I saw today on this website that Microsoft has released the beta offering of its free consumer-oriented antivirus/antispyware protection solution called Microsoft Security Essentials (MSE – previously code-named “Morro”). The offering is available to the first 75,000 visitors to the site starting today. Gartner’s full analysis and advice for clients will be available shortly, but here are my initial thoughts.
As far as Microsoft running into regulatory issues with free AV – it’s possible, but Microsoft is not bundling MSE with Windows and other vendors (for example, AVG) already provide antivirus/antispyware solutions for consumers for free.
More importantly, as the protection value from signature-based AV declines, its value also declines. Its not about AV anymore, its about protection platforms – in the endpoint, at the email edge, at the web security gateway and for smaller enterprises in the multi-function firewall. The value is in the protection provided by the entire platform working together as a system, not just signatures.
I have two concerns about free AV though. While I actually think protecting more consumers with free AV is a good thing and that free AV is better than no protection at all, I worry that consumers will think this is all they need. It’s a start, but what about a firewall (Windows provides one, but its not integrated into MSE), URL filtering, antispam, antiphishing, behavioral monitoring and other types of protection?
I also have concerns about the implications of antivirus research labs over time. It’s kind of like the pharmaceutical companies not wanting to research cures for exotic diseases because there’s not enough money in it. As the amount of malware continues to rise geometrically, I’m worried that fewer and fewer vendors will find the resources to perform good research for the signatures. However, as I said before, its not about AV its about the protection system. As long as the vendors understand this, they can continue to improve (and charge for) their systems and fund their labs.
Overall, Microsoft’s move is a positive one. Lots of consumers go without any protection (or with expired protection). To the extent that Microsoft or any other vendor starts providing some basic level of protection at little or no cost, this is a good thing and Microsoft’s move should prompt similar offerings from other antimalware vendors.
Should AV be free? I believe the question we should ask is “Why shouldn’t it?”