Microsoft attacking endpoint security with free Morro

Microsoft announced that they will be retiring their OneCare security service in favor of a free product presently called "Morro". The commoditization of anti-virus is exactly what AV vendors feared when Microsoft entered the business years ago. Starting in the middle of 2009, the cash cow subscriptions schemes will start to wane ... and it is about time! Consumer PC's are platforms for attacks against enterprises and fellow consumers alike. The best approach for all of us is to simply elevate the protection of Windows by including endpoint security with the Windows operating system.

The big problem is that world-wide consumers will not keep security software current on their endpoints. While there may be 95% penetration of AV on new computers, that number quickly drops when it comes time to pay for subscriptions. The easy access to unsecured PCs is one major reason why it is so hard to eradicate old attacks and why botnets are thriving. These parasitic attacks keep going around and around on unprotected consumer PCs. Check out any list of top 10 attacks and you'll see viruses and worms that are years old and still going strong.

There are a few positives that I like about Microsoft's decision -

  • Security has to be intrinsic to the operating platform. With Morro consumers will get protection with their Windows platform. They can then look to the clouds for additional focused messaging, surfing, or social networking security knowing that the operating system vendor will help keep their system clean.
  • Removing the incremental price is the best approach to getting consumers to do something. Trying to force every desktop and laptop to purchase security software and to keep it enabled is a Sisyphusian effort. Consumers generally will not pay for security, will not pay service providers for security, or will accidentally let security subscriptions lapse. Now every consumer gets it as part of their computer without hassle. Makes a lot of sense.
  • Microsoft is embracing Windows XP users. In the past, Microsoft would have refused to cover old versions of Windows, attempting to get users to upgrade to Vista or even Windows 7. Microsoft is doing the right thing here by making sure the enormous base of Windows XP users have the opportunity to compute securely.

It is not clear what will happen with the traditional AV vendors; it is very clear that they were not solving the problem, either by themselves or layered for "defense in depth". I would expect a growth in cloud-based service approaches that would complement Morro, and perhaps use of virtualization to lessen the reliance on Morro.

Morro will not be without challenges. Traditional AV products are notoriously difficult to de-install cleanly, and some consumers will favor a security vendor over a free Microsoft offering. Microsoft runs a large risk of angry support calls if Morro administration is not well done. How, I feel that Morro can only be a good thing. The best approach that Microsoft can take is to just bundle Morro with an automatic update, service pack, and Windows installation. I don't know where they got the name, though. Is Morro a Microsoft version of Zorro out to protect common folk against rogue attackers?

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon