Windows Security Essentials – Why Morro Might Shame Microsoft


Morro – now known as Windows Security Essentials – is a security update, and yet another admission from Microsoft that all is not well. This time the enterprise might wake up, says Don Reisinger

Microsoft has made the beta version of its new security software, Microsoft Security Essentials, formerly Morro, available for download.

According to Microsoft, Security Essentials will be a follow-up to its previous security suite, Windows Live OneCare. The software focuses on fighting viruses, rootkits and other malware. Unlike OneCare, it won’t have any firewall or data backup features. One of the software’s main selling points is its small footprint. Microsoft said Security Essentials sports fewer security packages, which makes it a smaller download than competing software from McAfee or Symantec.

Microsoft Security Essentials will also validate suspicious files to ensure they don’t contain newly identified malware. To do so, it will query the company’s Dynamic Signature Service. Whenever the software recognises malware trying to perform an action Microsoft considers risky, such as modifying files and folders deemed necessary for the proper use of the operating system, it will update the Dynamic Signature Service to help all PCs using Security Essentials stay safe.

Finally, Microsoft Security Essentials has some new features that will help it fight rootkits, including kernel structure scans and support for direct file-system parsing. The tool also loads a kernel mode driver to help clean the system of unwanted malware.

Microsoft’s embarrassment

Microsoft contends that with all these security features installed, running Windows will be a much safer activity. It believes Security Essentials will provide the kind of security expected from an operating system when it’s first fired up. But perhaps there’s more at work here than a few new features. Perhaps Microsoft’s actions shouldn’t be looked at as a company trying to do what it can to help increase the security of its platform.

Maybe the enterprise and consumers should look at Microsoft’s decision to deploy Security Essentials as an embarrassment.

As the leader in the space, Microsoft is a big target. Apple’s “I’m a Mac, I’m a PC” ad campaign constantly takes shots at the company’s security features. Linux supporters usually cite Windows security as a key reason to switch from the world’s most popular operating system to the world’s most open operating system. And all the while, Microsoft needs to do what it can to improve Windows.

Security is becoming increasingly important in the enterprise. Companies are finding unique ways to ensure their networks aren’t impacted by malware targeting Windows computers. And there’s always that possibility – assuming, of course, that Apple can play nicely with enterprise developers – that the business world will finally have enough of Windows and its security problems and switch to another platform.

Enterprise users might start asking questions. Why does Microsoft need to release a separate security suite to help users stay safe using its operating system? Why isn’t Windows secure enough that Microsoft wouldn’t need to release that security software? Apple doesn’t offer any security software separate from its operating system. Security issues are practically non-existent on Linux. What’s the deal? Why is Microsoft so different?By releasing Microsoft Security Essentials, the software giant puts itself in a tough position. On one hand, it can make the argument that it’s protecting its users. But on the other hand, it’s admitting that its operating system isn’t as secure as it should be and additional software is needed to increase security to a viable level. Many consumers might not even notice this, so Microsoft won’t need to worry much on that front. But what about the enterprise? How long will it be before the enterprise sees Microsoft Security Essentials for what it is – a security update packaged as software – and start considering options?

Will the enterprise see the package for what it is?

Obviously, there are more issues at play here than security. The enterprise needs to consider compatibility. It needs to worry about employee productivity. But we can’t say that it’s not possible. For years, the enterprise has followed Microsoft Windows updates. It became an expectation that no matter when Microsoft released a new version of Windows, the business world would update equipment. But then Vista hit. And that rule that kept Microsoft so profitable over the years was suddenly broken. The enterprise decided against switching to Vista and chose, instead, to stay with Windows XP. It was a major blow to Microsoft.

Can Microsoft Security Essentials be another Vista? Can it make the enterprise think twice about Windows? It’s doubtful. OneCare has been available for quite some time and there hasn’t been any real exodus of business users to other platforms. So, they either don’t care or they don’t really feel it’s the embarrassment others might.

In either case, one thing is certain: Microsoft is opening itself up to criticism by releasing this software. At that same time, it might help improve the security of Windows. So, it’s a risk. But it might be a risk worth taking.