Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


October 2nd, 2009

And what about Microsoft Security Essentials—MSE?

As many of you many know, Microsoft released their free security product earlier this week. Called MSE (Microsoft Security Essentials), it is a replacement for their One Care Product. It has been interesting reading the press coverage and the reaction from competitors. Some declare it will transform the security business and solve all security problems. Some equate it to a bad movie sequel. And some think it is Shakespearean—”Much Ado about Nothing”.

Ourselves, we are pretty ambivalent about Microsoft entering the free security space. We have long believed that security protection should be freely available.  And there are already several top-notch free security products available (including avast of course). But, we don’t think that MSE is in the “top notch” category. In the last AV-Comparatives (I wrote about it in a previous blog entry), Microsoft’s One Care did not do very well. While it tied with us for 2nd in false positives; out of 16, it was 14th in detection and 13th in speed. And of course, MSE’s performance is the same as One Care’s. So while MSE is better than nothing, and even Microsoft describes it as basic protection, it is not yet up to the standards of the paid products. And, it is even further behind the performance of the top free products (including avast) that handily outscored the paid products.

Microsoft also seems to think that 60% of users have no security protection. I do not know where this number comes from as they do not cite any sources. But, it does not make much sense. There are about 500 million consumer computers in the world (Gartner and IDC data). From published numbers, Avast, Avira, and AVG protect about 250 million; maybe closer to 300 million now. Also from published numbers, Symantec, McAfee, Trend, and Kaspersky, and a few others protect just under 100 million. This leaves 150 million but I would guess that a good 50 million of those are protected by local products (K7/SourceNext in India and Japan, Rising and Kingsoft in China, Ahn in Korea, etc.). So it seems there should only be about 20% (100 million) unprotected. Now of course, that is still too many to be without protection, especially when good security is free. But it sounds like a case of Microsoft offering a solution in search of a problem.

It was also interesting to read how most journalists just recited the Microsoft story. I saw very few mentions of the large free providers. One even dismissively referred to the current free vendors as “no-name” vendors. How can three companies with 250 million users be called “no-name” companies? I have to chalk it up to ignorance and great PR from Microsoft and the traditional security vendors.

A legitimate concern I saw expressed from Symantec and McAfee was something about a “level playing field”. That sounds like whining but it refers to how the product is distributed. Symantec, McAfee, and the traditional vendors distribute through retail, OEMs, etc. The free vendors (such as us) distribute through download servers. Microsoft tried the traditional distribution route with One Care—and failed. They are trying the download server route with MSE. But, they have an ace up their sleeves if they distributed MSE as part of Windows—or if they try to force OEMs to install MSE on new computers as a condition of getting Windows 7. It is monopolistic distribution like this that caused the large anti-trust suits of past years with Netscape and others.

Security is a highly competitive business—it probably has more competing titles than any computing segment other than games. That competition is invaluable. Without it, none of us improves. Having many healthy large companies drives the security industry forward and provides better protection for users. We all learn for each other—and even copy (legally) each other at times. I could name many examples of where a given product has influenced other products. We even share malware samples with each other. Having just a couple of dominant players (such as the recent past with Symantec and McAfee) can lead to stagnation and lower protection for users.

Also, security these days goes far beyond a layer of protection for the operating system (Windows). Many threats have nothing to do with the underlying operating system. They are in Firefox, Mozilla, browser plug-ins, infected web sites, social engineering, other applications (such as Adobe), etc.

So it is healthiest for the security providers, and the users, if Microsoft is on the same playing field—distributing through similar channels and not taking advantage of their almost monopolistic domination of operating system distribution.

MSE is not the silver bullet but it is also not the bad sequel to One Care that some claim—it is just another average security product. It has probably been hyped much more than deserved and thus the Shakespeare comparison may be the best.  A recent review by Neil Rubenking of PCMag (http://www.pcmag.com/article2/0,2817,2353699,00.asp) probably says it best:

So should you rely on Microsoft Security Essentials for free protection? I’d say no, unless you strongly value the Microsoft name. My own testing suggests that you’ll do better with one of the other free anti-malware solutions such as AVG Anti-Virus Free or avast! antivirus Home Edition.

Ultimately security is about trust. The user has to trust that the product (and the company behind the product) will protect them, their computer, and their data. We are glad we have earned the trust of over 90 million users. We aim to keep and enlarge that trust.

Who do you trust?

  • http://www.avast.com Vincent Steckler

    @ken
    Hello Ken. We plan on making the annual registration simpler and the registration key automatically injected. We do not plan on removing it though. I am sure you know our product does much, much more than MSE. As you saw in the lastest AV-Comparatives, we have a higher detection rate and we are faster. And of course we have many other features such as the behavior shields.

  • http://www.avast.com Vincent Steckler

    AV, yes Avast works with MSE……but you should remember that avast is about the only product that can work with other AV’s. Most do not allow it. What has MS told you about the ability of MSE to work with other products?

  • ken

    Good to hear you are planning to make registration simpler. Thanks.

  • http://tashiwangdi.blogspot.com/ Frankenstein Creative Inc.

    Avast registration license key is only for 1 year but after 1 year, it expires. Why don’t you make Avast 5 free such that it works for free flawlessly without any new key registration.

  • Teresa Berrong

    Will someone please help me. I subscribed to Avast on April 2, 2009 for one year.
    My computer went down in August and I had to have everything reloaded. I went back to Avast but it is telling me that I only have a trial membership which expires soon. How can I get credit for the subscription that I have already paid for?

  • http://www.avast.com Vincent Steckler

    @Teresa Berrong
    Teresa, so sorry to hear that. I suspect a fraudster “sold” you a free license implying it was a paid license. Check your credit card record to see who you bought it from. If it was not Alwil, Avast, Element 5, or Digital River, you were probably scammed. If you did in fact buy it from one of the four I list above, go to http://support.avast.com/ and submit a problem report. They will take care of it quickly.

  • http://www.avast.com Vincent Steckler

    @Frankenstein Creative Inc.
    Hi Frankenstein….we will still have an annual re-registration but it will be online and pretty hassle free.

  • http://id-theftprotect.com Julian Evans

    The one year re-registration is an excellent feature. In fact all the AV vendors should follow the principle avast! has set. avast! will alert you when the license is about to expire. Very easy to get used too. Version 5.0 is progressing well and has for me picked up using mail scanner the HM Revenue and Customs, DHL and Outlook notification scam emails with the latter attaching a nasty ‘install.zip’ malware file if you install it. Keep the good work up! Julian

  • mark nicoll

    @Frankenstein Creative Inc.

    By requireing people to register the product you get a more acurate record of how manypeople are using the software as some people download it once and install on several machines and other download it several times but install it on the same machine.

  • Jonathan A,

    Trusting Microsoft for your security seems completely stupid, If they can’t build a secure operating system (Not effected by a ton of viruses), why would it make sense to run their product to stop their product (Redundancy is ironic huh) from getting viruses, Let them just fix up their system instead of creating another program (that’s probably ineffective)to keep viruses from getting to their horrible security holes that never seem to get fixed

  • Björn Lundahl

    @Jonathan A,
    I do not think it is as easy as that. As long as it is a computer it is open to commands and therefore also destructive commands that is destructive code. It does not matter if the operating system is a Windows, Snow Leopard or Linux system as they are all open to destructive code. A computer is a flexible thing which can make a lot of different things which is the very point with it. As it can follow commands which the user wants it can also follow destructive commands from outside which the user do not want. It is the very nature of the computer itself I am talking about. We have to, and we also do, take the good with the bad. We use the computer despite the risk of malware because the positive side outweighs the negative. So if the majority instead used Macs or the linux operating system the problem would be still with us. I think Microsoft does, since a few years back in time, a good job.

    Please enlighten me or prove that I am wrong. My ears and eyes are wide open. I would like to have this finally settled.

    That does by itself, of course, not prove that Microsoft Security Essentials is a good product. I do believe that Avast is a lot better.

    Björn Lundahl
    Gothenburg, Sweden

  • Prius

    Avast, beyond a shadow-of-a-doubt is good, excellent to be exact. However, I do have to give credit where credit is due; Norton Internet Security 2010 is by far the best product Symantec has produced to date. I trust both, Avast and NIS, the latter which I’m currently using.

  • HungarianUser

    First, sorry for my Enlish. I hope you will understand it.
    I saw the latest AV-Comparatives test, and I’ve got few questions about it; but the comments in the ‘Did Avast win the latest AV-Comparatives?’ are closed, so I comment it here.
    avast! was so slow; I remember half a year a scan in my computer took 4-5 hours. I use avast (4.8.1356) again, and now the scan is half on hour (troughout scan; without scanning my music and films because if avast scans them this is 1,5 hour). I used AVG, and a scan took about 1 hour (all datas, with films and musics). But avast won the speed test… How is this possible?
    I usually see the v. database histories of some antiviruses, and ESET and AntiVir “knows” much-much more viruses than avast (and their heuristics is good, too). But avast was the 5th with 98% in the latest AV-Comparatives. How is this possible?

  • http://www.avast.com Vincent Steckler

    @HungarianUser
    Hello Hungarian User. Comparing speed between different products is difficult for most users. There are so many anecdotal opinions. To do a proper test, one must configure the products to scan the same sets of files and to the same level of detail. That is what AV-Comparatives does. As far as detections, Avira did beat us but had too many false positives. That is often a trade off with high detection–you sometimes detect too much. Our detection has always been very good–maybe others publicize themselves more than we do. Also, the big problem these days is infected web pages. We believe we are much better at this than others–but the tests do not test that capability. In our latest data well over 80% of the threats we catch on user computers are infected web pages.

  • HungarianUser

    @Vincent Steckler
    A few days I searched with google some information, and the first result was infected, but the Google or the Firefox didn’t catch it. A message appeared on my desktop, and the browser’s window closed. The question was about my protection (it sad it isn’t good) and it wanted download an “antivirus”; and I saw it is a fake AV and closed the window. The browser’s window appeared again with the Google searh and the infected site – and then avast blocked it (JS:FakeAV-BV [Trj]). And in September I had a similar story, and then avast’s Network Shield blocked the site. So I see avast’s web protection is very good; but my question is how to made so good test results (I regularly see VirusBtn, Av-Comparatives and AV-Test.org) with very little known viruses?

    I want to know what is trojan-gen {Other}? avast names different trojans trojan-gen… Sorry for this question, but I didn’t find anything in Google…