Symantec knows its consumer market is threatened by Microsoft Security Essentials (MSE). It doubtless recognizes that, during a period of protracted economic austerity, free anti-malware protection — provided it is good enough to do the job — will frequently beat for-pay anti-malware.
The challenge for Symantec, then, is to convince the world that Microsoft’s restyled anti-malware suite is so inferior as to represent a near-mortal risk for anybody who adopts it. Alternatively, Symantec must prove definitively that its own anti-malware protection is so superior to Microsoft’s that it warrants the hard-earned money consumers must pay for it.
Given what’s at stake for Symantec, we should not be surprised that the company has unleashed the labs of war. Symantec today clamorously calls attention to an anti-malware report it commissioned from Dennis Technology Lab, “an independent testing lab based in the UK” with which I am unfamiliar and for which I could not locate a website.
Still, questions about the provenance of the research aside, let’s consider the results of the Symantec-sponsored bake-off.
As explained by Network World, Dennis Technology Labs tested how well each of the two vendors’ anti-malware products (Norton Antivirus 2009 and the prerelease version of Microsoft Security Essentials) could defend a desktop computer running Windows XP Professional SP2, Internet Explorer and Outlook Express, subjected to 50 instances of threats originating either as Web-site malware, e-mail, or downloaded files.
In a weighted score based on a points system, Symantec scored an 80, with 45 successful defends, and 5 compromises. Microsoft Security Essentials scored a 44 with 33 successful defends, 4 neutralized threats, and 13 compromises.
Symantec rejoiced at the results. Jens Meggers, vice president of engineering for Norton products, alleged that MSE was just “stripped-down OneCare,” a lighter version of Microsoft’s discontinued for-pay Live OneCare anti-malware. Meggers charged that the MSE scanning engine, which he argues is practically the same as the one that powered OneCare, is “very average—nothing outstanding.”
He also says the Microsoft technology is fat and old, presumably like a former athlete having trouble navigating a midlife crisis. According to Meggers, Microsoft is seeking effectiveness by desperately creating a signature for every malware sample — hence producing a large code base — instead of deploying efficacious and slimmer reputation-based and behavior-blocking defenses.
For its part, Microsoft has launched a counterattack. A Microsoft spokesman told IT Brief that MSE is not a stripped-down version of the Microsoft OneCare product.
Said the Microsoft representative:
“MSE is built to address market changes and consumer needs and includes real-time antivirus, antispyware and core anti-malware functionality while utilising fewer computing resources.”
This Microsoft spokesperson also noted that MSE has performed strongly in independent laboratory testing and has been certified for anti-malware protection by West Coat Labs. He or she also said MSE is not based exclusively on signature technology and that it is automatically updated at regular intervals to ensure that its protection is up to date.
Still, Meggers wasn’t the only Symantec employee taking the hacksaw to MSE. On a Norton blog, Mike Plante, a senior director for worldwide marketing strategy and branding of the company’s consumer products, exulted as follows:
The bottom line: MSE falls short of protecting against today’s aggressive malware and zero-day threats. Norton nearly doubled the protection provided by MSE in malware detection, scoring an 80 compared to MSE’s 44 using DTL’s Accuracy scoring system. (This scoring system awards two points for blocking exploits altogether, one point for letting an exploit onto a system but then successfully neutralizing it, and deducts two points for every exploit that compromises a system.)
With today’s crime-fueled threat landscape, consumers need more protection, not less. That’s why we added our new reputation technology, code named Quorum, to our 2010 products. Quorum provides a revolutionary third layer of protection against real-world threats. While Microsoft is stripping down and delivering less protection, Norton is delivering more comprehensive protection from the bad guys.
At the end of the day, MSE is a rerun no one should watch.
That’s a vituperative attack, no question. Some blog commenters felt Plante went too far, and one even referred him to a different Microsoft competitor’s blog commentary that evinced a more subdued response to MSE. That blog post, from Alex Eckelberry of Sunbelt Software, is a well-reasoned, perceptive, and thoughtful analysis, which I wholly recommend that you read.
In short, Eckelberry thinks MSE isn’t bad at all, and he commends Microsoft for doing its part to help secure consumers’ PCs. He sees MSE as more of a threat to other free anti-malware than to for-pay offerings from the likes of Symantec, though he warns that the “incumbents should not underestimate the wrath that many users have about their products,” and he says that “emotional reaction may play a part in Microsoft getting traction.”
Why can’t Symantec take a similarly dispassionate view of MSE?
Microsoft really doesn’t want to destroy or kill the anti-malware market. That’s not its objective with the release of MSE. Instead, at long last and very belatedly, Microsoft is taking direct responsibility for securing the operating systems and applications it sells to its customers. There’s nothing wrong with that.
Some might argue convincingly that Microsoft had no choice, that security concerns about Windows were driving consumers into the arms of Apple and could conceivably lead to further losses to Google, with its forthcoming web-optimized Chrome operating system.
That said, Microsoft’s MSE does seem to be good enough to eviscerate other free anti-malware offerings, and it might even be good enough to take share away from the for-pay consumer offerings of Symantec and others. In fact, as I noted before, Symantec will lose market share to Microsoft in the consumer anti-malware market. The question is, how much share will Symantec lose?
Symantec’s overheated reaction to MSE indicates that it will fight furiously for every consumer subscriber. In the end, though, consumers will decide whether they want a good-enough free suite or an alternative with a few more bells and whistles that will require them to dig into their pockets.
In an unforgiving economic environment that is unlikely to improve dramatically in the foreseeable future, consumers will be looking to save money wherever they can. Symantec might rage against the dying of the light, but it probably is destined to bitterly and grudgingly surrender a significant chunk of its consumer market share.
Twilight in the Valley of the Nerds 
In a previous version of this post, I incorrectly identified Sunbelt Software’s Alex Eckelberry as Michael Eckelberry. I apologize for the error, which has been corrected.
A well balanced and thoughtful article.
Thank you.