Microsoft's Security Fix
The software behemoth plans to sell computer security software. Is this a good thing?
If you have a hunch your computer isn’t properly guarded against nasty programs such as viruses, worms, and so-called malware, Microsoft says you’re probably right. The company estimates that two out of three people with personal computers don’t have up-to-date antivirus software. Moreover, four out of five erroneously think they do.
This is a problem in need of a solution. And Microsoft has proposed one: a “computer health” software package that includes antivirus programs, automatic updates, backup prompts, and live customer service. It can be installed on up to three computers in a home, for $49.95 a year. The software, called OneCare Live, is currently being tested and will be available in June.
OneCare Live has been designed with the average home PC user in mind – someone who doesn’t perform regular “patch” updates, defragmenting runs, hard-drive backups, and the other tasks recommended for keeping a PC running smoothly. Brian Hall, a group program manager for the product, says the package is easy to use and relatively inexpensive, compared with similar ones by Symantec, which sells antivirus software for $70 and a yearly subscription to updates for $40.
The main aim of OneCare Live, Hall says, is to “make sure that the user is protected or taken care of without having to go through some steps” that were previously required to keep a computer healthy. According to him, its simplicity is in the automation of activities that run in the background. The software will automatically update patches (software add-ons distributed by Microsoft that secure newly found vulnerabilities in programs such as Internet Explorer). It will also have automated, real-time virus protection, which will expunge viruses as they arrive – and before they do damage. In addition, other up features presort files to make saving them to CDs, DVDs, or external hard drives easier.
Another part of the security assurance of OneCare Live, Hall says, is a security “meter” that displays a different color – green, yellow, or red – depending on the health of your system. For instance, “when the MyWife virus was in the press, we sent an advisory that told [OneCare Live beta] users that if the meter was green or yellow, they were protected,” he says.
But the fact that Microsoft makes a product like OneCare is somewhat awkward: If something in its operating system is causing security problems, is OneCare the best way to address it? “If you’re both the problem and the solution, there’s no accountability,” says Mike Murray, director of vulnerability research at nCircle, a software security firm. Major home computer security companies such as Symantec and McAfee can help hold Microsoft accountable for programs that are vulnerable to security breeches, says Murray, which is why they are so important.
There is also the question of how OneCare will work with Microsoft’s new operating system, Windows Vista, due to be released later this year. The company is touting Vista’s ability to track spyware in real time, and to perform other system health precautions, such as an advanced hard-drive backup. Microsoft’s Hall wouldn’t go into the details of how OneCare Live, which is currently designed for Windows XP and earlier operating systems, would evolve to accommodate Vista; but he noted that the company will not integrate OneCare Live into the new operating system.
Instead, Microsoft sees OneCare Live as a sort of standalone minder. Actions that can keep one’s computer healthy – regularly updated patches, virus software, backing up files -– already exist, Hall notes. “We see our value in pulling all those together. It’s chaperoning features that are already available.”
One of the leaders in the home computer security industry, Symantec, recently announced a new product, called Genesis, due this fall. Tom Powledge, director of product management at Symantec, notes that the beta version of OneCare Live does not defend against spyware in real time – something that Genesis will do. (Spyware records personal information such a passwords and social security numbers to facilitate fraud.) “We’re starting to see more targeted attacks against consumers, with the motivation of financial gain,” he says, unlike a few years ago when the major threats were e-mail viruses that deleted files. “OneCare Live is still focused on the mass-mailing ‘worm’ of a few years ago.”
Even so, OneCare Live fills a void in many homes: basic computer maintenance. So it might be a quick fix to the problems that arise from imprudent Internet use, suggests Murray of nCircle. “About 80 percent of the problem is…a user education problem,” he says. People are still opening sketchy e-mail attachments and downloading music from suspect MP3 sites. With OneCare Live, Murray says, “you don’t have to think about the problem.”
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today