tumblr hit counter

Microsoft just doesn’t get it… Security is about diversity

Nov 8

Microsoft recently started installing its Microsoft Security Essentials (MSE) free antivirus product via the Operating System update mechanism to computers which don’t already have an antivirus installed. Basically Microsoft is saying they are worried about the security of its users and they need to make sure they are protected. Perhaps Microsoft is trying to position itself as a provider of secure Operating Systems given the market perception of Linux, Apple and potentially Google as having more secure alternatives to Windows OS, but that’s a different story.

We agree with Microsoft; it’s better to have some protection than not having any at all. However the way the guys in Redmond are executing the idea is risky from a security perspective and could very well make the malware situation much worse for Internet users. That’s why we encourage Microsoft to continue using Windows/Microsoft Update but instead to push all free antivirus products available on the market, not just MSE.

These are the reasons why pushing only MSE from Windows/Microsoft Update is a very bad idea:

1.       MSE is not a good solution to the malware problem. While the argument of protecting users who do not have AV is commendable, the reality is that MSE only installs on computers with a valid Windows OS license (paid to Microsoft).

o   The problem is that an estimated 40% of worldwide computers connected to the Internet are running pirated software and spreading viruses, especially in China, Latin America, Asia, Southern Europe, etc. So while Microsoft wants us to think it is doing this out of the goodness of their hearts, the reality is that the measure will have little impact as millions and millions of unlicensed Windows PCs will continue spreading viruses and infecting the rest of us.

o   Even Microsoft itself acknowledges that malware infections are more prevalent in illegal copies of Windows: “There is a direct correlation between piracy and the malware infection ratesaid Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center. If that’s correct and the objective is truly to protect users from malware, then why doesn’t Microsoft allow MSE to install in pirated copies of Windows OS?

2.       Monocultures are a hacker’s paradise. If pushing MSE via Windows/Microsoft Update is very successful it will end up creating a monoculture of hundreds of millions of users having the same antivirus product. Right now hackers have to worry about bypassing multiple antivirus products and protection layers every time they release a new piece of malware. Having to bypass only one AV product makes their life so much easier. This alone will allow hackers to push more new malware that bypasses MSE exclusively and infect many more users with every new variant. Alternatively, reverse engineering of MSE and related Windows components will boom, potentially discovering zero-day vulnerabilities which could cause infections in tens of millions of PCs with a single attack. Monoculture in Operating Systems is in and by itself bad. Monoculture in security is A VERY BAD THING.

3.       Insufficient Detection. Even though MSE is a good basic product, from a detection perspective it has not proven itself to provide sufficient protection according to the latest independent comparative studies:

o   AV-Comparatives.org’s latest On-Demand Test ranks MSE 15 out of 20 in signature detection while vendors with alternative free antivirus products were ranked well above that.

o   In AV-Test.org’s latest Real-World Test MSE could not achieve the minimum score to obtain certification, while vendors with alternative free antivirus products did. MSE was ranked as one of the worst three products.

4.       Not Enough Prevention. There are other free antivirus alternatives on the market which offer much more than just reactive signature detection. These more advanced (and still completely free) products have multiple security layers which provide users with proactive protection, such as web filtering, behavior blocking, instant messaging filters, etc. MSE provides very basic antivirus protection, certainly not enough to protect users against today’s malware threat landscape.

5.       Secure the Operating System itself. Even though Microsoft has made significant improvements in securing the OS in recent years, there is still a long way to go as witnessed by the constant zero-day vulnerabilities that are published every month, such as the incredibly dangerous LNK vulnerability that Stuxnet exploited. Microsoft’s security resources should work on making the OS more secure, not just putting a band-aid on it. Who knows, maybe someday if Microsoft manages to really make their OS secure, antivirus products won’t be needed anymore. But until that day comes, Microsoft should make a serious development effort to secure the OS from the ground up and not limit the security tools currently available to its users.

In summary, while it’s commendable that Microsoft is trying to protect users, offering only “their” basic MSE antivirus provides neither sufficient protection against today’s threats nor does it solve the malware problem of millions upon millions of pirated PCs who will continue spreading viruses. In fact, it can easily achieve the contrary by making it easier for hackers to infect users. Microsoft should offer the complete portfolio of more advanced and secure alternatives of free antivirus products and time-limited versions of paid security suites, allowing users to choose any of them from the Optional Windows/Microsoft Update.

Note: this post is being published simultaneously in Panda Research, PandaLabs and PandaInsight blogs.

Post to Twitter

  • (35) Comments

Comments

  1. NT says:

    All these rants by Panda and TM aren’t going to solve anything.The black hats are way ahead of all you guys.

    I strictly suggest you make your product standout from Microsoft in terms of usability,low resource usage,detection,etc. etc.

    Then I am sure many will think of trying shareware AV’s otherwise why disregard a free one that has good detection,low resource usage.Also there is no hassle of yearly subscriptions.Yes I am aware of those tests that you provided are good reference to choose a satisfying security but for normal users they not much of a help.

    Cloud is the future but if the products don’t deliver the necessary and the essential goals then free AV’s will have their say.

    In my personal experience Panda has been buggy and high on resources(on XP),you guys definitely have your work cut out.

    For any security company its always improve and keep on improving or else perish.

    Regards

    • Luis Corrons says:

      It seems you don’t really know well Panda, as Panda Cloud Antivirus is free, detects more and takes less resources than MSE, plus some other features (proactive technologies, autorun protection, etc.)

  2. cigars cuban says:

    Hello there! Do you know if they make any plugins to safeguard against
    hackers? I’m kinda paranoid about losing everything I’ve worked hard on.
    Any suggestions?

  3. Guitar Bob says:

    Many of the free AVs now come with a toolbar, web blocker, etc. that changes your search engine, start page, etc. or does something else (sets up the user for some kind of advertising?) in return for additional protection. In fact, I believe Panda free Cloud is in this camp. So, these AVs only provide “basic” protection–just like Microsoft Security Essentials. In addition, Microsoft has lots of resources behind it that most AVs do not have. If there is a widespread piece of malware that is infecting lots of users, I am sure that Microsoft will protect against it just as well as any other AV. Finally, Microsoft seems to care more about protecting its users that it cares about detecting the latest/greatest piece of malware in tests.

    Regards,

Trackbacks

  1. [...] Panda posted about it on their blog where they say “security is about diversity”, they go on to discuss why [...]

  2. [...] тем, технический директор PandaLabs Луис Корронс (Luis Corrons) выразил особое мнение. Он считает идею распространения [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
  • Blogroll

  • Categories