Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Eric Ogren

Security Impact

Microsoft attacking endpoint security with free Morro

6 comments

TAGS:endpoint security, Microsoft, Morro
IT TOPICS:Desktop Applications, Personal Technology, Security, Windows & Microsoft

Microsoft announced that they will be retiring their OneCare security service in favor of a free product presently called "Morro". The commoditization of anti-virus is exactly what AV vendors feared when Microsoft entered the business years ago. Starting in the middle of 2009, the cash cow subscriptions schemes will start to wane ... and it is about time! Consumer PC's are platforms for attacks against enterprises and fellow consumers alike. The best approach for all of us is to simply elevate the protection of Windows by including endpoint security with the Windows operating system.

The big problem is that world-wide consumers will not keep security software current on their endpoints. While there may be 95% penetration of AV on new computers, that number quickly drops when it comes time to pay for subscriptions. The easy access to unsecured PCs is one major reason why it is so hard to eradicate old attacks and why botnets are thriving. These parasitic attacks keep going around and around on unprotected consumer PCs. Check out any list of top 10 attacks and you'll see viruses and worms that are years old and still going strong.

There are a few positives that I like about Microsoft's decision -

Security has to be intrinsic to the operating platform. With Morro consumers will get protection with their Windows platform. They can then look to the clouds for additional focused messaging, surfing, or social networking security knowing that the operating system vendor will help keep their system clean.
Removing the incremental price is the best approach to getting consumers to do something. Trying to force every desktop and laptop to purchase security software and to keep it enabled is a Sisyphusian effort. Consumers generally will not pay for security, will not pay service providers for security, or will accidentally let security subscriptions lapse. Now every consumer gets it as part of their computer without hassle. Makes a lot of sense.
Microsoft is embracing Windows XP users. In the past, Microsoft would have refused to cover old versions of Windows, attempting to get users to upgrade to Vista or even Windows 7. Microsoft is doing the right thing here by making sure the enormous base of Windows XP users have the opportunity to compute securely.

It is not clear what will happen with the traditional AV vendors; it is very clear that they were not solving the problem, either by themselves or layered for "defense in depth". I would expect a growth in cloud-based service approaches that would complement Morro, and perhaps use of virtualization to lessen the reliance on Morro.

Morro will not be without challenges. Traditional AV products are notoriously difficult to de-install cleanly, and some consumers will favor a security vendor over a free Microsoft offering. Microsoft runs a large risk of angry support calls if Morro administration is not well done. How, I feel that Morro can only be a good thing. The best approach that Microsoft can take is to just bundle Morro with an automatic update, service pack, and Windows installation. I don't know where they got the name, though. Is Morro a Microsoft version of Zorro out to protect common folk against rogue attackers?

Email this

Digg this

What People Are Saying

Add new comment

Morro is good for everyone, yet unlikely to hurt traditional AV

Submitted by no body on November 27, 2008 - 2:48 A.M.

I live in Hongkong. While I do not know the impact (if any) of Morro to the Western world, I truely believe it will be great for most Asian/developing countries, and indirectly benefit everyone.

I am not an IT worker, I do a lot of PC maintenance for my friends and peers.

So far as I see, most people simply will not pay for AV, and leave their machine nake (yes, I mean it).

Occasionally, someone (like me) will help by installing one of those free AV. However, when that free license expire, they will not care, or totally clueless of how, to renew it, no matter now easy.

While I do not believe Morro will be a capable AV by all sense, it will be great as a baseline offering for these people. Remember that they would otherwise not install any AV at all. Any thing is still far better than none.

On the other hand, I also do not see it as a threat to traditional AV. This is because traditional AV users will probably stick to traditional AV for better protection, paid or not.

Sure, those who use Morro (or traditional AV) will still be infected, and at least it helps to limit the overall malware activities.

Reply | Report this comment

re: Morro

Submitted by Eric on November 25, 2008 - 11:32 A.M.

Interesting threads in here.

I am not convinced that Microsoft wants to dominate the security industry by selling products to secure Windows. Sure they'll be opportunistic and look to generate some revenue if they can, but their greater interest is having a secure Windows platform so they can sell Office, Sharepoint, Exchange, SQL Server, etc. Microsoft's Windows Server division alone probably generates close to $6 billion in annual revenue which dwarfs most security companies. The problem is that customers are spending money and the security problem is not being solved, so Microsoft will bite the bullet and do everything they can to get security out there.

Quality-wise, it is my understanding that Microsoft OEMs the engine and attack signatures from a highly regarded endpoint security vendor. It is not homegrown, and I am sure that royalties are being paid even if revenue is not being collected.

The negative aspect is, as Chris from Symantec mentions, there is a lot more to endpoint security than checking signatures. The better approaches have elements of whitelisting, behavioral heuristics, and reputation weighting. Microsoft runs the risk of re-inforcing opinions that Windows is "un-securable" if their own Morro cannot lessen the security problem. Microsoft certainly screws up a lot of things, and it is not at all certain that consumers will worship Morro. But put yourself in Microsoft's shoes - what would you do?? From that vantage point, giving endpoint security away seems like a totally reasonable action to take.

The traditional AV companies will have to shift gears. The only question is how much time they'll have (this is one reason I liked Trend's move into the cloud - it's worth looking at), and what features they need to add to get consumers to pay for the product. I don't think a password store is going to do it. I suspect the vendors are taking a wait and see attitude to see if Microsoft Morro impacts revenues, with contingency plans that would layer Internet security to complement Windows security.

Reply | Report this comment

....what will happen with the traditional AV vendors;

Submitted by Carsten Hoffmann on November 24, 2008 - 7:13 P.M.

Disclosure: I work for Symantec so I might just be a bit biased on the future of 'traditional AV vendors' even if I don't work on the Norton product line.

The traditional AV vendors will do just fine because at least the big ones don't sell 'Traditional AV Products' anymore.

Even if the product is still called XYZ AntiVirus it includes many more technologies from Intrusion Prevention and Browser Protection to Parental Control, Password Storage functionality.

These technologies are not part of 'Morro' and necessary to protect consumers from today's threats.

I think Microsoft exits this market because they have not been as successful as they hoped to be. Just look at the numbers:

Microsoft had less than 1% market share in the endpoint security space with about 200 million of revenue (compared with 2,200 million for Symantec and about 900 million for McAfee)

The cheap OneCare solution did not really hurt the security industry and a free "OneCare light" will not have a big impact either.

Even if 'Morro' would becomes the best 'traditional' AV scan engine on the market consumers will still need additional protection which will be offered by the 'traditional' AV vendors.

All vendors would probably be happy to leave the tedious signature creation to Microsoft and concentrate on the new technologies (Symantec had to create more AV signatures in 2008 than in all prior years combined)

But Microsoft did not have the best engine when they sold the product and I doubt they will devote more recourses to a non revenue generating product.

Carsten

Reply | Report this comment

"Morro" is a beach town in

Submitted by Anonymous on November 24, 2008 - 12:51 P.M.

"Morro" is a beach town in Brazil. Microsoft picked this codename because over the past few years, Brazil has has one of the highest increases of incidences of malware anywhere. Protecting more people around the world, especially in these emerging markets, is critical to improving the overall security of the Windows ecosystem.

Reply | Report this comment

Morro

Submitted by Anonymous on November 23, 2008 - 8:34 P.M.

Morro will make life easier. Shame on those virus writers that attack poor innocent computer users that are just enjoying themselves and doing research. Many cannot afford antivirus programs, and who better to fight viruses than Microsoft to protect their awesome operating systems.

Reply | Report this comment