Microsoft said it will release a public beta of its free antimalware software, now called Microsoft Security Essentials, formerly “Morro,” coming Tuesday for Windows XP, Vista and Windows 7.
Although Microsoft was vague about a final ship date — saying only that it would wrap up sometime this year — it was crystal clear that it will deny the program to PCs running counterfeit copies of Windows.
Microsoft pitched Security Essentials as a basic antivirus, antispyware program that boasts a simplistic interface and consumes less memory and disk space than commercial security suites like those from vendors such as Symantec Corp. and McAfee Inc.
“This is security you can trust,” said Alan Packer, general manager of Microsoft's antimalware team, when asked to define how it differs from rivals, both free and not. “And it's easy to get and easy to use.”
He stressed the Security Essentials' real-time protection over its scanning functions, which are both integral to any security software worth its weight. “Rather than scan and clean, which it also does, it's trying to keep you from being infected in the first place,” Packer said.
One of its most interesting features is what Microsoft calls “Dynamic Signature Service,” a back-and-forth communications link between a Security Essentials-equipped PC and Microsoft's servers.
If Security Essentials detects something suspicious, whether code or behavior, but can't pin either to a specific piece of malware, the software “phones home” to Microsoft servers to relay a short burst of information.
“If it sees something new, like a new binary, the client queries the back end,” Packer said. “The server can then ask for a sample, which the client sends as a hash.” At that point, if Microsoft has created a signature for the threat, that signature is immediately pushed to the PC. Security Essentials will ask the user's permission before sending a sample, Packer noted.
Security Essentials is the first Microsoft antimalware product to use Dynamic Signature, and the feature will be added early next year to the enterprise-grade Forefront line. “We actually identify [the things that trigger a 'phone home'] fairly loosely,” Packer said. “We have a list of known good software, of course, but outside that, if a program is doing things like hooking Autostart points in the registry, or trying to kill other processes, Essential will query the servers.”
Normally, signature updates are sent to Security Essentials daily via the Microsoft Update service, a superset of the better-known Windows Update.
In late 2008, this software, then codenamed “Morro,” was described as the replacement for Windows Live OneCare, the for-a-fee security software that will be put to pasture at the end of this month. OneCare was never able to gain more than a toehold in the consumer security software market.
Reports last week by the Reuters news service quoted a Microsoft spokesman as saying a beta would ship “soon,” and that Morro was being tested internally by company employees.
“I think this will succeed where OneCare failed,” said Roger Kay, an analyst at Endpoint Technologies Associates, “primarily because it's free.”
With OneCare, Kay said, Microsoft tried to compete with longtime consumer security developers, but couldn't make a convincing case that its product could do the job. Security Essentials, however, is a bare-bones version of OneCare that does the absolute basics, which is what users want, Kay added.
“Users want [Microsoft] to integrate security into the operating system and make it free, so they can be as safe as they can possibly be,” he said. “It just makes sense.”
Antitrust issues, both in the U.S., and more recently in the European Union, preclude Microsoft from adding something like OneCare or Security Essentials to Windows, Kay acknowledged. But that doesn't mean consumers don't trust Microsoft to deliver security.
Instead, Kay said, consumers will ask this question: “Is the free product as good as the paid product?” Because what users really want is to not worry about malware, Kay said that they'll answer “Yes.”
Microsoft will not give Security Essentials to everyone who wants it, however. PCs running a copy of Windows that Microsoft decides is counterfeit or pirated — “non-genuine” in its parlance — cannot download a copy of the security software.
“Non-genuine users are really difficult to defend,” said Microsoft's Parker, citing such things as malware pre-installed on counterfeit copies.
Kay agreed with Microsoft's decision, but admitted it was close to the edge. “They're saying 'We can't aid and abet these rogue systems,'” Kay said. “Protecting them [with Security Essentials] would make the rogue system more useful, but Microsoft wants to make them more useless. So I think that's fair.”
The public beta of Security Essentials will be available June 23 in the U.S., Brazil and Israel, with China added to the list later this year. It will run on Windows XP SP2 or later, Windows Vista, Windows 7 Beta and Windows 7 Release Candidate.