Microsoft's Free AV App May Be a Non-Starter

CWmike writes "Microsoft is preparing to launch a public beta of Morro, the free anti-malware it announced last November, according to reports. Morro will use the same scanning engine as Windows Live OneCare, the software that the free software will replace and Microsoft's first consumer-grade antivirus package. OneCare is to get the boot as of June 30 (along with finance app Microsoft Money). John Pescatore, an analyst at Gartner, has questioned whether users would step up to Morro even if it was free. 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' he said. 'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?' Not surprisingly, competitors have dismissed Morro's threat to their business. 'We like our chances,' Todd Gebhart, vice president in charge of McAfee's consumer line, said when it was announced OneCare was a goner. 'Consumers have already rejected OneCare,' added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation.'"

As long as..

[NervousNerd]

As long as it doesn't suck as much as Norton (slow, hard to remove), I'll take a look at it. Right now I'm running ClamWin, and I'm looking for a better (free) anti-virus.

Re:

[houstonbofh]

Have to say I am with you on this one. And there is only one free product you can put on business PCs, so the only competitor is ClamWin in that (not small) market.

Re:

[Chrisq]

AVG Free Edition [avg.com] is pretty good too.

Re:As long as..

[Zxarr]

Avast Antivirus [avast.com] is pretty good too. It's free, but you need to register yearly.

Re:As long as..

[ShieldW0lf]

Motive: They're trying to seize control of their botnet back from the Chinese.

Re:

[FatdogHaiku]

Yes, but every few months they'll release a new version and the old version refuses to update. At least, that's how it always worked for me.

I agree. Also, each new version seems to be slower, bigger, and more naggy about purchasing an upgrade. A couple weeks ago I switched to Avast4 free edition. I had used it back in Win98 days and it seems to be doing a good job with less system overhead.

Re:As long as..

[PhracturedBlue]

According to a-v comparatives:
http://www.av-comparatives.org/comparativesreviews/corporate-reviews [av-comparatives.org]

Microsoft's AV software is very good. It has low false-positives and generally scored quite well. If the same capability is free, I don't see a reason not to recommend its use. I certainly don't work for a-v comparatives, but they were around before Microsoft was in AV business, and their top rated software changes pretty freqeuntly. I'd call them reasonably unbiased, but judge for yourself.

Re:

[GordonCopestake]

"Microsoft's AV software is very good. It has low positives and generally scored quite well."

There fixed that for you

Re:

[AmiMoJo]

The results from AV Comparatives are not the whole story. Livecare tends to take a while to get updated with the latest viruses. It's heuristics are not that good either, and it often fails to remove malware it finds.

Norton is actually one of the best of detection rates, but again suffers from not being able to remove a lot of stuff. It used to be dog slow, and to be fair the latest version isn't exactly quick but it's a vast improvement. It looks like they re-wrote the interface from scratch.

On the free si

Microsoft's disjointed AntiVirus strategy

[Gary W. Longsine]

Microsoft has, for years, maintained three separate tools in this space (that I know of, there might be others). They change the names of them periodically, to confuse their hapless victims.

Microsoft Windows Malicious Software Removal Tool [microsoft.com]
You gotta read this page. They release a new version every month. It apparently cannot remove viruses which are not actively running. Why is this tool not built in to Microsoft Windows Defender?

Windows Live One Care [microsoft.com]
This link shows a forum moderator, chastising a poor infested user for asking a question about a different Microsoft antivirus product -- Microsoft Windows Defender. Why are these separate products, again?

Microsoft Windows Defender [microsoft.com]
Formerly known as Microsoft AntiSpyware.

These should be one product. The fact that Microsoft maintains three separate products to deal with this problem is, itself, an indication of a very serious ongoing problem at Microsoft. As a company, they still don't take this seriously.

Re:

[glennpratt]

This is idiotic, have you seen how many products other companies produce?

I'll just give you some example analogs off the top of my head:

Symantec Virus Removal Tools

Symantec Antivirus

Norton Internet Security

And in response to your questions.

Malicious Software Removal Tool is targeted at the biggest threats and designed to be distributed via Windows Update, it helps protect unmonitored PCs from the biggest threats. Live One Care is an antivirus suite that is, or at least wasn't free, so of course it was a di

Re:Microsoft's disjointed AntiVirus strategy

[DragonWriter]

Microsoft Windows Malicious Software Removal Tool

Whenever I see that name, my mind initially takes it as a Software Removal Tool that is Malicious rather than a tool for removing malicious software.

Re:Microsoft's disjointed AntiVirus strategy

[Z34107]

The "Malicious Software Removal Tool" is pushed through Windows Update. It's not meant to be a full-blown virus scanner, just an install script that will neuter a few of this month's viruses. It's created for the computer illiterates with no virus scanner in the hopes that they left Automatic Updates on.

Windows Defender was supposed to be a very basic, lightweight application to provide some warning that you're infected It's part of Windows Vista, installable on Windows XP, and has some nifty functions that fall between msconfig and HijackThis. I can't speak to it's detection rate, but our help desk has gotten a few calls from people who didn't realize they were infected until Windows Defender told them so.

Windows Live OneCare was their attempt at competing with Symantec or Network Associates. They bought the basic engine from some other company, saw that the entire thing was written in VB 6, facepalmed, and rewrote it as OneCare. It also helps with remote backups and whatnot.

They really shouldn't be all one product, as they serve completely different purposes. Although if they made Windows Defender a bit more powerful, they'd have an uninstallable version of Live Care.

Re:As long as..

[Opportunist]

Well, to give Norton some credit, they've been working on their removal procedure and it's now easier to remove.

So (since my boss once said "if you can't say anything good about your competitor, say nothing"), I can now not only say "Norton has a good looking box", I can also say "It's fairly easy to remove it".

Re:

[SatanicPuppy]

I assume you mean, "Remove it from the box."

If it is now possible to remove Norton without reinstalling the OS, then that's a big improvement. Regardless, I'm not a fan. It still hogs cycles at weird intervals. If I haven't downloaded anything, and I'm not running a scan, then W.T.F is it doing?

Re:

[Opportunist]

That's something that puzzles the whole industry. But not to a degree that we care too much about it.

Re:

[JSmooth]

go look at norton 360 v3. It installed in less than 90 seconds and has almost 0 impact on system performance on my father-in-laws very messy XP workstation with 512MB of RAM (about 4 year old pc)

Norton has come ALONG way in the last 2 years.

disclaimer: I no longer work for Symantec but I do still own some of their stock

Re:

[vux984]

Have you looked into what your ISP might offer?

Around here Shaw gives all subscribers "Shaw Secure" for free which uses the F-Secure engine. I highly recommend it to people around here on Shaw -- its decent software, with decent support, no ads or nagware component, and its already bundled with your internet service.

Telus also offers an antivirus package with their high speed ADSL. I have less experience with it, and don't know what engine it uses, but you can use it for free with up to 5 PCs, and again tec

Re:

[Miseph]

Avast! only nagged me once in the last 12 months, when it wanted me to re-register it tried selling me on the pay versions... but other than that, it just quietly works away.

Am I missing something?

[Raindance]

I'm not the biggest Microsoft fan out there, but this summary feels a little over the top.

'We like our chances,' Todd Gebhart, vice president in charge of McAfee's consumer line, said when it was announced OneCare was a goner. 'Consumers have already rejected OneCare,' added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation.'"

How can you say that with a straight face? The difference between for-pay and free is huge. And rebranding can make a big difference-- look at the recent success of Bing, for instance.

Personally, I think people are aching for alternatives to the current big players like McAfee. I'm reminded of this [slashdot.org] recent slashdot story-

"'Security firms Symantec and McAfee have both agreed to pay $375,000 to US authorities after they automatically renewed consumers' subscriptions without their consent.' The two companies were reported to the New York Attorney General after people complained that their credit cards were being charged without their consent. The investigators found that information about the auto-renewals was hidden at the bottom of long web pages or buried in the EULA."

I think something that's free and easy to use can compete very well against this sort of customer abuse.

p.s. anyone else find the quotation by John Pescatore completely unintelligible? Either he's very confused with his analogies or was misquoted.

Re:

[drinkypoo]

Personally, I think people are aching for alternatives to the current big players like McAfee.

I'm aching for alternatives to bloatware like AVG, actually.

Re:

[Spazztastic]

Personally, I think people are aching for alternatives to the current big players like McAfee.

I'm aching for alternatives to bloatware like AVG, actually.

Avira [free-av.com].

This, of course, is for home and personal use.

Re:

[drinkypoo]

Thanks, I'm giving it a try. I've been using Vista for a few days and I'm getting nervous (the jokes practically write themselves) and think I should have some AV.

Is it worth getting more spam in my gmail spam folder to do some trialware crap and get the premium version? I already have over 10,000 messages in there, what's another thousand or so?

Re:

[Spazztastic]

Is it worth getting more spam in my gmail spam folder to do some trialware crap and get the premium version? I already have over 10,000 messages in there, what's another thousand or so?

Im using the trial version of the premium suite on my new PC (procrastinating on buying it) and I have only gotten a handful of e-mails, only reminding me to purchase it or that my trial is expiring soon. Not too bad, IMO.

Re:

[Bert64]

Use an anonymous mail service to sign up...

http://www.spamdecoy.net/ [spamdecoy.net]
http://www.dodgit.com/ [dodgit.com]

etc...

Re:

[Opportunist]

Avira free edition is not trialware. It's a limited version of their pay-for AV suit (iirc it doesn't come with proactive mail protection), it's a normal AV on-demand and on-access scanner. The drawback to their pay-for version is that license expires after a year and you have to download a new version and reinstall it, and you get a huge splash screen once a day during updates telling you how awesome the pay-for version is.

Re:

[dtfinch]

For one, it creates lots of temporary files for every file it scans, trying to extract them like an archive whether they really are or not. That's why it scans so slowly, and will thrash your hard drive even if you're scanning files elsewhere, like over the network.

Re:

[aj50]

And will pop up a reminder every two days to inform you that for only 19.95/year you could be using AntiVira Premium.

I got so fed up with it that I'm probably going to end up paying for NOD32 [eset.com]

Re:

[Spazztastic]

And will pop up a reminder every two days to inform you that for only 19.95/year you could be using AntiVira Premium.

It's non-intrusive though. You click OK, and it goes away. No more for two days. It's preferable to the alternatives that are out there.

I ended up buying a 3 year license for $129.99(US).

Re:Am I missing something?

[aj50]

A huge advert window opens, minimising the fullscreen game that I'm playing to tell me to buy their product.

This must be some use of the word "non-intrusive" which I am not aware of.

Admittedly, I didn't have any problems with it as an anti-virus package, it was much better than bloated "full protection" software packages from Symantec and McAfee but I feel it's cheating somewhat to advertise your product as "free anti-virus" and then use it as a platform to advertise the pay-for versions which just have more features that I don't want.

Re:

[Opportunist]

Do what I did, schedule the update for 3am and you just have to close a window when you come home after school/work.

Re:

[Corporate Troll]

It's non-intrusive though. You click OK, and it goes away. No more for two days. It's preferable to the alternatives that are out there.

and then

I ended up buying a 3 year license for $129.99(US).

So, the system works? You bought from them, that's the whole point...

Re:

[DragonWriter]

It's non-intrusive though. You click OK, and it goes away. No more for two days. It's preferable to the alternatives that are out there.

How is an advertisement popping up every two days preferable to, e.g., what Avast! Home does, which is give free license keys that are good for a year, and only prompting you for an upgrade when they get ready to expire (you can, of course, choose instead to renew with a new free key, as well.)

Re:Am I missing something?

[donatzsky]

Try one of these:
http://www.wikihow.com/Remove-the-Popup-Ads-in-Avira-Antivir [wikihow.com]
http://www.tipsfor.us/2007/08/15/make-avira-antivir-free-edition-more-usable/ [tipsfor.us]

Re:

[Deathlizard]

I second this.

Blows AVG out of the water, and consistently scores high on virus software comparasions. Latest version seems to cause some performance issues on lower spec machines, but still scans like a champ.

Re:

[hidannik]

Avast. I don't know about how it compares to AVG, but compared to Norton, McAfee and the like it's far less of a resource hog. Hans

Re:Am I missing something?

[houstonbofh]

It gets confusing when Norton and McAffe are the evil entrenched duopoly, and Microsoft is the plucky young upstart. Reminds me of the early 80s.

Re:

[lorenlal]

How can you say that with a straight face? The difference between for-pay and free is huge. And rebranding can make a big difference-- look at the recent success of Bing, for instance.

Not going to argue with Bing... but in the business market for-pay and free are not always that huge a difference. It depends on the buyer, and what the "for-pay" gets you. There are plenty of companies that absolutely require some sort of support for a given product. In addition to that, there are minimum requirements that the software must meet just to be considered. By the looks of this move, since Morro is going to use an engine from a product that absolutely flopped and died, then chances are Morro

Re:

[VertigoAce]

Morro (and OneCare) are for unmanaged computers (home users, perhaps small companies). Forefront Client Security is the anti-malware software intended for business use. Both will use the same anti-malware engine, but FCS has all of the manageability and reporting that you would expect in an enterprise.

I don't really see Morro as an attempt to compete in the home anti-virus market (in other words, Morro is not intended to take sales away from any of the other vendors). The real goal is to try to have anti-vi

Re:

[Bert64]

AV *kinda* works because not everyone has it, and there are lots of different ones out there...
If you end up with a single default AV everywhere, then it just becomes another function of windows that malware authors will learn to work around.

Windows has steadily been gaining features designed to make life more difficult for malware authors, and yet new malware comes out all the time with new methods to work around such features.

Re:

[emurphy42]

p.s. anyone else find the quotation by John Pescatore completely unintelligible? Either he's very confused with his analogies or was misquoted.

This page [realtechnews.com] places it in more coherent context:

After Microsoft's announcement last year, John Pescatore, a Gartner analyst, wasn't betting that consumers users would use Morro even if it was free, due to the fact that you would be installing one MS product to fix the security issues in another MS product (the OS). And that also, he indicated, was on reason why OneCare wasn't doing so well, either.

"Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft pro

Re:

[emurphy42]

And another one [computerworld.com]:

However, John Pescatore, an analyst at Gartner Inc., questioned whether users would step up to Microsoft's free software. Noting that Windows Live OneCare "hasn't made a dent" in market share, he argued that one reason consumers have steered clear of Microsoft's security software was distrust.

"Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products," he said. "Think of it this way. What if you smelled a rotten egg odor in your wat

Re:Am I missing something?

[Deathlizard]

what bothers me most about this article is this line

'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,'

At this point, most malware doesn't hack Windows, it hacks your brain. It tricks you into executing it. The only vector that is even being used extensively anymore is Office, Acrobat, and Flash, MS has been phasing out older formats and patching up the holes and Adobe is finally waking up and doing something about their security issues. even in those programs, most of the time a Trojan file is involved.

On top of that, the most recent malware doesn't even need administrative privlages. It simply installs in your user account directory and starts up when you login. I see absoletly no reason why this method of execution wouldn't work in any other OS, Be it Linux, OSX, or BSD regardless of security settings.

Re:

[Kamokazi]

I agree. It's one thing to call out Microsoft for their many mistakes, but it's comepletely different to be so rabidly anti-MS that you start making yourself appear stupid. I really thought this statement kind of shows what kind of an idiot this guy is:

'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,'

Most malware is not something that exploits vulnerabilities inherent in the product, they exploit the easiest vulnerability of all: the user. A lot of what AV programs do is protect stupid users from infecting their own PCs. Really, it doesn't remove any

Re:

[Kamokazi]

This is what I get for not reading the children posts before replying. The guy above me just said almost the exact same thing.

Re:

[adisakp]

How can you say that with a straight face? The difference between for-pay and free is huge. And rebranding can make a big difference-- look at the recent success of Bing, for instance.

You forgot to mention bundling. If MS includes Morro by default with Windows 7, then they're instantly going to have the largest AV/AntiMalware share on Windows 7. Just like IE and the browser war. Anyone who wants to compete with free and bundled has to offer a similar product for free -- don't believe me? The last time anyone actually paid for a browser on Windows was probably about 6 months after IE came out for free.

Latest AV-Comparatives report..

[Henk Poley]

As much I would like to bash Microsoft from time to time. latest AV-Comparatives report [av-comparatives.org] has them up there with ESET NOD32. With Microsoft you never know if that included some sums of money, but yeah.

Re:

[Opportunist]

There are good reasons not to use a MS antivirus suit. First and foremost the "same vendor" reason: Why should I trust a vendor to plug a security hole he himself opened up, and by applying an additional layer of defense instead of plugging the hole in the first place?

Would you trust your plumber if he told you "I can't fix this leaking pipe, but here's a bucket."

Now, I wouldn't go to Norton or McAfee either for protection, but there are alternatives, and by far better alternatives. For private and corporat

Re:

[Psiren]

Personally, I think people are aching for alternatives to the current big players like McAfee.

Damn straight. Our students use McAfee because our parent institution has a site license. Frankly, it's the biggest pile of crap going. It takes ages to scan, uses huge amounts of resources, and then proceeds to do fuck all about most of the infections. Those that it does claim to remove are actually still there afterwards. Frankly, I wouldn't install McAfee if they were paying me. Given the choice between that and Microsoft, I know which way I'd go.

Re:Am I missing something?

[Blakey Rat]

And rebranding can make a big difference-- look at the recent success of Bing, for instance.

Bing is, technically, far superior to Live Search. It's not just a re-branding.

(With one exception: people raving about Bing's image search UI obviously never used Live Image Search, which is nearly identical UI-wise. Bing still returns better, more relevant, results though.)

Re:

[NatasRevol]

So you're blaming third party vendors for exploits in Windows???

It's not Microsoft's fault all on their own???

Re:

[CastrTroy]

Windows is an operating system. It's supposed to run whatever code the user tells it to run. If the user tells it to delete all system files, or send out 50,000 emails, it should do that. Once it stops doing exactly what the user instructs it to do, and tries to stop you from doing stuff because it thinks you shouldn't, it becomes more obtrusive I think that MS should fix problems with their own applications that cause code to get run without the user knowing it, but there's a lot of viruses that come

Re:

[NatasRevol]

I won't argue with anything you said except "Most..."
There are lots of viruses, malware etc that you can get from so-called drive-by installs. Open ports are another way that is still infecting lots of machines

Re:

[RobDude]

There is a difference between a software vulnerability and malware/viruses.

Even in a perfect OS, where there are no software vulnerabilities, you can still have malware and viruses. They'd just exploit human stupidity and not software flaws.

You gotta love it

[Rosco P. Coltrane]

Microsoft, the virtual inventor of buggy bananaware and OS monoculture that enables mass distributable malware gets into the A/V market. Sounds like Typhoid Mary selling antibiotics...

Re:

[L4t3r4lu5]

Hey, when you have direct access to the source of infection, you're almost guaranteed to produce the best cures...

Unless you're Microsoft.

Re:

[Rosco P. Coltrane]

I suppose most Microsoft programmers are fundamentally honest, so they surely don't want to produce bad code. But they do, so they must possess a certain degree of incompetence. Do I trust incompetents to correct their own mistakes? If they could, they wouldn't have made them in the first place.

As for management, they are known to rush software out the door with critical bugs and huge inefficiencies because they don't care about good software, they care about sales, and when you work for a monopoly, product

Re:

[mr_mischief]

What MS possesses for the most part are project managers who ship profitable software. One way to keep your software more profitable is to let your customers do a good portion of your quality control so you can get to market early and fix the biggest problems in a patch later. It shows little pride of workmanship, but it's sound business so long as your product is at least just good enough to sell.

Re:

[plague3106]

I suppose most Microsoft programmers are fundamentally honest, so they surely don't want to produce bad code. But they do, so they must possess a certain degree of incompetence. Do I trust incompetents to correct their own mistakes? If they could, they wouldn't have made them in the first place.

What cereal box did you get your CS degree from? Making a mistake does not make on incompetent. All complex systems have some flaws.

Re:

[Rosco P. Coltrane]

Getting a virus when receiving an email with a doc file attachment has nothing to do with suckering people into installing software. There are plenty such examples where computer-savvy owners, who aren't suckers, get malware anyway. This [informationweek.com] would not happen if the OS was not to blame otherwise.

Re:

[plague3106]

Get off it already. Do you have something more recent than five years ago?

Re:

[RobDude]

There are examples of software exploits that allow malware to infect a PC without user interaction. Yes, they exist.

To date, there have been zero operating systems that have been free of bugs or potential exploits that could allow the unauthorized execution of code. Zero.

Regardless, the majority of malware infections are not exploiting software vulnerabilities. They are exploiting users. If you create an EXE called 'My secret.exe' and send it out to 10,000 people with the message, 'I've been meaning to

Re:

[Bert64]

Which is where linux has several inherent advantages over windows....

A trusted package repository - if you can, try to get all your software from the repository, it will be signed by your distro and therefore somewhat trusted, and is much easier to maintain (update) etc... Users are far less likely to be downloading and running random arbitrary binaries.

Files being executable are based on file permissions rather than the name, a malicious file being delivered by a website can easily control the filename, bu

Bad Analogy

[Colonel Korn]

'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50." Would you buy it?'

This analogy is just dumb. This is a free product. Obviously the analogy would have the water company saying, "Sure, we can remove that for free."

Not to mention 'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,' which is a stupid point to make about a free product.

Furthermore, MS's security "problems" are over a billion installs. As we see every year when they tie Linux as the most secure system in pwn2own, they've got nothing to be upset about on the technical side of things.

And finally, "added Rowan Trollope, senior vice president of consumer software at Symantec. 'Making that same substandard security technology free won't change that equation'" is pretty funny from a guy representing a company that actually charges for substandard security technology.

Re:

[NewbieProgrammerMan]

This analogy is just dumb. This is a free product. Obviously the analogy would have the water company saying, "Sure, we can remove that for free."

Well, if this free AV product resembles any of the for-pay AV products I've used, I'd have to modify the analogy some more. In that case, the water company would say, "Sure, we'll come install a device in your house to remove the odor. It will only take up a couple hundred square feet of your house, and it has some moving parts that will only get in your way a few times a day while you're trying to go about your daily activities. But, hey, it's free!"

Re:

[Opportunist]

The analogy would hold much more water (no pun intended) if you smelled a rotten egg in your pipes and call a plumber because appearantly the water company isn't able to keep the rotten eggs out of their pipes.

Now the water company employs their own plumbers. They come to you for free, but then... if they're working for the water company, and they can't keep the rotten eggs out of their pipes, should I trust them with mine?

Re:

[Bert64]

The analogy would be...

What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that by supplying you with a free filter"....

Having the free filter to remove the rotten egg odor would still not be preferable to simply not having the rotten egg odor at all.

Re:

[ryanvm]

You guys suck at analogies.

Missing some info from the summary

[sqlrob]

I'm surprised a quote from this [zdnet.com] article didn't make it in:

Morro will work by routing all of a users Internet traffic to a Microsoft datacenter, where the Morro application will process the traffic and identify and block malware in real-time, by examining all of the rerouted traffic

How many people want all of their traffic explicitly going through Microsoft?

Re:Missing some info from the summary

[drooling-dog]

How many people want all of their traffic explicitly going through Microsoft?

On the other hand, it might be an effective way to protect users from the likes of Linux, Firefox, etc...

Re:

[DarthBender]

Wow, I was actually thinking to try it until I saw that. That's huge, and something I want nothing to do with.

Re:

[brkello]

How would that even be possible? There has to be some sort of filtering or the data center would be overwhelmed. Your link is not to an article, but a blog that quotes an article. I don't know who actually wrote it, but this may be a case of someone who doesn't understand tech doing tech writing.

Is that Gartner analyst confused or what?

[sribe]

Seriously, his analogy is pretty far off. Let me try: Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, and it's a free service." Not that I have a lot of faith in MS's product quality here, but still, saying that users won't sign for a free service because it's a service they don't think they should have to pay for is a pretty stupid comment.

whenever i get a new or used computer

[FudRucker]

fdisk the anti-virus i run on it

The water analogy

[mattdm]

The rotten egg odor is coming from sulfur. It's probably harmless in the quantity you're getting, even if you can smell it. Whole house filters that remove the odor are going to cost a hell of a lot more than $50 and require ongoing maintenance, so if the water company offers a service to provide extra-filtered water for a one-time fee, you should jump.

sulfurous water analogy

[viralMeme]

The water company advertised spring water filtered through volcanic rock from water frozen in glaciers milena ago. We called them and told them about the 'rotten egg odor'. They then offer to license a charcoal filter to us for $50.00 a year, to be fitter on premises at another $40.00. If we used any other charcoal filter, they advised us that we might be violating some other company's patents. They reassure us that if we buy their charcoal filter they will give us patent protection against getting sued by

Re:

[mr_mischief]

If your sulfur content was too high, you'd have diarrhea all the time you drink it as sulfur is a diuretic. If it's just the smell, then there are many ways to deal with that, including filters at the taps.

Not based on Onecare.

[Deathlizard]

Supposedly, Morro is based on Forefront Client Security, and onecare has been completely phased out. Considering the poster, I'm surprised that the article didn't say that morro eats babies and killed your dog.

As for Onecare, I had it. It was a great scanner and a firewal. The only reason I got rid of it was because of the onecare circle. in Onecare you had 3 licences. In version 2.5, they developed this Onecare Circle to help you keep track of security on all three copies. and all it would do is scream abo

Car Analogy

[Anonymous Coward]

I have to use a bad car analogy. If I buy a BMW and it breaks down, I take it to the BMW dealer to work on it. Some people obviously opt for third party repair, but a lot trust the manufacturer, even though it is often design problems that caused the breakdown. I understand that people have unreasonable expectations that their purchases don't have vulnerabilities and will last forever, but the other 95% of the population recognizes that complicated systems need repairs and protection.
I don't know if this will be successful, but to think that it should not be trusted or immediately dismissed is ignorant. That being said, I don't use Microsoft products, largely because I don't like AV. Linux FTW!

No thanks

[ZOMFF]

If it's anything as effective as One Care, I'm going to stay away. I received a free 1 year subscription to One Care at a Microsoft event about 2 years ago and ran it until it expired. After removing it and re-installing my previous Symantec product, it detected around a dozen viruses and malware infections that One Care did not notice. Since then I've kept my distance from any Microsoft AV type product.

I always use Antivirus 2009!

[erroneus]

It works on everything I try it on! It works on Windows and Linux and Mac OS X! I just have to go to a web page and it scans my machine and tells me how many viruses I have.

The Microsoft Ethical Problem

[artgeeq]

"'Consumers are hesitant to pay for a Microsoft security product that will remove problems in other Microsoft products,"' Well, yes. But it is not just that. We already pay for Microsoft product defects in other ways too. Let's say you are doing a major rollout of Active Directory or Exchange. Sometimes, the only way you get a bug fix is to get a support contract from Microsoft or hire a company that has a support contract. Any Exchange administrator of a good size organization can tell you that Exchange h

And to top it off

[xednieht]

There's a type in the product name - they forgot the 'n' at the end.

Bad analogy

[recoiledsnake]

'Think of it this way. What if you smelled a rotten egg odor in your water and the water company said, "Sure, we can remove that, but it will cost you $50."

I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc. MS is offering a service to clean them up and does provide free fixes for bugs in their software. Obligatory car analogy, car company sells insurance for breakins and accidents and charges extra. Why not pay for it if the deal is good?

better analogy

[viralMeme]

"I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc"

Defects in application or 'user error' shouldn't lead to the OS being compromised or the consumers having to pay the sellers more money to fix their defective product.

Re:better analogy

[recoiledsnake]

"I think that analogy is broken. Very few malware use the holes in MS software these days. Most of the viruses spread by user error, email, IM, flaws in Flash/Acrobat etc" Defects in application or 'user error' shouldn't lead to the OS being compromised or the consumers having to pay the sellers more money to fix their defective product.

Name a OS where user error can't lead to the OS being compromised. Maybe only in a very locked down system like a kiosk , but a kiosk is not every useful and the user won't have any freedom. If you can install Firefox, you can install a virus. Unless there's a whitelist, but would you trust a whitelist maintained by MS? An alternative is total application virtualization, but given the fact that applications need to talk to each other and be able to access user files make it tough.

Re:

[DragonWriter]

Name a OS where user error can't lead to the OS being compromised.

The risk can be greatly mitigated by a system similar to that used by bitfrost, where installation of a program also involves the program requesting the needed permissions. A system in which programs usually run with the full privilege of a particular user account rather than with program-specific permissions exposes the user to much greater risk from the compromise of any program (this is, of course, more true when the user account at issue

The discussion misses the point (maybe)

[millwoodtwo]

Infected windows machines are a plague on the internet. Many of these presumably have no useful anti-malware running. Microsoft takes lots of heat, as the comments above prove. So Microsoft decides that trying to sell anti-malware won't work, but maybe giving it away, and I assume bundling it, will get it widely deployed. And take some heat off Microsoft for shipping vulnerable stuff. If this happens, and it works at all, it will be a great improvement to the current mess. To put it differently - it

Very funny name

[mattr]

I wonder how they got the name, sounds a bit like tomorrow or something Spanish..

I found it funny as the word morro in Japanese is how you describe getting a fatal sword thrust to your heart / neck, i.e. "to suffer a fatal blow that hits you right in a critical place" is a way to translate it.

Of course as others note, M$ selling AV is itself a funny proposition.

I've got a question for McAfee, Symantec, et al...

[rnturn]

If I was unwilling to pay Microsoft $50 to buy a product that detected and fixed problems with their other products, what makes you think I'd find it any more palatable to be buying a similar product from you folks?

Don't bother answering, guys. Your response would only make me laugh. You see my desktop hasn't needed any of your products for a good number of years now. In fact, the only Microsoft product loaded on any of our computers is a semi-broken version of XP that now wants to be re-authorized becaus

Money? Damn!

[darkpixel2k]

OneCare is to get the boot as of June 30 (along with finance app Microsoft Money).

Man--I have mixed emotions about this one.
Microsoft Money is the one app I still miss from the Microsoft platform. There's nothing like it for Linux.
I occasionally think about settings up a virtual machine to run Money--but I cringe about paying $125 for an XP license to run a $50 program.

But thank God I'm free from the curse. Now I never have to think wistfully about any app on the Microsoft platform...

Beware the closed source

[MaerD]

I can't believe the biggest focus out of all this is on the "evolution" (or whatever) of their anti-virus, with little mention of the end of the Money product line.

I feel for all the people who have been locked in to MS money, like the one in the article. Hopefully it will drive him to open source... however I haven't really been able to find a good alternative to Money and/or Quicken for Home/SMB finance.. any suggestions?

It's about time.

[thePowerOfGrayskull]

When you create a product that spawns a multi-billion dollar market focused on protecting people from the flaws in your product, you've done something wrong. This is something that should have happened years ago.

Bing! Morro!

[argent]

They got Kermit the Frog and Big Bird naming their products now.

Re:

[sqlrob]

Right, there's no way you could have, say, a malicious perl script.

Re:

[RobDude]

It doesn't matter.

You don't need *any* software vulnerability to infect a user's machine with malware. All you need is a user who will run your application.

In any OS that let's the end-user decide what software to run, Malware can exist.

A dumb Linux user is just as likely to install 'Free Screen Savers!!!' as a dumb Windows user.

Re:

[sqlrob]

It is easy to make a trojan on Linux. Unix permissions mean squat to effective malware. Running as the user is more than enough to spew spam or be part of a botnet. Yes, it's easier clean. No, it doesn't work if someone else logs in. When you're talking single user systems, that's irrelevant.

SELinux and other MAC are a lot of the solution. Problem is, there isn't anything good enough for the average user, not yet anyway. I was hoping Leopard was going to be it, but Apple blew it. MS made Vista too annoying

Re:

[drooling-dog]

Trolling a little, eh? Your post is complete nonsense.

Re:

[MadKeithV]

Wha?
..
..
..
(4: Profit!! )

Re:

[mr_mischief]

So it can "fail" to recognize my anti-virus software, and sign me up to have all my net traffic routed through Microsoft for analysis? No thank you.