/ Technology

Anti-virus software built in to Windows 8 – yay or nay?

Microsoft’s upcoming Windows 8 operating system will come built in with beefier anti-virus security software than its predecessors. Is this move anti-competitive, or simply good news for PC users?

Microsoft is reportedly adding to its Defender tool, already built in to Windows, and adding some of the best bits of Microsoft Security Essentials.

Microsoft Security Essentials (MSE) is Microsoft’s anti-virus and anti-malware product. It’s already available free of charge and has performed well in our previous anti-virus tests, so why wouldn’t you want this to be built in to Windows 8? I have my reasons.

Sarah Kidner doesn’t want integrated anti-virus

I remember a time when Microsoft’s Internet Explorer (IE) browser wasn’t part of the operating system. You were free to choose any browser you’d like.

Microsoft’s decision to bundle the OS and browser together wasn’t without controversy. The European Commission investigated Microsoft for anti-competitive practices, which resulted a choice of web browser being required when you install Windows.

This has enabled fair competition and has driven Microsoft’s browser rivals to innovate. In turn this has seen IE toppled as the default browser of choice.

If Microsoft is to build anti-virus security into Windows 8, I’d like to see a similar approach – users should be able to choose from a range of both free and paid-for software during the installation process.

Personally, I’d probably still plump for MSE as it performs well in our tests and doesn’t lock you into an annual subscription fee; but that isn’t the point. Giving us a choice will spur the creators of paid-for anti-virus software to up their game and innovate.

There’s nothing like a little healthy competition to keep a company on its toes, otherwise we’re simply handing Microsoft the security software market on a plate.

Andy Vandervell is up for built-in anti-virus

Competition is an emotive thing. In the free market it’s considered essential (‘monopolies are bad’ is an almost universally agreed fact) whereas in public services it sparks serious, often polarising debate. But, in this case, what’s good for competition isn’t necessarily good for the consumer.

The EU’s argument with Microsoft and its bundling of IE in Windows is a case in point. It might have been tough for competitors, but how could Microsoft not bundle IE in with Windows? How, in a sane world, could a ‘state-of-the-art’ operating system not have a pre-installed web browser? It’s the most used program on almost every PC in the world.

And now Microsoft has decided to integrate anti-virus at the core of Windows 8, the same question arises – how have we lived so long without this? For years we’ve battled with generating awareness about computer security – always install anti-virus, we said. Wouldn’t life have been so much easier if Windows had it out-of-the-box already?

The reason it didn’t, of course, was Microsoft feared being dragged through the courts. In other words, consumers were denied a better, more secure product because Microsoft feared legal reprisals.

Belated as it is then, Microsoft’s move has to be a good thing. And given free anti-virus has been available for several years now and the industry hasn’t imploded, I think we can safely say it can cope with a little ‘free’ competition.

Do you agree with Sarah or Andy? Will having anti-virus software built in to Windows 8 be good news for your PC’s security, or will it stifle competition and lock us into Microsoft’s software?

Should Microsoft's own anti-virus software be built in to Windows 8?

Yes - Windows should be secure out-of-the-box (61%, 624 Votes)

No - you should have a choice of anti-virus (28%, 288 Votes)

I don't mind either way (11%, 110 Votes)

Total Voters: 1,021

Loading ... Loading ...

The real answer to this issue, of course, is for Microsoft to produce an operating system that doesn’t need AV but if forced to choose between Sarah and Andy then I have to agree with Sarah. Back in the day when it wasn’t the norm for browsers to be free, Microsoft killed off a better product (Netscape Navigator) by giving away IE for free. When there is such a dominant player as Microsoft in the marketplace, one needs all the competition one can get. Would the cost of MS Office have become affordable for all without the competition of, say, OpenOffice?

It would be nice if Microsoft could produce an operating system that does not need anti-virus software, but that seems unlikely to happen in the foreseeable future. I hope I am wrong, but a lot of effort is put into producing malware.

It was sad to see the demise of Nescape but the continuing loss of market share of IE is very encouraging. 🙂

With current technology and the stage of development of software engineering, a completely virus free Operating System is not possible. However, to some extent the problem was caused by Microsoft in the first place because DOS and early versions of Windows that ran on top of DOS had no security whatsoever. (I don’t mean virus scanners, I mean file protection and user permissions to stop third-parties installing malware without the user’s knowledge.)

As long as computers were fairly isolated, this wasn’t really too much of a problem; provided that users didn’t bandy too many floppies around it was reasonably easy to stay clean. However, once the Internet came along it was open season. Microsoft’s bundling of IE and Outlook express didn’t help either because they used very low level calls to the Operating System kernel and provided virus writers with a monoculture that gave them easy access to install their nasties.

More modern versions of Windows do have better security models, but legacy apps often don’t work properly unless the user runs as Administrator, so the malware authors still have an attack vector. In addition, the security is bolted on to generate nag boxes every time the user is required to install something. It’s not long before most users simply press the OK without reading the message. Neither MacOS or Linux (which are both Unix-like) have anything like the same problems with viruses because these operating systems were designed from the bottom up with security in mind.

So in a long-winded way, the real answer is not to use Windows at all and the likelihood of getting a virus in the first place will become much lower.

My own experience certainly backs up what you say, Terry.

Since 1992 I have used Macs and in all that time I have seen only one virus (Melissa) and that was a Microsoft Word macro virus rather than a Mac-specific problem.

I used to be responsible for some PCs at work and until 10 years ago they frequently had to receive attention despite having up-to-date anti-virus software. After that, there were few problems, and I am hearing of fewer problems from home PC users. I used to warn people against using Outlook Express because of well known problems, but these seem to have been largely resolved.

Resolving the malware problem would probably be the biggest step forward for Windows users.

As if to underline the opening paragraph in my post above comes the news that Macs are not invulnerable: http://www.bbc.co.uk/news/science-environment-17623422. As I said, the technology isn’t there yet and I run an anti-virus program on my Linux machines as well as all the Windows boxes in the house.

However, this botnet that has attacked the Mac seems to rely on fooling the mark into installing the malware willingly; it masquerades as a Flash Player update. Until the technology is mature enough to warn users that software that they are trying to run is not what it says it is, these attacks will continue to be successful, whatever the platform.

I’m not sure about what other defences Macs have, because I haven’t used one for about 20 years, but the Linux computer that I am running has a tool called AppArmor that trys to stop malware from doing any damage. The tool is aware of the apps the machine has, who can run them and what they are supposed to do, so any virus trying to hijack the installed software is more likley to be denied access. I’m not sure if this tool would help in situations like the Flash Player botnet on the Mac, but it would catch a lot of the sneakier stuff where the user isn’t even aware that the software is being installed.

In the end the main defence is to not visit dubious web sites and don’t download anything unless you are absolutely sure it is coming from where you think it is. Unfortunately, the latter advice is quite hard to follow for the ‘ordinary’ computer users, so the technolgy has a long way to go yet.

It is wise to use anti-virus software on a Mac. There may not be much risk compared with PCs, but there is no need to be complacent, whatever operating system you use.

This sounds like another reason to avoid Windows 8 on a desktop or laptop. As it is I do not like the idea of having to search the screen until the required icon appears under the cursor. MS should use their effort to produce a user friendly system instead of adding AV to system that looks as if it is designed for tablets or smartphones with their minimal screens.

bob says:
5 April 2012

This is a simple argument since I am at the sharp end of having to fix virus infections for my customers. The number of calls I get for virus repairs is increasing and the simple use of antivirus would alleviate most of these infections. The benefits of preinstalled antivirus are clear – reduced repair costs and less inconvenience for computer users.

I also believe it is the responsibility of suppliers to ensure that consumers have the most appropriate protection preinstalled on their computers including antivirus, firewall, web browser and backup. Microsoft’s plans will provide most of this protection and it is already available at no cost; also its current quality is amongst the best in class.

The most important advice I offer my customers – use Microsoft Security Essentials, use Internet Explorer 9, do not think about backups – just do it or better still automate your backups into the “cloud”.

Finally, keep your computers protected with the latest updates from Microsoft and other suppliers – this is more important than many people realise since these updates frequently include fixes for newly discovered vulnerabilities.

Peter Mitchell says:
5 April 2012

Given that internet access is a key part of a computers use, why not expect inbuilt protection from virus attack. Surely the development of anti-virus software is an industry that has evolved to fill a weakness in the available operating systems. Why should Microsoft not fix a problem that in a perfect world their operating systems should have been immune to in the first place. My only fears are that Microsofts belated efforts may not completely meet modern day requirements, and may preclude the implimentation of a superior 3rd party package?

I have no problem with MS providing built-in AV protection, great idea.
However, I think that people will complain about it, it will get dragged through the courts and then probably people will be able to choose, just like they can with the browser.

The crazy thing is, if Apple did it, everyone would say it’s great, when MS do stuff like this, they tend to get dragged through the courts. Apple allow their OS to only run on their hardware, and you can’t install Windows on their hardware. Seems to me it’s one rule for one…

The way I see it, it’s Microsoft’s OS, they should be allowed to do what they like with it. If people don’t like it, don’t buy it, use Linux instead 🙂

People have been running Windows and Windows applications on Apple computers for years. It’s necessary when Mac versions of software are not available.

pitbullthe1st says:
8 April 2012

Just one comment Microsoft makes the os for people so there not making it for them it’s for us so it’s not there os it’s ours and if they don’t make it well eventually it would not be so a statement like ‘it’s there os is not right as without us it would not even be

Pam says:
5 April 2012

Yes of course Anti Virus software should be included in the OS. It really annoys me having to pay a subscription year in and year out for it. Software is expensive enough and if AV software was included that would save money. Or would it? Knowing Microsoft as we do they will probably charge an annual subscription as well!

pitbullthe1st says:
8 April 2012

There are a lot of good free AV’s out there so there is no need to pay for one and the most complimentary one I have found yet is comodo and they don’t try to sell you a subscription every year which is nice.

Phil says:
5 April 2012

What Microsoft may well do is help those who most need help. That is the people who quite rightly buy a computer as a tool to use for business, pleasure or whatever and are not, and have no desire to become, “experts”. I have met a number of people who bought their business computers with “free” anti-virus installed and thought that was it; not realising that they needed to pay after a short time. I also instruct computer learners who often have either no, or sometimes two or more anti-virus programs; using the erroneous more is better theory.

Presumably if everyone had some anti-virus then the Internet would have considerably less spam from spam-bots, and people would all be that little bit safer.

So while I wholeheartedly agree that competition drives innovation and is a good thing and is needed; getting everyone with some anti-virus (and for free) from the beginning is on balance the better choice. You can after all chose and pay for the security package of your desire.

I have never though Microsoft was the ogre that some make it out to be. I also don’t think them Saints. They have brought standardisation which is good for the people who want to achieve things using a tool (the computer); just imagine the phone system differing by county; or the electricity supply at the start of twentieth century; or the electronic data exchange between government departments (ooops!). And for those who really think MS is the devil incarnate, no one stops you writing your own operating system do they?

Whilst I agree mostly with what you say, I have to take issue with your statement that Microsoft ‘have brought standardisation’. What they have done is to create a monoculture of psuedo standardisation, which only *appears* to be standardised because everyone else is using the same tools.

The reality is that Microsoft hijacked standards that already existed for email, web pages, and a number of other internet based technologies and changed them just enough to lock out users of other Operating Systems. They did the same with office tools. In the early days of computing, most word processors used mark up languages, but Microsoft led the lock-in charge by producing proprietary formats that only their tools could use. Quite recently, they railroaded an ISO Standard (29500) through by stuffing the Committees and other tricks, even though a much better Standard (26300) had been ratified some years earlier and they don’t even implement that Standard themselves (it is impossible for anyone else to because it uses langauage like ‘do this like Office 95’. Their bad repoutation is not earned lightly.

The bottom line is that all Operating Systems should be a secure as possible and the provision of a free virus scanner that is enabled by default can only help. However, unlike most other OSs, the virus scanner on Windows is a Band Aid to patch the holes in a leaky system whereas everyone else mainly needs a virus scanner to ensure that they don’t inadvertently pass Windows viruses on to their Windows using contacts.

…. everyone else mainly needs a virus scanner to ensure that they don’t inadvertently pass Windows viruses on to their Windows using contacts.

Absolutely. Though I have only had one virus on a Mac computer in 20 years my anti-virus software has picked up hundreds of PC viruses in files I have been given or sent. Many of these would have been passed on to PC users if I had not used up-to-date anti-virus software. If we are going to exchange files, everyone needs to be careful about malware, irrespective of their operating system.

T.Beecroft says:
5 April 2012

The real issue for me is whether anti-virus software is worth having anyway. I don’t trawl the Internet and use it only for Internet banking and for information seeking. And I am led to believe that, as fast as anti virus software manufacturers improve the package, so all those who are creating the virus improve the methods of attacking the software.
So I wonder what the real risks are.

Ed says:
5 April 2012

Yes, Anti-Virus software is worth having. Even if you don’t trawl through nefarious websites, you can still pick up Virus’s and Malware from sites that seem legitimate. Also, a website that you trusted could have been compromised to send a Virus. Yes there are always new Virus’s being created, but the point is that having Anti-Virus software protects you from all the previous ones that have been used. Having an umbrella in the rain will keep you drier than no umbrella at all.

If you think in terms of the development of systems, malware and countermeasures being an ongoing arms race there is a lot to be said for diversity. Windows Defender may be excellent now, but if it is used by 65% of systems it will become the prime target of every hacker/cybercriminal. It would take only one successful break in to cause mayhem, and there will be more than one. (How about a hack which partially disabled Defender, messed up your backups and made it, and you, think that all was well?)

Of course, I might consider it if Microsoft were to offer an unlimited guarantee to fully compensate all users for damage to system, guarantee to recover lost data instantly, etc. in the event of a successful exploitation of some previously unrecognised vulnerability, but probably not.

Ed says:
5 April 2012

Microsoft really should have packaged AV software with Windows a long time ago. As to whether you have a choice, I think that’s a different matter but is easily solved by having an “AV choice” on first run that forces you to install some piece of AV software, be it their own or another one bundled with the OS. I know some people would cry out about this “forcing” upon the user to install something they might not want, but in all honesty it is a safety precaution, and many other pieces of technology and hardware have safety standards, why shouldn’t software have some as well?

the problem is that if microsft were to have done do so there would’ve be a huge outcry of unfair tactics, anti-competiveness, and even antrust allegation laid upon then, so they are blamed if they do, and blamed if the dont.

Most users dont install the free windows updates, and, dont install the free security essentials (or another other free or paid for AV product of choice)

so perhaps with Windows 8 it is time for the new OS to include a packaged AV in-the-box with the OS. And for those technically savvy users they can still chose to install an alternate solution if they want to.

Snowdin says:
5 April 2012

There is a case for built in AV for those who wouldn’t otherwise bother. However, I’m old enough to remember the way MS forced DRDOS5 and Netscape Navigator, both much superior and innovative products, off the market. If there had been fair competition we might have had far better Operating Systems and browsers now. The interaction of running 2 AV products together can stop AV software running properly so would the “essentials” part of MSE need to be inactivated in order to run another AV product? Defender alone doesn’t appear to conflict.
I appreciate MSE is getting better but I still prefer Kaspersky and (for free AV) AVG for more functionality. The independent AV-Comparatives and AV-test.org don’t show MSE as a best product, so I prefer to get the best at the right price on the “no free lunches” theory. Incidentally AV-test.org shows MSE performing worse in Windows XP than it does in more recent incarnations of Windows, something that the many XP users out there ought to be aware of.

Mighty Mouse says:
5 April 2012

First let me say where I stand on the Bill Gates/Microsoft monopoly issue.
I am grateful BG produced the Windows Operating System and made it such a success.
I am old enough to remember the work place in the 1980s when there were a number of operating systems by different manufacturers. You could spend and lot of time and money on all the interfaces trying to get the different systems to talk to each other. A geeks paradise, but hell for the rest of us.

I don’t mind Microsoft and what ever they like to the system provided they allow 2 things:
1. We are not forced to use their add-on, we use it if we prefer.
2. The add-on does not excessively escalate the price.

On my computer I have 4 or 5 browsers, but I use Firefox in preference to all the rest.

For Security I use Norton 360 Premier, and I would continue to use Norton with Windows 8, provided the system allowed me to do so.


Snowdin says:
5 April 2012

Could I just add to the earlier comments about keeping programme files updated, possibly just as important as the AV programmes? One reason I like Kaspersky is the Vulnerability Scan which advises on more secure browser settings and picks up programmes and sometimes individual files with known vulnerabilities. It is occasionally difficult to use, and occasionally misleading, but helps to produce a computer relatively unreceptive to malware and hackers. I’ve found the File Hippo Update Checker on the File Hippo website really quick and very user friendly, so far. A tool like this would be very useful in Windows, after all what proportion of computer users know to update the endlessly buggy Java and does even a tiny proportion even know what it does, ‘cos I don’t.

Mr N Hill says:
6 April 2012

Well, all I can say is that for the money, you pay for ‘Microsoft Products’ i.e. Operating systems, It should come with FREE antivirus software. After all if you don’t like it and prefer to use one of your own, then simply uninstall their’s and install your prefered.

Norman Naylor says:
6 April 2012

We know that the true cost of exploitation of personal computer security weaknesses is measured in hundreds of million pounds and yet, year after year criminals continue to find easy pickings because so many owners, either through ignorance or choice do not protect themselves. What I find even more surprising is that in the light of this drain on our personal and national finances, our government has not legislated to ensure that no personal computer is sold without internet security software pre-installed and designed so that it cannot be permanently disabled. We are all paying through taxation and in many other ways for this omission.
So, good luck to Microsoft. I welcome their sensible approach to this problem and since national governments have displayed, in my opinion, a complete lack of initiative in securing the internet on our behalf, let’s hope they take care not to interfere with those doing something useful.

Sophie Gilbert says:
8 April 2012

Not everyone is computer-literate or cautious. What’s wrong with having an incorporated anti-virus system to help people?

Les says:
8 April 2012

isnt this going to go the same way as microsoft explorer which ended up costing them millions. You would think they’ve learnt their lesson. Why not a baaner upon installation saying if you want to install anti virus software click on this link and make that part of the easy install process like they do for networking set up

David W says:
8 April 2012

When I buy a car I expect it to be ready for the road. I don’t choose and buy separately my tyres, headlights, etc. although I can always choose to change these later if I feel strongly about it. Why should a computer be different? It’s just another consumer product that should be fully functional out of the box. OK, fully functional will not include specialist software, but should, in my opinion, include a web browser, firewall and virus / malware protection.

I agree with David W that one expects to be able to use a car or any other purchase without firstly
having to buy,normally at inflated prices an essential piece of safety or security device before your
purchase would function SAFELY .
Yes you will still have the options of buying or downloading other manufactures security software.

Joshua Issac says:
19 May 2012

When Microsoft started bundling IE with Windows, you were still able to choose which browser to use. Only, it became cheaper and easier to choose a browser. As Dromo stated, it wasn’t the norm for browsers to be given away for free. Today, all the major browsers are free. The reason? IE. So what if Microsoft made some for-profit company go out of business? What Microsoft did was good for the user, and that is what matters.

It should be the same with antivirus software. I shouldn’t have to pay extra to make my computer work. It should be functional and secure, right out of the box. A large number of Windows PCs are infected by viruses, worms and trojans. Hurting PC users by withholding a built-in antivirus, just so that paid antivirus creators can make a profit, is wrong.