MS Adds Security Suite To Update Service, Antivirus Rival Objects

CWmike writes "Microsoft has started adding Security Essentials to the optional download list seen by US Windows users when they fire up the operating system's update service, and antivirus rivals are crying foul. 'Commercializing Windows Update to distribute other software applications raises significant questions about unfair competition,' Carol Carpenter, a GM at Trend Micro, said on Thursday. 'Windows Update is a de facto extension of Windows, so to begin delivering software tied to updates has us concerned,' she added. 'Windows Update is not a choice for users, and we believe it should not be used this way.' If Windows doesn't detect working security software on the PC, Microsoft adds Security Essentials to the Optional section of Microsoft Update, a superset of the better-known Windows Update, or to Windows Update if it has been configured to also draw downloads from Microsoft Update. Microsoft made a point to say that it was not offering the software via Windows Update, but only through the Microsoft Update service, which also offers patches for new versions of non-operating system software, notably Office and Windows Media Player. But most users won't understand the distinction."

Re:Correct me if I'm wrong

[cdrudge]

Yes. Trend Micro's beef with the issue is not that Microsoft has the security suite, but that it's including it in Windows Update. Given a choice between just "updating" your machine to install the security suite and forcing people to go search for other options, people are going to go with the update. Further, by putting it in with the updates it gives people the sense that they need it as part of a fully patched system, when it's not necessary and there are competing products that may be better.

i actually like this

[atarione]

forefront and MSE are actually pretty good (MSE being built from forefront).

Their foot print on a system is quite reasonable (unlike many av suites) they do a good job of doing what they should do and staying out of the way. We all pay the price of way to many totally unsecured systems connected to the internet. FTFA the update only appears when no security software is detected on the system, So this will be being offered to users that would otherwise have no av protection at all.

I can see where MSE being offered free (and now offered via windows updates) would make other av vendors unhappy ..but f*ck them far to many of the consumer orientated av offering are just terrible bloated piles of junk.

GOOD!

[DIplomatic]

Good! I personally love Microsoft Security Essentials. It does exactly what you want in a Virus Protection Program: 1) Keep an icon in the system tray indicating that "You Are Protected" 2) Stay out of your way and use very few system resources.
In all seriousness, I am a corporate IT technician and I prefer MSE over any other memory-hogging, system-crippling, scaring-you-with-false-warnings virus program out there.
Plus it's FREE. FREE!

Re:No need to fuss

[JonySuede]

I'm assuming that soon enough we'll be seeing in WSUS, which, when combined with the GPO software installation facilities in AD, will replicate the high-end corporate AV.

No you wont, the product you are talking about is named forefront and it is not free it cost about 2000$ per server and 15$ per client

Re:Correct me if I'm wrong

Except its listed in the Optional section, which is completely ignored if you just keep clicking next on Windows Update like 99% of people, and it only shows up there at all if you don't have any other AV installed. Seems fairly reasonable to me (and I truly fucking hate Microsoft and everything they do).

Re:Correct me if I'm wrong

[random+coward]

I tend to agree with the above. I intended to post basically the same. Software added to the OS to fix security flaws in the architecture has a good argument as being part of the OS. If MS hadn't tried to claim the browser was a core part of the OS I doubt many people would have an issue with this being added.

Re:Forget the past...

Please Read the Summary...

If Windows update detects you have no Anti Virus package installed, it adds the Microsoft Security Essentials as an OPTIONAL download that you can CHOOSE to have.
Just like the Browser Election ballot Europeans got (Which listed many alternatives to Internet Explorer) it's the user's Choice to install the software or to acquire Anti Virus software on your own.

Re:Waaambulance.

[mlts]

I have tried many other products. On the consumer level, there is really no significant benefit the other guys have over MSE that makes it worth the cost per year. The only product I'd probably recommend would be Sunbelt Software's offerings because their products are good at delousing a machine when it can't be taken apart and fixed by someone with a clue. Suites [1] are a different story, but antivirus products alone, there isn't much anyone else has that MSE doesn't on the consumer level.

Enterprise-wide, different story. Products like Forefront or Symantec Endpoint Protection provides far more than just a "virus condom". As an IT guy, I can have it to stop "hacking tools" such as most serial number grabbing utilities, have it lock out USB flash drives, give me comprehensive reports from the Windows side of the house, hook with NAC to ensure that if a Windows box doesn't have AV, it doesn't get connected (for CYA reasons rather than technical), and loads of other stuff that matters in business.

So, on a personal level, I would just be content with MSE. If an acquaintance called up saying, "OMG, my computer is infected", I'd tell them to download Sunbelt Software's offering and let it attempt to clean the machine. If I were running a business, I'd spring for SEP or Forefront because of the enterprise level features.

[1]: Antivirus + firewall "suites" are pointless in any Windows version post 2000. Want a firewall? Get a hardware router, so blackhats don't have a small window of attack when a machine starts up or shuts down, and the software "firewall" isn't loaded and hooked into the IP stack.

Re:They all need to shut up

[Totenglocke]

Just an FYI regarding firewalls - if you're on Win 7, there's no need to pay for a firewall because Win 7 finally has a good built in firewall.

Re:No need to fuss

[Enderandrew]

This is only being suggested to people with no anti-virus solution on Windows. Those people likely don't know what they're doing.

And actually, I'd recommend Microsoft Security Essentials over Symantec, McAffee, etc.

Re:"Raises" questions ?

[CodingHero]

it IS unfair competition itself. it was what was done with ie against netscape, and media player against others.

Not quite. Media player and IE come pre-installed on your machine but this is explicitly labeled an optional download. Being part of the "optional updates" means it will be presented to users as an option. They will not be in any way forced to download it and in fact will have to go out of their way to deliberately check the box to get it, something most people (i.e. my mom) probably won't do assuming they even realize the option exists.

Actually major media player updates (e.g. version 11 if you have version 10) are listed as optional as well if I recall correctly.

Re:Correct me if I'm wrong

[Bigjeff5]

Most of Microsoft's anti-trust trouble, at least in the US, had nothing to do with bundling the browser anyway. It gave them more trouble in Europe, but here the problem was MS was threatening PC retailers who wanted to bundle other browsers (namely Netscape) with their systems.

That's anti-competitive behavior, and we have laws against it. Europe reacted more harshly and forced MS to not ship Windows with a default browser. It ships with IE, but you have to set it as your browser of choice first.

Re:No need to fuss

[EdIII]

... any good Linux administrator has handled customer boxes that have been thoroughly rooted, tossing your argument out the nearest window.

Is that really true though?

There is the argument that Microsoft is a larger target due to their market share and this is why there exists more 0-day exploits against their platform. To be more fair, Adobe shares a pretty large portion of that responsibility too.

However, all things being equal, I think Linux does have a greater level of security out of the box than any Microsoft product. I am not going to present a reality distortion field, like there is often around Apple, and say that there exists no 0-day exploits against Linux as a platform, but to say Linux and Microsoft are equal in this regard is just not true.

Most of the Linux boxes that I have seen that are rooted are due to poor management (open SSH with very weak passwords, failing to review logs, etc.), and not actual exploits. Once again, I am not saying that they don't exist, but there are fewer of them.

It's popular to bash Microsoft, and the poster you replied too was rather flippant, but all things considered I think it is a fair statement to say that Microsoft has been lackadaisical in their approach to security and Linux is inherently more secure.

In my mind, this makes rooted Linux boxes an oddity and a statement against the Linux sysadmin. Lazy sysadmins can setup a Linux box to be rooted in no time at all. MS syadmins on the other hand, have a harder job to perform and even a great sysadmin can find themselves facing a nasty 0-day exploit against their systems regardless of well they update and maintain their systems.

Re:No need to fuss

[PhunkySchtuff]

Symantec have two levels of offerings.
Their enterprise AV (Symantec branded) is outstanding.
Their soho AV (Norton branded) on the other hand is a salty bag of balls.

Re:Correct me if I'm wrong

[Deathlizard]

From the article, it says that it won't pop up unless you either have no AV product, or the AV product is expired. And even then, you have to manually browse windows update to see optional updates.

It's not like you're going to turn on your PC, and all of a sudden it's on there out of the blue.

Re:No need to fuss

[hairyfeet]

Well here is a nice tool that you may like..WSUS Offline Update. Don't let the name fool ya, you do NOT need a WSUS server to enjoy this puppy. It makes Autopatcher look lame by comparison. It lets you download ALL the Windows Updates for ALL the current OSes, both x86 and x64, PLUS all the Office updates, PLUS the Service Packs PLUS MSE definitions, hell if you get it this month it'll even give you the full Win2K updates for those that have old machine they want to add the final updates for.

And the best part is after it is done you can have it either burn a DVD with ALL the x86 updates, along with another for x64, or have it burn separate discs for each OS version, OR have it load itself onto a thumbstick. Basically it is like having a full WSUS server in your pocket. Great for fixing PCs. Just clean, update, and use Ninite to automate the install of the common apps like Firefox, Chrome, Flash, Java, etc. Ninite also has MSE ready to go along with Malwarebytes. All automated, just pick the apps and go. easy peasy!

As for TFA anything that will cut down on infected PCs I'm all for it. I may make my living fixing and selling them, but my Internet gets slowed down by bots and I have to deal with spam like everyone else. If this helps insure that so many boxes aren't sitting there with a horribly out of date POS Norton Trial-ware sucking space than I say great! Frankly it is the AV companies own fault if they lose share, the past few years they have all seemed to jump on the "kitchen sink" approach with a ton of apps most never need, and the bloat is just insane. MSE is fast, it doesn't suck up the RAM and bog out the machine even with the older P4s, I have NO problems with it.