Could the arrival of Security Essentials from Microsoft change the perception of IT security?
Almost a year after it was first discussed yesterday saw the release of the Security Essentials free anti-malware from Microsoft.
Catching most of the technology press by surprise due to a leak on another site, I was rushed into publishing details of this major announcement at a moment's notice and unsurprisingly this created a huge response.
Therefore my scheduled interview with Microsoft UK's head of security and privacy Cliff Evans, took place after the story was published. However with a launch of such a high-profile product and with such worldwide publicity, it felt worthwhile to cover this in greater detail.
Originally named ‘Morro', which Evans later told me was a codename for Security Essentials, it was first reported on last November and since then word has fallen fairly silent as it was developed.
More word was delivered in June when 75,000 versions of the Beta version was made available to customers in the US, Israel (English only), People's Republic of China (simplified Chinese only) and Brazil (Brazilian Portuguese only).
So now it is released and free to download and be run, and it will be interesting to see statistics on downloads in a month, or six months', time. So we know the name and we obviously know the producer and vendor, but what exactly is it?
Evans claimed that this is a consumer product; with an exception that he was expecting home offices to use it, which he believed was ‘perfectly appropriate'. For businesses, Evans said that they should be looking at Forefront that gives anti-malware that is more sophisticated and has a similar approach to the free consumer versions, but is not available as a free download.
Evans said: “The big reason for this is the increase in malware, the time is right and we feel we are a trustworthy company and we make sure that people feel safe in what they do and they do the right stuff to protect themselves. We have done this to power the vision of security.”
He also claimed that he hoped that people who ‘have let their subscriptions lapse do use this' as it breaks down the barrier of cost. Evans said: “We did a lot of work with Get Safe Online and a survey we did with them asked about anti-malware software and about half had no up-to-date software so it is a big problem in the UK and around the world. The UK is not bad but there is a need.”
There were various concerns lodged about Morro previously. Speaking at an SC Conference back in July, Sophos' senior technology consultant Graham Cluley criticised the concept claiming that users would not be offered support as they would be on other paid-for software packages.
I put some of the various points to Evans about how this product will work. Firstly, he claimed that updates will be done through the Windows update and also through a dynamic signature piece.
Evans said: “One of the goals of this is to install and forget, users install it and it will update itself, we have done work on this and it is not an issue.”
Following up on Cluley's comments, Evans claimed that for support, users will get email and community support, and if anyone has issues or concerns they can get free support direct from the call centre.
The description of it as ‘anti-malware' I felt to be fairly specific, so I asked Evans what this means. He claimed that this is a generic term for anti-virus, anti-spyware, anti-Trojan and anti-rootkit. However there is no phishing protection, and Microsoft recommend people use IE8, which has built in phishing protection.
There is also no firewall with this, but Evans said that ‘we feel that there are plenty of firewalls available so it is up to the vendors to offer a resource'.
Probably a dirty word within the Redmond walls, but I dared to ask about protection for the Apple OS. Evans said that there was ‘no news really' and said that he ‘could not see it in the future' as ‘we are protecting people out there using Windows'.
So on to the product itself, I admit I am not much of a reviewer, but I did download it last night and this is my commentary of how Microsoft Security Essentials (MSE) worked. To start with I am told it contains a validation scan to test my version of Windows to see that it is genuine.
It then recommends removal of other anti-virus or anti-spyware from the computer, as 'it may conflict with MSE and prevent it from working properly. Having multiple anti-virus or anti-spyware may also cause severe performance issues on your computer'.
The download literally takes a few seconds and the install is very quick, once running it installs the latest virus and spyware definitions. It then runs a scan of the hard drive, which is fairly slow, perhaps because this is the first time.
While it is scanning it has a handy start time (although a finish time would be preferable) with a guide to the time elapsed and the items scanned. During this the four tabs become available: Home is where the scan is taking place; Update is where I am told I am now up-to-date; History informs me of all detected items and the quarantined items; while Settings updates settings on the next scan, excluded files, processes and locations and includes an option to join the Microsoft SpyNet, 'an online community that helps you choose how to respond to potential threat'.
So 14 minutes later and with 22,346 items scanned, the scan is complete. Scan options are offered with a choice of quick, full or custom and the next scan is due for 2am on Sunday, so will this scan when it is switched off, or the next time I switch it off? The icon in the bottom right tells me that the computer status is 'protected'.
From an aesthetic point of view, it is clear and concise and very nice to look at, with a castle icon/shortcut left on the desktop, a double click on either opens the window. So it seems that it is working, and that MSE is protecting me.
Once back in the office, Mark Mayne pointed me to Eicar.com where we gave it a hit with a virus, and there seemed to be no problem as it batted the fake virus back out and refused to let the file run.
There is no doubt that this will help people become more secure, and I guess that it may be welcomed. Sunbelt Software CEO Alex Eckelberry claimed that this was ‘not a Microsoft conspiracy to take over the world. They had to do this in order to beat off Apple, and improve their security posture as a company'.
He said: “They have removed millions of infections using the MSRT tool and they really do need to do something about machines that are not protected, for the good of the rest of us.”
If it makes the public more aware of information and IT security then surely it can only be a good thing, or will we soon see other vendors following their lead? Also, how long will it be before malicious files masquerade as MSE?