Commercial Anti-virus vs. Microsoft

Written by

It’s often the case when I set out and write a news feature that I typically end up with far more copy than space allotted in our print edition. My most recent feature on Windows 8 security is no exception. Thank goodness for this blog, and its ability to serve as a venue for all those unused bits.

Below is content I had planned as a sidebar to accompany the story, but space being at a premium, a grudgingly gave it the axe. The content, however, still has some value.

As I researched initial reactions to Windows 8 security, one of the questions I asked everyone interviewed was whether the new Windows Defender security suite that comes pre-installed on Windows 8 machines would spell the end of stand-alone commercial anti-virus. After all, why would someone pay for something when they can get a similar tool for free? The question seems entirely appropriate given our recent coverage on anti-virus market share, which shows Microsoft’s free Security Essentials gobbling up some of the competition. Here is what some of the experts I interviewed said about the topic…

Killing it Softly?

Aryeh Goretsky, a researcher with security firm ESET, recently wrote a white paper evaluating the new security features of Windows 8. The new operating system will come with the pre-installed Windows Defender security suite, which has led some to predict the demise of commercial anti-virus offerings. It’s a prediction we have heard many times, Goretsky reminds us.

“Windows Defender as included with Windows 8 is a good product and does, in fact, provide a decent level of protection, especially when compared against other free anti-malware programs. However”, he added, “Windows Defender does not contain many of the advanced features of paid-for solutions….As with other free anti-malware programs, support options for Windows Defender are limited”. Perhaps we shouldn’t be surprised by Goretsky’s assessment because, after all, he does do his research on behalf of one of the world’s largest security firms – one that happens to offer commercial anti-virus products.

IEEE’s Kevin Curran says the beginning of the end for commercial AV came some time ago, with the introduction of Microsoft’s free Security Essentials. “Microsoft realized that they had to take control of security themselves”, he offers up in analysis. PC manufacturers’ channel deals with commercial providers, Curran noted, means they will continue to provide pre-installed AV on machines, with less and less tech-savvy people continuing to purchase and renew these products. “I feel sorry for these people”, he admitted, adding there are plenty of effective, free offerings available. Curran stated there will always be a market for commercial AV because of this, “but I wouldn’t buy shares in an anti-virus company”, he said jokingly.

Forensic analyst Paul Henry admitted that he’s been using Microsoft’s free anti-malware tools for some time. “And as bad as the catch rate is on signature-based AV, I just abandoned the commercial stuff and when to [Microsoft’s free version] myself, even in my own forensics lab. I’ve been pretty happy with it.”

“We can stop asking consumers to go out and buy anti-virus – it’s just built in”, remarked Stephen Sprague of Wave Systems “You have a solution that’s in the box.”

Sprague doesn’t see legacy AV providers disappearing anytime soon, reflecting on the fact that most of these companies have diversified their security portfolio. “But I haven’t used third-party anti-virus for a couple years – I use the Microsoft stuff and it seems to work really well without performance impacts”, he opined.

The Wave Systems CEO said it’s too soon to tell if Windows Defender is the death knell of stand-alone commercial AV, but he believes it could be quite possible: “Hopefully we will look back ten years from now and say, ‘you use buy software that did that?’ ”

What’s hot on Infosecurity Magazine?