Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Should AV be Free?

by Neil MacDonald  |  June 23, 2009  |  5 Comments

I saw today on this website that Microsoft has released the beta offering of its free consumer-oriented antivirus/antispyware protection solution called Microsoft Security Essentials (MSE – previously code-named “Morro”). The offering is available to the first 75,000 visitors to the site starting today. Gartner’s full analysis and advice for clients will be available shortly, but here are my initial thoughts.

As far as Microsoft running into regulatory issues with free AV – it’s possible, but Microsoft is not bundling MSE with Windows and other vendors (for example, AVG) already provide antivirus/antispyware solutions for consumers for free.

More importantly, as the protection value from signature-based AV declines, its value also declines. Its not about AV anymore, its about protection platforms – in the endpoint, at the email edge, at the web security gateway and for smaller enterprises in the multi-function firewall. The value is in the protection provided by the entire platform working together as a system, not just signatures.

I have two concerns about free AV though. While I actually think protecting more consumers with free AV is a good thing and that free AV is better than no protection at all, I worry that consumers will think this is all they need. It’s a start, but what about a firewall (Windows provides one, but its not integrated into MSE), URL filtering, antispam, antiphishing, behavioral monitoring and other types of protection?

I also have concerns about the implications of antivirus research labs over time. It’s kind of like the pharmaceutical companies not wanting to research cures for exotic diseases because there’s not enough money in it. As the amount of malware continues to rise geometrically, I’m worried that fewer and fewer vendors will find the resources to perform good research for the signatures. However, as I said before, its not about AV its about the protection system. As long as the vendors understand this, they can continue to improve (and charge for) their systems and fund their labs.

Overall, Microsoft’s move is a positive one. Lots of consumers go without any protection (or with expired protection). To the extent that Microsoft or any other vendor starts providing some basic level of protection at little or no cost, this is a good thing and Microsoft’s move should prompt similar offerings from other antimalware vendors.

Should AV be free? I believe the question we should ask is “Why shouldn’t it?”

5 Comments »

Category: Beyond Anti-Virus Endpoint Protection Platform Microsoft Security     Tags: , ,

5 responses so far ↓

  • 1 LA Tech   June 23, 2009 at 3:41 pm

    You always get what you pay for. Threats borne via email are getting worse and not better. There is a capital cost in this endless game of bigger lock then bigger hammer.

    Spammers are after your small business network to bot your network for their bandwidth needs.

    Free security for a network?

    Not in my network!

  • 2 Neil MacDonald   June 23, 2009 at 4:25 pm

    I’d agree that businesses should look at a more capable system of protection. We refer to these as endpoint protection platforms and the research that rates the vendors is here:
    http://www.gartner.com/DisplayDocument?id=962714

    For consumers, antivirus/antispyware alone is not sufficient and being free doesn’t change that, but it is better than having nothing at all.

  • 3 Tyson Snow (aka Devil's Advocate)   June 23, 2009 at 6:41 pm

    For the sake of argument, if AV software costs money, don’t companies who produce AV software have a financial advantage and stake in producing and ensuring that additional viruses and malicious programs get produced? I’m not saying that getting rid of AV software would cause all virus programmers to stop doing what they do but it is an interesting question nonetheless.

  • 4 Neil MacDonald   June 23, 2009 at 7:43 pm

    Highly unlikely, but nothing is impossible. It’s like wondering if doctors would make people sick because they have a stake in treating them — possible, but unlikley. First, if discovered the ramifications would be devastating for the vendor. Second, the increase in targeted and financially motivated attacks seems to be at odds with a signature-based model and would work against the AV vendors traditional business model. Finally, we have a highly connected environment where many user’s aren’t taking even the most basic precautions with their systems. I think the bad guys do what they do because the risk/reward works in their favor. Hard to catch, hard to prove combined with easy pickings.

  • 5 Three Things for Thursday: A Big Week   October 1, 2009 at 7:53 pm

    [...] Finally, in this post and in this Gartner research document, I talked about the impact of (then-beta) Microsoft Security [...]