In a startling disclosure, Microsoft has finally admitted that their security software “Microsoft Security Essentials” is not sufficient to protect users from high-level threats, and advised Windows users to install anti-virus software manufactured by third party vendors to offer reliable defense against malware.
Microsoft Security Essentials was launched back in 2009 as a free solution for users looking to protect their computers from malware on the cheap. Shortly after launch, it quickly rose in antivirus software rankings beating established brands in performance, and since then has become the most used anti-virus software for Windows. Microsoft has actively supported this software and has also integrated it with Windows 8 as part of Windows Defender.
But lately, Microsoft Security Essentials has been performing rather badly in tests, having flunked a couple earlier this year. Now Holly Stewart, senior program manager of the Microsoft Malware Protection Center, told Dennis Technology Labs that Microsoft Security Essentials offers only “baseline” protection and recommended that users install an anti-virus on top of it for better security from advanced threats.
Ms. Stewart, however, stressed that “baseline” shouldn’t be seen as “bad”, and that the company is merely focusing on the most serious threats. “Baseline does not equal bad,” she said. “We provide a high-quality, high-performing service to our customers and if they choose not to buy [antivirus] on Windows 8… we want to get those people protected.”
"We had an epiphany a few years ago, back in 2011, where we realised we had a greater calling and that was to protect all Microsoft customers," she said. "But you can’t do that with a monoculture and you can’t do that with a malware-catching ecosystem that is not robust and diverse."
Rather than focus on making its own antivirus the best in the business, Stewart said Microsoft was "doing everything we can to protect against real threats" and passing data on those threats to antivirus makers, so multiple parties can target the problems.
"It’s not as efficient to have one kind of weapon," she said. "Like anything you must have that diversity. It’s a weakness to just have one."
Previously, Microsoft would spend resources trying to improve Security Essentials’ performance in tests. Now they are simply tracking emerging threats and sharing that data within the security industry, saying that’s a more meaningful way to protect customers. The new approach is likely to leave Security Essentials at the bottom of the test charts.
"We’re providing all of that data and information to our partners so they can do at least as well as we are," she said. "The natural progression is that we will always be on the bottom of these tests. And honestly, if we are doing our job correctly, that’s what will happen."
She added that Microsoft wants "everyone to do better than us because we know that makes it harder for the bad guys".
"The more we can help them [antivirus firms] differentiate themselves and give customers a good reason to pay for their products we know that that diversity is going to make it harder for the people who are our real competitors – the bad guys who are out there," she said.
I appreciate Microsoft for sharing data with other security firms, but fail to understand the logic behind not improving their own product. Maybe the anti-trust complains by rivals regarding bundling of an efficient antivirus with Windows has something to do with the change in approach?