Ubiquitous home broadband plus dodgy consumer security practices are part of the problem. That’s what makes malware a public health issue. Bruce Schneier talked about this years ago when Microsoft was deliberating limiting Windows XP updates to verified copies. If millions of home users are unprotected from emerging badware, their infected machines affect us all. It’s comparable to human vaccination: every person walking around without inoculation is a potential infection vector for others. Not only home computing users are culpable, either. A recent Network World article, “Cheapskate SMBs dodge buying security software,” points out that small businesses may also be part of the problem.
So I personally welcomed Microsoft’s free entrant to the software security wars, Security Essentials (MSE). By all accounts, it’s a solid if modest way for home users to enhance their protection. Most importantly, it’s cost-effective (namely, free). Perhaps it’s also a lower level of effort compared to other free—and admittedly good—third party options, which also spurs adoption. And by vaccinating themselves, consumers help us all.
Predictably, both Trend Micro and Symantec (and probably others that I don’t know about) have called MSE basic or poor or otherwise unfit for duty. Clearly, they aren’t in this game for charity, and MSE could take a bite out of revenues. Also, from the perspective of identity fraud and personal security threats, these vendors have a point: consumers should seek security tools that best protect them against life-derailing harm—like a drained bank account due to password theft. However, when it comes to Internet epidemiology, MSE may be just what the doctor ordered. A basic level of protection, offered to consumers for free, which keeps the lid on the most egregious attacks, can only be a good thing for network health. And in an era of increased Internet reliance, free is better than nothing. Let’s stop quibbling about it.