14 DAY TRIAL // When it came out last September, Microsoft Security Essentials (MSE) was received with both enthusiasm and scepticism by the antivirus industry. Some traditional vendors dismissed the product as being inferior, while developers of freeware anti-malware solutions have generally welcomed Microsoft products amongst their ranks.
Many independent reviewers, including Softpedia, have given MSE the thumbs up and applauded the Redmond giant's decision to move away from a subscription-based security model. However, we have been curious to know how Microsoft thinks its own product is doing right now, after eight months in a crowded and tough market.
Fortunately, Theresa Burch, director of product management for Microsoft Security Essentials, has agreed to answer a few questions for us and outline some of the strategies that drive the product forward. We hope you'll enjoy reading what she had to say about MSE and its future.
Softpedia: How many times has MSE been downloaded since September 2009, but, most importantly, what would you estimate the number of active MSE users to be? - Avira claims over 145 million users, AVG 110 million, while Avast! informed us of having a user base of something below 100 million. Based on these figures, avast!'s Chief Technology Officer, Ondrej Vlcek, estimated that the market for free AV products was of 300-350 million users. Would you agree on that?
Theresa Burch: We do not share download numbers publicly. We don’t have any evidence to suggest that the estimates made by Vlcek are not correct. Our focus is not on the size of the free AV market, but on making high quality AV protection accessible even for those who are unwilling or unable to pay. We believe the availability of quality free AV solutions will increase the number of PCs actively protected which in turn will increase the security level of the entire Windows ecosystem.
Softpedia: Internationalization is an important aspect of Microsoft products. In December 2009, you released MSE on additional markets around the world. How many localized versions of MSE are available? What does the future hold in this regard for MSE? Do you plan to offer MSE on more markets?
Theresa Burch: Our strategy is to make Microsoft Security Essentials broadly available to help protect consumers around the world. Microsoft Security Essentials is currently available in the following 74 markets and 25 languages: Algeria, Argentina, Australia, Austria, Bahrain, Belgium, Bolivia, Brazil, Bulgaria, Canada, Czech Republic, Chile, China, Columbia, Costa Rica, Denmark, Dominican Republic, Ecuador, Finland, France, Egypt, El Salvador, Germany, Greece, Guatemala, Honduras, Hong Kong, Hungary, India, Indonesia, Ireland, Israel, Italy, Japan, Jordan, Korea, Kuwait, Lebanon, Malaysia, Mexico, Morocco, Netherlands, New Zealand, Nicaragua, Oman, Panama, Pakistan, Paraguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovakia, Slovenia, South Africa, Spain, Switzerland, Taiwan, Thailand, Trinidad & Tobago, Tunisia, Turkey, Ukraine, United Arab Emirates, United Kingdom, United States, Uruguay, and Venezuela.
Softpedia: How successful was the move to swap OneCare for MSE? Any regrets?
Theresa Burch: Windows Live OneCare customers consistently report record levels of satisfaction with their service, giving it high marks for ease of use, features, and performance. The decision to transition away from a subscription-based service in favor of a no-cost core anti-malware solution represents Microsoft’s continued commitment to trustworthy computing and allows us to better address the security needs created by smaller PC form factors, explosive growth of PCs in emerging markets, and rapid increases in the incidence of global malware by removing some of the barriers that stand in the way of consumers having up-to-date anti-malware protection. While we appreciate the support of our loyal OneCare customers, we continue to believe that with Microsoft Security Essentials, we are able to protect a broader set of consumers improving the security level of the entire Windows ecosystem.
Softpedia: A significant number of users, especially those in developing countries, that could benefit from a free antivirus product like Microsoft Security Essentials run on non-genuine installations of Windows. Considering Microsoft’s responsibility to protect the entire Windows environment, have you ever considered killing the Windows genuine advantage validation check in the Microsoft Security Essentials installer further down the road, per the IE7 model?
Theresa Burch: Real time protection like that found in Microsoft Security Essentials is a great tool in the fight against known malicious software; however improving the overall health of the ecosystem also requires addressing malware at the distribution source. Sources of counterfeit software and activation work-arounds are ripe with malware. Once infected, non-genuine PCs can become malware hosts, spreading malicious software to other machines in the ecosystem. Driving more systems to genuine has the opportunity to better serve the business and security needs of the ecosystem overall.
Softpedia: Malicious websites that are being artificially pushed to the top of Web search-engine results via black hat search engine optimization (BHSEO) techniques represent one of the most common threats for Internet users. Some antivirus vendors have integrated real-time URL scanning components into their free products. Is there anything similar being developed for Microsoft Security Essentials? [to the best of our knowledge, the SmartScreen Filter is blacklist-based and only protects IE]
Theresa Burch: Internet Explorer 8 features industry-leading URL blocking technologies, which is why we encourage customers to use this version.
Microsoft Security Essentials is an anti-malware solution that protects the client PC from malicious software. While we don’t have a real-time URL scanning component, we understand that the security landscape is changing at a rapid pace, which is why Microsoft Security Essentials doesn’t stop at traditional static detection techniques but uses behavior monitoring and advanced technologies to help keep the PC protected. Microsoft is committed to the security of our Windows customers and will continue to evolve our software as new types of threats evolve.
Softpedia: Users complained about the lack of an independent and flexible update scheduling function for MSE. Will such a feature be implemented in the next version or will new signatures continue to be delivered through Windows Update as they are right now?
Theresa Burch: While we are not prepared to comment on specific features in future versions at this time, Microsoft continues to listen to customer feedback when considering future product enhancements.
Softpedia: During our tests, MSE showed a lot of lag when scanning and eliminating large amounts of threats. Will this be corrected in future editions?
Theresa Burch: We’re continuously working on improving the performance of our scanning and remediation optimize for real world scenarios encountered by our customer base.
Softpedia: Behavior analysis is a protection layer that some other free antivirus vendors have already integrated into their products. Do you foresee some sort of host intrusion prevention system (HIPS) being added to Microsoft Security Essentials in upcoming versions to monitor the suspicious activity on the system?
Theresa Burch: Microsoft Security Essentials does employ behavior analysis when identifying potential threats.
Softpedia: How do you feel about the new cloud-assisted malware detection technologies? Do you think this approach is more suitable for keeping up with today's quickly evolving threats? Is this the future of antivirus software? Could we see MSE integrated with a Microsoft cloud-based anti-malware service in the future?
Theresa Burch: While we are not able to discuss future product development direction, Microsoft is committed to delivering high quality real-time security services to our customers. Today, Microsoft Security Essentials utilizes the Dynamic Signature Service which allows us to provide the most up-to-date protection for the PC without having to wait for the next signature download. Microsoft Security Essentials uses these signatures when looking for signs of suspicious behavior, characteristics that are similar to known malware and other abnormal operations, and then queries the Dynamic Signature Service to see if the program should be submitted for analysis or terminated.
Microsoft recognizes that the threat environment is constantly changing and will continue to evolve over time. Microsoft will continue to provide customers, worldwide, with comprehensive, ongoing protection from new and existing threats to help the industry better understand the changing nature of the threats and to provide information to help our customers and partners make decisions around appropriate malware protection.
Softpedia: What does the future hold for Windows Defender, as far as the next version of Windows is concerned, now that MSE is available?
Theresa Burch: Windows Defender is used today on millions of Windows PCs to effectively detect and remove known spyware. We have no comment on the future of Windows Defender at this time.
Softpedia: Besides relying on information collected from users, do you also exchange malware samples with other vendors or collect them from file-analysis services like VirusTotal or Jotti? Please tell us a bit about The Microsoft Active Protections Program (MAPP). How important is Security Ecosystem Collaboration when it comes down to MSE?
Theresa Burch: The Microsoft Active Protections Program (MAPP) is a new program for security software providers. Members of MAPP receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update. When MAPP partners receive vulnerability information early, they can provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. Even with these protections, Microsoft recommends that customers deploy security updates to help prevent exploitation of vulnerabilities as quickly as possible. Here are some additional resources.
The Microsoft Malware Protection Center (MMPC) is actively engaged in the antivirus research community to exchange malware samples so all consumers can be protected against them. Microsoft leads the industry along with the other participants in the IEEE Industry Connections Security Group effort to accompany our malware sets with telemetry to aid recipients to make determinations and prioritize their work. The MMPC distributes its malware samples to all members of the MVI program who wish to participate.
We are also engaged with numerous CERTs and other local and national security agencies around the world to receive and process their malware. We are involved as a vendor participant in the VirusTotal project thus receiving samples from the service. Active participation in the research community to receive and redistribute malware to our fellow researchers is a very important function necessary to protect the ecosystem.
Softpedia: Complex banking trojans like Zeus or Clampi, which are used to steal millions of dollars from companies and organizations worldwide, have repeatedly proven to be able to bypass antivirus detection. Because these incidents are so common, there are voices recommending that online banking tasks be performed from less targeted operating systems such as Linux or Mac. What do you think is the solution to this problem?
Theresa Burch: Security is an industry wide issue and Microsoft is committed to collaborating with partners and the industry to get a comprehensive perspective on the malware landscape, identify emerging threats, and respond to help protect customers. With that, Microsoft delivers security guidance through an integrated communications approach with the Microsoft Security Response Center (MSRC) and our Software Security Incident Response Process (SSIRP) to respond quickly to customer issues and deliver guidance.
Microsoft continues to encourage customers to enable a firewall, keep up-to-date on security updates and install anti-virus and anti-spyware software. For further up-to-date information, you can visit the Microsoft Malware Protection Center blog.
Softpedia: Care to share with us some of your plans for the next major version of Microsoft Security Essentials? Any new, significant improvements and feature additions? When do you expect to offer it and how committed is Microsoft to keeping MSE free?
Theresa Burch: Providing a no-cost core anti-malware solution is part of Microsoft’s continued commitment to trustworthy computing. We don’t have any additional details available at this time, but will let you know when we have more to share.