"Microsoft just doesn't get it,” says Panda security chief

According to Luis Corrons, of Panda Labs, Microsoft recently started installing MSE via its operating system update mechanism to computers which don't already have an anti-virus application installed.

"Basically Microsoft is saying they are worried about the security of its users and they need to make sure they are protected. Perhaps Microsoft is trying to position itself as a provider of secure operating systems given the market perception of Linux, Apple and potentially Google as having more secure alternatives to Windows OS, but that's a different story", he said in his security blog.

Corrons went on to say that Panda agrees with Microsoft in that it is better to have some protection than not having any at all.

"However the way the guys in Redmond are executing the idea is risky from a security perspective and could very well make the malware situation much worse for internet users", he said.

"That's why we encourage Microsoft to continue using Windows/Microsoft Update but instead to push all free anti-virus products available on the market, not just MSE", he added.

Panda's technical director noted that pushing out MSE as part of a Windows update is very bad idea, as the reality is that MSE only installs on computers with a valid Windows operating licence paid to Microsoft, meaning that the estimated 40% of PCs running pirated software are excluded.

Even Microsoft itself, he says, acknowledges that malware infections are more prevalent in illegal copies of Windows, citing recent comments from Jeff Williams, the principal group programme manager for the Microsoft malware protection centre.

The solution may well lie, adds Corrons, in securing the operating system itself, but, even though Microsoft has made significant improvements in securing the OS in recent years, there is still a long way to go as witnessed by the constant zero-day vulnerabilities that are published every month.

"In summary, while it's commendable that Microsoft is trying to protect users, offering only their own basic MSE anti-virus provides neither sufficient protection against today's threats nor does it solve the malware problem of millions upon millions of pirated PCs that will continue spreading viruses", he said.

"In fact, it can easily achieve the contrary by making it easier for hackers to infect users. Microsoft should offer the complete portfolio of more advanced and secure alternatives of free anti-virus products and time-limited versions of paid security suites, allowing users to choose any of them from the optional Windows/Microsoft update", he added.

What’s Hot on Infosecurity Magazine?