Last week Eugene Kaspersky posted a blog about his company’s – and more importantly the
entire industry’s – struggle to ensure consumers have a simple and unhindered method
to choose a security product.
As someone who’s been very close to the issues
highlighted in Eugene’s blog I agree in principle with the majority of the
points mentioned. In fact I could probably add my own list of examples, changes
and concerns.
It is not surprising that Microsoft promotes
Windows Defender and leverages its position as the operating system provider.
Microsoft wants the operating system to be secure and the users’ experience to
be free from malicious attacks. Windows 10 comes with Windows Defender switched
on, and without any prompting very few people will consider installing an
alternative..
An area we should also consider is that if you have
a dominant vendor in any particular geography, does it increase or decrease the
likelihood of being infected? A group of researchers analyzed data from over a
billion machines running Microsoft’s
Malicious Software Removal Tool; this runs on nearly every Windows
machine to assist in removing specific, prevalent malicious software from
computers.
The report was summarized by Neil Rubenking at
PCMag. His article
states: “Some countries exhibited a dismal diversity rating, with one product
protecting the majority of all systems. These countries routinely displayed a
higher-than-average infection rate, while those with more diversity had a lower
rate.”
Simply put, this means if there is a dominant
product in any region, there are more infections.
This is not surprising. Imagine a city where 50% of
properties have the same alarm system: the thieves would only need to focus on
how to breach one system and then have access to 50% of the properties.
Cybercrime is a business and the bad guys know how to focus to make money; I am
sure they would welcome a dominant anti-malware product.
Another concerning conclusion in the report is that
people continually switch anti-malware vendors, with approximately one third
doing so every four months or less. Rubenking states: “Countries with a high
rate of infection also showed a high rate of ‘churn’, with many users switching
antivirus products.”
The report hypothesizes that the churn is due to
dissatisfaction with the anti-malware product. There are no proof points for
this but it sounds plausible. Many anti-malware products expire yearly and then
many people choose to run free products meaning that some switching is
reasonable. I would have expected the rate of churn to be closer to 20% as
opposed to the third stated in the data.
Microsoft wants Windows 10 to be a great experience
for the user and the drive to make it the most secure Windows version yet is
clearly top of the agenda. Taking the data points above that a single
anti-malware product’s dominance increases infection and that churn is probably
caused by dissatisfaction, then it’s clear that Microsoft needs the independent
anti-malware vendors as much as the vendors need Microsoft.
While the industry considers its options, such as
Eugene Kaspersky’s implication that his company will make a complaint to the
European Commission, it would seem sensible for the industry to engage with
Microsoft to explore potential dissatisfaction and assist in delivering the
best Windows experience.
However, understanding the pressure that many of
the companies have to monetize and return large dividends to their investors, I
feel that there could be some resistance to changing the way anti-malware products
communicate and behave.