Saturday, November 22, 2008

Absent today, on to “Morro”; MS’s coming free AV tool

Earlier this week, Microsoft quietly let leak they would be releasing a new and free anti-virus tool for XP and Vista users. 

Improving Global Access to Core PC Protection: Q&A: Amy Barzdukas, senior director of product management, discusses Microsoft’s strategy to provide broader access to critical anti-malware protection. – Microsoft PressPass release.

Available at no additional cost,this new solution will focus on delivering easy-to-use protection from threats that can place personal information at risk and harm system performance.

This new anti-malware offering, scheduled to be released in the second half of 2009, will provide protection from a variety of threats – including viruses, spyware, rootkits and Trojans – and is specifically designed to address the demands of smaller PC form factors and the rapid increases in the incidence of global malware. This solution will be suitable for customers in emerging markets where infection rates tend to be higher,1 and where demand for entry-level PCs makes it even more important that protection be available that does not sacrifice system performance.

First Thoughts

I expect it will be offered in some fashion (I’m not yet saying “bundled”) with Windows 7 as well.

Kind of like how if you have Windows XP, you can download and install the free Microsoft Windows Defender anti-malware product. But if you have Vista, it comes pre-installed.

While Windows Defender does an acceptable job providing basic and free anti-malware protection to users, it doesn’t really provide any anti-virus protections.

That’s not to say that Microsoft doesn’t already address consumer’s anti-virus needs in a (very) limited scale. Remember the MSRT (Malicious Software Removal Tool) that gets updated each month? It’s installed on every XP and Vista system although most consumers don’t know it.

Information at the moment is sketchy, but either we will see a complimentary product to Windows Defender, or some new iteration that incorporates existing Windows Defender protection along with anti-virus/trojan type protections.  I say that as the Microsoft quote above specifically mentions “spyware”.

Windows Defender is an optional install for XP users and, as mentioned, comes included in Vista.  Because of the third-party anti-malware/anti-virus protection I have, I made the decision some time ago to disable Windows Defender. Nor do I run it on my XP systems.  I suspect and hope that Microsoft makes Morro either an optional consumer install or makes disabling/uninstalling it a simple and clean process.

They probably will to avoid ire of anti-trust/competition attention.

While Microsoft is generally hammered on the web for its constant insecurity and vulnerability patching, and OneCare hasn’t always received high-marks in efficacy tests, to those in the know, Microsoft’s security analysts work hard to understand and counter trojan and virus code. Regular reading of the following company blogs often finds great technical information on emerging and persistent threats.

Morro Tolls for who?

So who exactly is the targeted audience for Morro?

Definitely “emerging” markets where Microsoft/Windows hopes to gain a larger share.  Average consumers across the board looking for basic/free malicious file protections, probably technical users looking for something very simple to toss on their relatives pc’s that they won’t have to explain or continually return to tweak and babysit.  I expect “thin” platforms like Netbooks might be another target if Morro is (as claimed) designed light and lean and does not impact system performance over protection.

The biggest winner? 

Microsoft and their enterprise security product customers.

Why do I say that?

It almost seems “Dickens-esque”

Check out what Microsoft’s "Forefront” security product team blog says:

So, people may ask how does "Morro" compare to Forefront Client Security?  Will enterprise customers use it?  The answer is no, "Morro" is intended for consumers, whereas Forefront products are enterprise solutions, providing the capabilities and features required in sophisticated IT environments, e.g. centralized deployment, management and reporting, security state assessments, scheduled signature distribution, update management, etc.

It is worth noting that "Morro" will have a positive impact on Forefront, because it will allow Microsoft to capture even more threat intelligence from customers as more people use the free anti-malware solution.  We'll be able to use that information in our security research and the development of signatures and protection capabilities in Forefront.

Yummers!  Gads and Loads of juicy consumer-provided threat-intelligence data funneled up to Microsoft off the backs of the humble and poor masses so they can analyze and then develop improved signature and protection capabilities in their enterprise and upper-class threat-protection product Forefront.

I hope that doesn’t come off sarcastic.  It’s actually a brilliant move and the consumer (and everyone) wins in the end.  Microsoft’s offering of Morro just isn’t as altruistic as the spin might seem.

More opinions on Morro. 

Expect the discussions to grow, and become interesting as we begin to see beta releases.

I’ll be keeping my eye for beta versions and will be quick to test and evaluate when available.

The things I do….

--Claus V.

No comments: