Windows security software

Microsoft Security Essentials 1.0 Hits the Street

Yesterday (September 29, 2009) MS relased its latest free anti-malware service to provide basic protection against viruses, spyware, and other malware. There’s a home page for this technology at www.microsoft.com/security_essentials/ from whence you can download this software for 32- and 64-bit versions of Windows including Windows XP, Windows Vista, and Windows 7. Is there a catch to this largesse? You bet, but it’s neither onerous nor surprising: you can only install and use this software if your Windows installation meets the “genuine Windows” test (which requires downloading an ActiveX authenticity checker, then passing its tests). Minimum system requirements are described in detail as well, and from what I see there, nobody who can run one of the OSes it supports should be unable to run this toolset, either. It even supports Windows XP Mode within Windows 7, which should make it a pretty popular anti-malware solution for those who need protection for their Windows  VMs.

I downloaded and installed this software on one of my netbook PCs, and observed some interesting things along the way. First, even though MS says you can access and download the software using either Firefox or IE, I was only able to get the download to work using IE (it looked like some kind of Silverlight-based download pop-up window which IE let me manipulate quite happily, but which Firefox couldn’t do much with). Second, I observed some astounding download transfer rates while grabbing this file: I averaged nearly 1.5 MBps (that’s 12 Mbps) throughout the download, and saw a peak of 2.44 MBps (that’s around 20 Mbps). MS is obviously running some fast, powerful server farms these days, and probably using some fancy download compression tools, to produce these kinds of results — especially the day after a major product announcement like this one.

I’m going to be trying out Security Essentials and reporting as I go on my various test machines and adventures. Check out some of these early or pre-reviews for some interesting information so far:

• Neil Rubenking has posted a review of Microsoft Security Essentials 1.0 at PCMag.com. He rates it with “Average malware removal” and “One-Dimensional Malware Blocking,” for a modest ho-hum evaluation.
• Nick Mediati described this software for PC World in a pre-release news story entitled “Microsoft Security Essentials Launches Tuesday.” His 6/23/09 review chronicles the beta version in some detail.
• John Leyden at the UK-based Channel Register also reviewed the beta version on 6/24/09 in a story entitled “.MS no-frills security scanner gets thumbs up in early tests“

As more reviews appear on this product I’ll provide pointers. Some time soon, I’ll come back to this software to talk about my own observations and experiences. Stay tuned

NY Ruling May Change SW Subscription Handling

I was both bemused and pleased to read about NY Attorney General Andrew Cuomo having extracted a $375K settlement from both Symantec and McAfee to set aside what Network World reports as “…charges that they automatically charged customers software subscription renewal fees without their permission.” The gist of the argument is that customers didn’t receive sufficient warning that their AV service fees were really subscriptions that would renew automatically on a yearly basis after the initial purchase period expired. Here’s my favorite snippet from the story, a quote from Cuomo’s office: “Companies cannot play hide the ball when it comes to fees consumers are being charged.”

At least, in the enterprise world where service contracts are an important part of any volume purchase agreement, and must be invoiced yearly, things are a bit more explicit. But since so many IT administrators also dole out advice on home and personal gear and software, as well as take care of company or organization assets, you might want to let your users know that they’ll be able to opt out of automatic renewals in the future if they choose to do so.

Cynics see this tactic as a way to keep company revenue streams topped up, because they virtually guarantee ongoing cash flow once users sign up for a subscription. Both companies explain this maneuver as a way to help protect customers, especially by making sure they can keep their security software up-to-date. It will be interesting to see how their bottom lines fare as a result of this ruling (companies that do business in NY state are now required to refund such charges at user request, as long as users ask for a refund within the 60-day period following the posting of fees to a credit or debit card, bank account, or other payment instrument).

Personally, I think auto-renewal is a good thing, but that consumers shouldn’t be forced into accepting the arrangement. I also think that companies should be required to send a notification 60 days before auto-renewal occurs, and include opt-out information and links in such e-mails to make it easy for consumers who don’t want to stay on that bus to get off if they choose. I already get this level of service from companies based in the EU (where this sort of treatment is the norm), so US-based companies should be able to do likewise.

No More Morro: Meet Microsoft Security Essentials

In the wake of numerous leaks about the upcoming product, Paul Thurrot was finally allowed to go public on June 18 about the replacement product for Windows Live OneCare. Formerly code-named “Morro” (for the famous beach in Rio de Janeiro), the product is almost into public beta, and will be called Microsoft Security Essentials (MSE). His story about the product and its checkered history makes fascinating reading: check it out on his SuperSite for Windows. It looks like current plans are for general availability when Windows 7 goes into GA (on or about 10/22/2009). This offering will be free of charge, and will work with 32- and 64-bit versions of Vista and Windows 7 (32-bit Windows XP versions only).

In describing the product, Thurrot starts by listing what’s been rumored or reported about the product that isn’t true. Here goes my summary/recap:

• it’s not a “cloud computing AV solution” though it does support near-real-time updates
• There’s no managed firewall
• There’s no management facility for multiple computers on a home network
• There’s no application controls nor GPO capability

According to Thurrot, what MSE does have to offer essentially boils down to “OneCare minus the stuff that’s not related to fighting malware.” He also goes on to describe MSE as “small, fast, light, and effective.” Right after that he starts to elicit some incredulity when he says “…and since it’s built on the same award-winning underpinnings as Microsoft’s other security products you know you can trust it.” Wait a minute: is this for real. Yep! When I go off to look at the latest Virus Bulletin 100 (aka vb100) there it is with a vb100 sticker (but it appears that Thurrot is really talking about ForeFront which has also earned vb100s consistently starting as far back as June 2007 ).

I have to say that MSE appears to be a real boon, especially for users in need of low-cost/no-cost protection for virtual machines as well as real ones. According to Thurrot the public beta will commence next Tuesday on June 23. I think we’re going to have to check this out!