) landscape. AVG has believed in the right to free antivirus software for the past eight years."
The company said it will be "business as usual" and doesn't plan to make any changes to its own product offerings as a result. "Based on what Microsoft is planning to deliver, we don't feel the need to make any changes to our free product at this time," the company said.
Asked if AVG had any advice for Microsoft, the company said "consumers will use a free product if it's robust and it protects them. The product has to be easy to use, fast, unobtrusive, and be able to address the latest Web threats."
Alex Eckelberry, CEO of Sunbelt Software, maker of Vipre Antivirus + Antispyware, said the move to get out of a profitable business appears to a capitulation on Microsoft's part. "This gives them a chance to do something altruistic while getting out of an unattractive business," he said. He noted that Microsoft will still be selling Microsoft Forefront, a collection of business security products.
Eckelberry said there remain two questions: One, how exactly will Microsoft distribute the product (will it consider bundling it with Windows 7)? And two, will the company make the application available through enterprise group policy management?
In the end, AVG said the market still needs to be educated. "Microsoft will have to do more than simply make the product available," the AVG representative said.
(CNET News' Elinor Mills contributed to this report.)
One of the spam messages using Obama's election to entice people to download malware.
(Credit: Sophos)Within hours of settling the U.S. presidential election on Tuesday, spam seen worldwide began incorporating the name and image of Barack Obama, according to various security vendors. The U.K.'s Sophos reported 60 percent of all spam seen by the lab on Wednesday was in some way Obama related.
One piece of spam alleges to contain a link to video of Obama's acceptance speech. If you follow the video link within the e-mail message you will be taken to a Web page where you'll be asked to update your Adobe Flash Player with a file, adobe_flash9.exe, first. This is not an official Adobe update file and downloading this file may in turn infect your computer with a Trojan.
Sophos named the Trojan Mal/Behav-027. F-Secure named it W32/Papras.CL. Sunbelt Software also has a blog about this particular piece of spam.
Meanwhile, Websense is reporting a separate threat. An e-mail appears to be an interview with the new president elect. The e-mail features embedded links to a video site that attempts to install a file, BarackObama.exe. Downloading this file may infect your computer with a Trojan.
A new report (PDF) from Secunia is raising awareness about the need to patch vulnerabilities and block malware from desktops.
The report found that "security vendors do not focus on vulnerabilities." And while Symantec Norton Internet Security 2009 bests the 11 other suites tested, Secunia found that Symantec "detected a mere 64 out of 300 exploits, or less than one-fourth, leaving 236 exploits undetected." Overall the dozen products all received an "F" on the report.
The Secunia test departed from the traditional testing done by organizations such as AV-test.org and AV-comparatives.org, which use collections of malware to demonstrate the on-demand and heuristic capabilities of the security products. Secunia used exploits--not viruses and worms--to demonstrate the need for users to patch vulnerabilities as well as have a good firewall, antivirus, and other anti-malware protection. The company said exploits are what criminals are most likely to use these days, and faulted the tested security vendors who said their products could protect against any threat.
Secunia did single out one product, Kaspersky Internet Security, as providing a vulnerability scanner, yet Kaspersky also did poorly on the test.
But Alex Eckelberry of Sunbelt Software criticized Secunia's report as being a "useless test." And others, too, have criticized the metholodgy used.
There is a move within the security industry to standardize malware testing. The newly formed Anti-Malware Testing Standards Organization states that there is a "global need for improvement in the objectivity, quality, and relevance of anti-malware testing methodologies." The group is currently soliciting opinions on two papers, one for testing best practices and the other for fundamental principals for malware testing.
- prev
- 1
- next
