Thursday, October 10, 2013

Revelations about Microsoft Security Essentials, What do they Mean for Windows In-Tune?

The Echo Chamber Speaks

Microsoft Security Essentials - It's bad! No, wait, no it's good enough!
For a few years now, security professionals such as myself have recommended to home users to run Microsoft Security Essentials as a good, basic, free anti-virus program. 

The internet echo chamber has made much of a recent interview with Holly Stewart, senior program manager of the Microsoft Malware Protection Center. She indicated that the company is no longer focusing on making MSE the 'best' testing anti-virus program but rather they are focusing on providing information to the community of anti-virus and anti-malware software makers. (A rising tide lifts all boats...)

Thus putting out a nuanced message completely misunderstood in the wild. It seems like every tech journalist is jumping on the "dump MSE" craze. But I have to say that is just a bit too quick. 

For the home user that needs something basic that doesn't break when the subscription needs to be renewed, MSE is still a good solution. (With windows firewall, Secunia PSI and Malwarebytes...)

What others should learn from MSE

One thing that some other providers should learn from Microsoft is that you CAN make an antivirus product that doesn't get in your face all the time and demand attention. For example Avast's free antivirus is just bloody needy, and AVG free which I used to recommend hides the download link behind a ton of advertising (for the fee based version) - and it has a habit of forcing you to upgrade (and find that hidden link) every so often.

The time-limited trials that come on OEM equipment are also a bad idea. I would like to know what percentage of these free trials are never updated after the trial period expires? I have seen a lot of home machines that have expired 'trial' antivirus. And worse, sometimes it is a poorly rated product to begin with! 

Both of these issues lead to computers that have out of date or not functional antivirus... MSE is better than that, as a baseline.

And then in today's news...

Hear Ye! Hear Ye! "It's Good Enough"

We are proud of the protection capabilities we provide for well over 150 million computers worldwide with our real-time antimalware products. We believe in Microsoft antimalware products and strongly recommend them to our customers, to our friends, and to our families.

Here are the competing messages as reported on
No No No
Maybe Maybe Maybe

To quote my old friend Robert W. Warden, "Feh!"

Greater Concern - Windows InTune

I don't have a concern about home users running MSE - if Windows Firewall is running - and patches are updated. In fact I set up systems with MSE and Secunia's wonderful PSI which helps me to keep everything patched and up to date. MalwareBytes free can tighten up the anti-malware side. Geeks out there can take a look at Microsoft's EMET for other options.

But for businesses that use Windows In-Tune the question is how does the lack of sharpness around MSE's detection and mitigation capability affect the anti-virus offering in Windows In-Tune?
We already know that we can't use another provider's anti-malware product with Windows In-Tune.

Is MSE the same as EndPoint Protection?
It seems that Endpoint Protection includes additional tools for deployment and management. That's not helping improve detection....

And this from the big brother product "System Center Endpoint Protection."
Industry-leading Malware Detection
System Center 2012 Endpoint Protection uses the same industry-leading antimalware engine as Microsoft Security Essentials to protect your employees against the latest malware and rootkits. The engine protects against both known and unknown threats with a combination of highly accurate signatures and behavioral detection techniques. It has been highly ranked in independent third-party tests, such as those by AV-Comparatives and VirusBulletin, with special distinction for its low false positive rate.
Industry leading, until we tell you it isn't... Ooops.

So, until we hear otherwise we have to assume that Windows In-Tune only provides basic protection.
Oh - and forget beefing it up with an after-market product.

On a strategy note - I think that Windows In-Tune would benefit from integration of different anti-malware products with something like an App Store strategy. Windows In-Tune is a great idea (one that could put me into retirement!) that needs a little more secure underpinnings...

No comments: