Security Watch

Keeping Track of patches and hacks in the IT security world.

Microsoft and the Power of Free

I have to think that somewhere at this moment Richard Stallman is either laughing or crying, or at least scratching his head. Stallman, of course, is not only the founder of the Free Software Foundation and all around computing pioneer, but he's also known to have been one of the

Download the authoritative guide:

I have to think that somewhere at this moment Richard Stallman is either laughing or crying, or at least scratching his head.

Stallman, of course, is not only the founder of the Free Software Foundation and all around computing pioneer, but he's also known to have been one of the world's first hackers at MIT during the 1970s.

I had the chance to interview him briefly a few years ago, and he actually seemed like a pretty amiable guy, but I just have to think that someone with his background, and in particular his philosophy regarding commercial software products, might find this whole Microsoft Security Essentials situation pretty ironic.

For, at one of the most critical junctures in the history of computing security, the company best known for selling more software than anyone in the world - not coincidentally also the same company blamed by many for the pervasiveness of today's IT security problems, Microsoft, is about to do something that could radically shift the tides of the consumer anti-virus market - it's going to give its new AV programs away to users for free.

It's a pretty crazy notion in a lot of ways when you think about it. Now, Microsoft is far from the first company to offer free AV, as companies such as AVG have been doing so for years. However, Microsoft is the first company to give away free security software who also happens to have a significant footprint on almost every new PC shipped around the globe.

No matter what the AV market leaders tell you about how customers will still buy their products because they know something like Microsoft's Morro beta is just a simple AV tool, compared to their robust endpoint protection suites, I really do have to wonder.

Certainly Morro would appear to represent just a sliver of the device security programs that one actually needs to defend themselves these days.

Yet, one of the biggest problems in fostering better consumer security over the years has been merely reminding people to update their signatures, or to renew the AV licenses that come bundled with their computers.

If at some point they start getting more free security tools pre-loaded by the OS vendor, or they're even just encouraged to download them as part of an update package, will they really go out and seek additional protection on their own?

Typically when you make something free and easy for people to avail themselves of, folks tend to flock to that.

A couple of years ago when Microsoft was first hinting at all the security features they were planning to put into Vista, AV giants like Symantec and McAfee started flipping out.

The security companies said at the time that this was mostly related to some proposed design features that would have made it harder for them to build effective "advanced" security programs, like behavior detection tools, but Microsoft was also introducing its initial free onboard AV defenses, in addition to Morro's paid predecessor - Live OneCare - and many market watchers observed that Symantec, McAfee et al were trying to prevent the OS vendor from diverting their consumer market opportunity.

The AV crowd even started to mutter the word "antitrust," but Microsoft relented a bit and everyone made nice and moved on.

But if I were those companies now, looking at the potential for the OS giant to either someday bundle more diverse and advanced security programs like Morro with Windows - or even just push users to defer to its freely available tools through automated updates and the like, I'd have to be a little bit frightened.

There's no question that most businesses, and savvy end users will still seek out the best security products available and pay for them, keeping the endpoint security market going strong. And Gartner only yesterday noted that even in this horrible economy, security software revenues are still expected to increase.

However, with the prospect of Microsoft giving away more advanced security technologies, and the established indifference of the masses in terms of being more proactive about securing their endpoints, this all seems to add up to a pretty unique situation to me, one that's fairly unprecedented in the eventual affect it may have on the endpoint security market, and the general level of security maintained on most consumer PCs.

For a long time, people like Richard Stallman and many leaders of the open source community have been trying to convince us why the best model for software, and for end users in particular, is for products to be free.

Now it seems that Microsoft was actually paying attention after all.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to