Technology News and IT Business Intelligence

Free anti-virus protection for Windows, in one form or another, has been available for quite some time. In fact, these days it’s been used as the virtual equivalent of the retail “doorbuster,” enabling security companies to plant their brands on users’ systems. It’s a strategy pioneered by Ad-Aware and ZoneAlarm (now part of Check Point Systems).

But Microsoft — at least ostensibly — is not a security company, and becoming recognized as a security provider at this stage of its history would actually be more difficult than for most other software producers. Still the company has gone forward just hours ago with the live distribution of Security Essentials, its free and basic anti-virus system for Windows.

Although Microsoft does produce an enterprise-class security package, Security Essentials — while incorporating part of Forefront’s detection engine — is not a stepped-down version of Forefront, or a “good” or “better” option to Forefront’s “best.” So Microsoft’s intentions with Security Essentials are clearly not to make room for itself as a consumer security provider.

Instead, Security Essentials could change the market in two ways: First, it could moderate the impact of security software companies that draw attention to Windows vulnerabilities by scrimmaging over every major and not-so-major threat that comes along. Second, SE could improve Microsoft’s reputation for being responsible for the seaworthiness of its own principal product.

Both of these effects on the market could contribute toward one very important end goal: avoiding the characterization among consumers of Windows Vista — technically a much more secure operating system than Windows XP — as relatively insecure. Other than its fortress icon, Security Essentials stays very much in the background. And in Betanews’ experiences with the SE beta over the past two months, its impact on our everyday work in Windows 7 RTM was not noticeable, and quite possibly not even measurable.

“Not noticeable” appears to be Microsoft’s goal with Security Essentials; while other free packages are designed to be in-your-face to some extent (case in point, using system tray icons to report from time to time, “Your system is being protected!”) it seems Microsoft would be happy if SE’s users actually forget it’s there. In paragraph 2 of the company’s statement on SE this morning, consumer security general manager Amy Barzdukas summed up SE’s key virtue with the following few words: “It won’t get in their way.”

As an experiment, we ran several batteries of Web browser performance tests in Windows 7, once with Security Essentials turned on, and once with it disengaged and removed from memory. Performance times for major Web browsers, including Internet Explorer 8 and Mozilla Firefox, were sometimes equal; and in the SunSpider test, browsers were slightly faster with SE turned on.

The reason, we suspect, may have to do with the quad-core processor of our physical test system (Intel Core 2 Quad Q6600). SE does appear to use parallelism quite well; on our CPU usage meters, while ordinary processes tend to favor Core 1, during system scans, SE tends to start with Core 1 and then shift over to Cores 3 and 4. Third-party antivirus packages we’ve seen are not nearly as adept with parallelism; even Sophos (one of my personal favorites) generates a measurable, if negligible, performance hit on Windows 7.

Microsoft has begun playing down, however, what it had touted as SE’s key feature early in the beta process: a system called Dynamic Signature Service (DSS) of detecting and sharing threat assessments in real-time with a network of other security providers. DSS is still being portrayed as central to its Forefront commercial product; but Microsoft may have decided that, in the best interests of its goal to not get in anybody’s way, it may be better to turn down the volume on the message that 20 or more partners are looking into all the anomalies your system may be reporting.

Security Essentials can co-exist on some Windows users’ systems with Microsoft Defender, which is being re-cast as an anti-spyware program in the vein of Ad-Aware. Some users will, no doubt, be confused by the fact that SE frequently needs definition updates for itself (and can update itself), while Defender still alerts Vista and Win7 users in the background through Windows Update (when it’s set to explicitly notify prior to updating). That, ironically, may be the most frequent occurrence of SE getting in users’ faces. Until then, Microsoft is hoping that customers who’ve had enough about being reminded of potential insecurities, may be willing to spend a few moments of their time to invest in a new flavor of security tool: fire-and-forget.

AT&T announced today that the first handset from navigation company Garmin, the Nuvifone G60, will finally be available on October 4 both in stores and online.

Officially announced at the beginning of 2008, and expected in the third quarter that same year, Garmin’s Nuvifone had an extremely strong initial buzz. Unfortunately, the excitement significantly cooled when the device’s launch date was pushed back twice.

By the time it reached its third delay one year later, the company announced it had partnered with Asus for the G60, and the Windows Mobile-equipped M20. The partnership looked promising, but there is no mention of Asus in today’s G60 announcements, more than 7 months later.

In the time that Garmin was fiddling with the launch of the G60 (which incidentally is not a smartphone) other high profile GPS-enabled devices have grabbed the public’s attention to let the Nuvifone concept wither on the vine. Since the device’s initial announcement, the iPhone has gone through two generations, Palm made its big comeback stake with the Pre and has since announced its second webOS device, BlackBerry launched a glut of popular handsets including its first touchscreen device, the Storm, and the whole Android ecosystem was born. It has missed an extremely high time in mobile phone technology.

What once looked fresh and exciting will be coming to market stale. The $299 Nuvifone G60 comes equipped with all the same features as a high-end Garmin PND, including the dashboard mount, a full HTML Web browser and e-mail client, and a three megapixel autofocus camera with requisite geotagging capabilities. Unfortunately, this device was conceived before the app store craze so it cannot have third party applications installed and is therefore just a feature phone with fewer features than a cheaper and undeniably more popular smartphone.

The American Recovery and Reinvestment Act of 2009, better known as the “broadband stimulus plan,” included the proviso that the Federal Communications Commission (FCC) submit a National Broadband Plan to Congress by February 2010.

With just under five months left before the plan is due before Congress, the FCC today used the results of its 26 broadband-related workshops and hearings and nearly 41,000 pages of comments to describe the current state of broadband and enable Commissioner/public feedback for review.

“We still have a lot of work to do. But with all of the data we’ve gathered in our workshops and hearings, in the record, and in our own research, we think we have a pretty good handle on the status of broadband in the US,” said Blair Levin, Executive Director of the Omnibus Broadband Initiative.

FCC’s facts about US connectivity today:

• Actual broadband speeds lag advertised speeds by at least 50%*
• Speeds slower than 768 Kbps do not qualify as “basic broadband”
• Between 3-6 million Americans are unserved by basic broadband
• 4% of Americans have no broadband access at all due to geography
• 33% of Americans have access to broadband, but have not adopted
• 66% of Americans have adopted broadband at home
• More than 70% of high school students use the Internet as primary homework research tool
• There are no broadband connection services specifically for public safety, they have been limited to commercial services
• People with disabilities use the Internet half as much as people without
• Only 29% of lower income users have made purchases online, compared to 82% of upper income users
• More than 77% of Fortune 500 companies posted jobs and accepted applications online only in 2005, and that number has only increased

According to the Commission’s preliminary estimates, it will cost more than $20 billion to provide “universal availability” at speeds between 768 Kbps and 3 Mbps, and for 100 Mbps and above, it could cost more than $350 billion. Ensuring that all areas have either multiple carriers or multiple methods of connection to prevent local monopolies will make the cost “significantly higher.” Part of this includes assessing the wireless spectrum to accommodate future mobile broadband consumption.

The FCC has a four hour long open meeting occurring today (being liveblogged, Twittered [@FCC], and broadcast live online) devoted entirely to the Broadband Plan, in which the public is highly encouraged to participate. The facts listed above are only some of the major points the commission will be making today.

“We…want the public to weigh on the facts and analysis we will present so we can make adjustments now, while we are still at a relatively early point in the process, rather than later, after decisions have been made,” Levin continued.

*Originally the FCC said it was between 50%-80%, but later retracted the statement, saying: “This sentence is incorrect: our data does not support the 80% figure.”

A little over three weeks until global availability (GA) day for Windows 7, major software retailers have heavily discounted pre-orders for the OEM full-installation editions (minimal packaging), with Newegg offering the Home Premium SKU at $99.99. That’s half the price of the MSRP for the full retail edition, and four cents more than a retail upgrade package.

But that’s still not the least expensive option. For an indeterminate period of time, Newegg has slashed $20 off the OEM price of the Vista Home Premium SKU, marking it down to $89.99 and leaving the free Windows 7 Tech Guarantee upgrade coupon attached. It’s a little less convenient, you’re stuck with a copy of Vista you may never use, and your Windows 7 version is an upgrade rather than a full install, but you save ten bucks. In fact, the version without the Tech Guarantee coupon is $10 more; you would actually spend more money not to get the Win7 upgrade coupon.

Newegg today is also offering deals on the Professional and Ultimate SKUs, though for them, it’s cheaper to go with the Windows 7 full-install OEM than with the comparable Vista version with upgrade coupon. A single license for the Win7 Professional SKU saves as much as $15 over the comparable Vista version, and Win7 Ultimate OEM will save you $5 over the comparable 32-bit edition, $15 over the 64-bit.

Curiously, the deals for single-license packages are better than for multiples today, as a three-pack Win7 Ultimate OEM runs $549.99, a three-pack Win7 Professional runs $409.99, and a three-pack Win7 Home Premium is priced at $349.99.

As we’ve mentioned here in Betanews before, a migration from Windows XP to Windows 7 is not altogether impossible, though it requires migrating through Vista first. There are definitely headaches involved, and many professionals suggest that those headaches can be avoided by either cleanly installing Windows 7 with a full install version, or create multiple boot partitions and place a clean Win7 in a new one alongside the older XP partition. As of now, the price for avoiding these headaches and reclaiming several lost hours — at least for Home Premium installers — is merely ten bucks.

Last week, Google issued a cease and desist order to Android modder Cyanogen, whose popular Android ROM modification was downloaded more than 30,000 times, but included versions of closed source Google applications instead of purely the open source components.

In a blog explanation, Google said, “Unauthorized distribution of this software harms us just like it would any other business, even if it’s done with the best of intentions.”

The modding community was outraged, and many claimed it to be the end for Android as an open source project. Some called for boycotts, some proclaimed that it was time to start developing for the iPhone, some just generally overreacted. Cyanogen’s ROM crossed the open source line by including Google’s closed source packages like Gmail, Google Maps, and even the as-of-yet unreleased new Android Market.

Now, a coalition has formed called the Open Android Alliance which seeks to prevent this sort of clash from ever happening again by creating an Android environment that is 100% free and open source under the GPL3 code license.

“We don’t have anything against the existing closed applications, however, we believe in open platforms and want all users to be able to modify their systems as they see fit. Above all, remember, we are not ‘Anti-Google.’ We are ‘Pro-Android.’ Please act accordingly when posting on this project,” the project’s summary says.

Attempting to replace Google’s services in Android is going to prove a colossal task, as it includes replacing the majority of the Android experience as users currently know it. This involves bringing in a new e-mail client, IM client, navigation/Google Maps client, calendar, YouTube application, Android Market, sync manager, setup wizard, and much more.

In a complete reversal of roles for at least one of the principal advocates for equal access to Windows Web browsers, an attorney for the European Committee for Interoperable Systems told the European Commission in a statement published by The Wall Street Journal today that he now sees the possible inclusion by Microsoft of a Web browser selection ballot for European users of its upcoming Windows 7 operating system as a threat to those users.

Last July, Microsoft submitted a proposal to the European Commission that it hoped would comply with its demands to unbundle Internet Explorer 8 from Windows 7, and give users a choice of competing browsers. “Nothing in the design and implementation of the Ballot Screen and the presentation of competing Web browsers will express a bias for a Microsoft Web browser or any other Web browser,” the proposal reads, “or discourage the user from downloading and installing additional Web browsers via the Ballot Screen and making a Web browser competing with a Microsoft Web browser the default.”

A few scant details of Microsoft’s proposal have emerged since then, including a mockup of a possible ballot screen — albeit one that clearly appeared to have been rendered by IE8. Still, based on what information has been made available thus far, ECIS attorney Thomas Vinje characterized the questions that consumers would be asked to answer as “threatening and confusing,” warning the Commission that Microsoft’s plan may appear to be in compliance with its demands, but will end up being ineffective.

Vinje’s response was not to the WSJ itself; rather, it was one response to a questionnaire, discovered by Reuters last Friday. The questionnaire was sent by the European Commission to an indeterminate number of the “interested parties” in the Web browser bundling affair, one of which is the ECIS, whose members include Opera Software. Last summer, Opera was on record as supporting the notion of a browser screen, although the ECIS’ response indicates that it now takes issue with what appears to be Microsoft’s strategy for the ballot screen, which has certainly been subject to change over the past three months.

Though the Mozilla organization remains officially supportive of the screen proposal, Mozilla Foundation CEO Mitchell Baker also went on record last month as skeptical of the company’s tactics. Baker suggested at the time that giving the user that single choice may not be adequate for removing IE8, should that be the user’s wish. Since then, she wrote a supplemental piece last week which suggested that users should be given the choice continually to change browsers, as part of an ethic of maintaining interchangeability along with interoperability.

“This ability to change components, to enhance or maintain a product the way to meet individual needs is at risk in the online world,” Baker wrote. “Similarly, the ability of independent creators to try new things is at risk. Technology manufacturers use both technical and legal means to restrain this freedom. Some make it difficult technically to change a component. Others try to make it illegal. Some do both.”

This week, all three of the world’s top general search engines touted the addition of deep links to their search results, although Google has been actively experimenting with deep links since this time last year. The basic premise is this: For Web pages that have named anchors above selected subsections — for example, <A NAME=”Details”> — the search engine is capable of generating subheadings in its search results that link users directly to those subsections, or at least to subsections whose titles imply they may have some bearing upon the query.

The fact that deep links are now official features of Google, Yahoo, and Bing search may not be nearly as relevant today as the fact that all three services made their announcements almost in unison. It’s an indication of an actual race going on in the search engine field, reminiscent of the horse-and-buggy days of the early ’90s when Lycos and AltaVista were vying against Yahoo for search supremacy. This despite the fact that Yahoo is due to be utilizing search results generated by Microsoft’s search engines Real Soon Now.

But is all this just more bluster? Now that there at least appears to be a race once again in online search functionality, are the major players merely vying for position in the consumer conscience, or are they really doing something in the laboratories? Betanews sought out to see whether we could run into any real-world examples of deep linking improving the quality of search results…knowing full well that since Web pages have evolved over time to become shorter, the use of named anchors has fallen out of favor along with Netscape Navigator.

Although we managed to uncover deep-linked pages through Google and Bing just by accident this week, it’s in hunting for them intentionally that deep links seem to scatter like startled squirrels. We started with some purposefully general, broad queries that should stir up old, existing pages.

“Abraham Lincoln”, for instance, turned up zero deeply-linked citations within the first 100 returned by Google. Yahoo, however, provided a deep-linked reference on page 1 to the Abraham Lincoln Bicentennial Commission entry on Wikipedia — one of Yahoo’s partner sites for its drill-down filtering feature. No more deeply-linked entries appeared in Yahoo’s top 100, though. Bing also pulled up zero deeply-linked references in its top 100.

What if we refined the context — would deep links crawl out from under the woodwork? For Google and Bing, no — adding “Stephen Douglas” as a criterion, for instance, did precisely nothing to draw out any deeply-linked results. It’s hard to imagine that, over the long years that pages have been published on the Web, no single page on the Lincoln/Douglas debates of 1858 ever used named anchors. It could, instead, be an indication that the anchors on those pages have yet to be indexed.

But what’s this? Yahoo turned up one deeply-linked reference to the debates as item #1 in its search results, and another reference to Stephen Douglas as #5. Once again, though, both are from Wikipedia; and although Wikipedia’s shallowly-linked reference to the debates was #3 on Google and #2 on Bing, Yahoo’s high placement along with links to history books for sale on Amazon as #2 and #3 (including links to reviews, obviously as a favor to another Yahoo partner, Amazon) indicates that Yahoo’s success on this test may not be by virtue of a highly reformed index, but instead a special arrangement with partners.

If Yahoo were as active in indexing its deep links as the Wikipedia results imply, then it would have attached deep links to other entries that it did turn up, from wiki-based systems such as this item on Stephen Douglas from Conservapedia.com — #12 on Yahoo’s list.

Which brings up an important point: As many recently published Web sites use open source Wiki software, which do generate named anchors for their subsections, there’s really no excuse for search engines that profess to provide deep links to have avoided indexing them. Since we’ve seen occasional deeply-linked examples pop up from out of the blue on Google since September 2008, you would think at least Google would have had time to index such pages before declaring this part of its service officially live.

Next: Can we find any unique deep links on Google or Bing?

In the second colossal overturning of a jury verdict against Microsoft this month alone, a US District Court judge in Rhode Island has completely tossed out a $388 million patent infringement ruling against Microsoft. But rather than just accept the arguments that the jury’s formula was excessive — an argument that the Federal Circuit Court of Appeals agreed with last September 11 — the district court judge flame-broiled the case of an Australian inventor who claimed to have created keycode-driven software activation, as not only without merit but ludicrous.

Judge William Smith shot down most of inventor Uniloc’s arguments, except for the one right up front. It concerned whether Microsoft’s product activation system used a locally unique identifier (LUID) to represent a software license holder — the person, not the software. Uniloc’s patent described a system whereby a completely unique (or as Microsoft might put it, “globally unique”) identifier represents a licensee. The randomizer in this system is supposed to be powerful enough that it would be virtually impossible for any two systems operating independently to generate the same number. (This despite the fact that, years ago, this reporter was able to accomplish this feat during a beta test of GUID.)

Microsoft’s argument was that “virtually” impossible was not enough, but more importantly still, that its activation system was written in such a way that personally identifying information was excluded from the license — intentionally, so that no one stealing a computer could reverse-engineer a software license to learn about the licensee. Judge Smith ruled, however, that a reasonable person could come to the conclusion that such a uniquely generated number tended to represent the software installed on the computer belonging to the person whose name could be looked up in the Windows account directory. That fact, however, inevitably played into Microsoft’s hands, because Uniloc’s own expert witness testified that its patent generated unique values using a hashing algorithm that would utilize multiple inputs using addition. Microsoft’s technique uses the MD5 algorithm, which Uniloc’s own expert described as not performing the task explained in Uniloc’s patent.

“A simple comparison of MD5 as a whole to the algorithm Uniloc’s patent discloses clearly reveals non-equivalence,” Judge Smith ruled. “While the existence of additional components or different steps does not per se preclude a structure from being considered substantially the same as another structure, the various non-additive mathematical operations in MD5 demonstrate significant (and undisputed) differences between MD5 and the summation algorithm in the ‘216 patent [for Uniloc], which cannot be overstated. For example, the compressive, circular shifting and mixing functions fundamentally create a more secure result compared to an algorithm based in summation as the specification discloses. Indeed, the unchallenged evidence was that MD5’s hallmark is the variety of its logical and mathematical steps to obtain a more secure result. This complexity highlights the advantage of an irreversible one-way function with a fixed output, instead of an algorithm that uses a single type of reversible operation (with no fixed output), such as that disclosed in the patent.”

Uniloc’s case pretty much falls apart from there, because the use of a different technique than the one patented pretty much implies that Microsoft could not have acted maliciously to infringe Uniloc’s patent; indeed, it could be argued that Microsoft actively worked to avoid infringement by using MD5, which Microsoft’s expert explained as a superior algorithm and which Uniloc avoided contesting directly.

Instead, Uniloc’s attorneys went with the strategy of trying to explain its technology in very simple terms — perhaps too simple, relying on bits and pieces of spotlighted terms and concepts as evidence that Microsoft’s entire scheme violated Uniloc’s entire patented concept. The judge called Uniloc on it: “Uniloc’s approach, both to the jury and now the Court, is to boil down complex computer software programs to a kind of generic word find puzzle, that ignores how the allegedly infringing system actually works and, most important, the actual disclosure in the ‘216 patent. Some of these documents no doubt say MD5 and SHA-1 are a type of hash, or checksum. This is undisputed. But the fact that the word ‘hash’ or the phrase ‘hash total’ appears in the same sentence as ‘addition’ (in documents unrelated to PA [program activation) is beside the point in the overall picture of what the evidence showed the complex hashes in this case actually do, and whether that is equivalent to the 'by addition' structure Uniloc disclosed."

One of the areas fuzzed over using this tactic, the judge found, was the concept in Uniloc's patent that the software only becomes functional once the software is activated. Microsoft's system has historically given users a grace period, sometimes with limited or diminished functionality, before shutting off access to software; and that very fact suggests that it isn't the activation that makes the software functional in the first place.

"This grace period functionality is not trivial. For example, Office XP limits the licensee to 50 boots, and the product functions with all of its features during this time (the evidence was that on the 51st try, if the user does not activate most features become disabled). But if a user were to install the software, agree to the EULA [end user license agreement] and then not close the software for six months, it would function fully for that period of time, and have 49 boots remaining. This is clearly much more than a frisbee. The long and short of it is this: as a matter of law, PA cannot be a registration system with mode switching means as that term has been construed. Uniloc deems this conclusion a hypertechnical trap contrived by Microsoft. But in this writer’s view, it is the unavoidable (and correct) result — one that in hindsight could have, and perhaps should have, been reached when Microsoft first raised it as a summary judgment question of law for the Court, not the jury. It is undisputed that licensing of Microsoft’s accused products takes place separate from and before activation.”

Judge Smith evidently was capable of navigating through the most intricate details of both sides’ expert arguments, including a very passable summary of how MD5 works. Perhaps neither side expected him to have such a comprehensive understanding of technology as well as the law. As the remainder of his ruling unraveled, he did take the jury to task after all for succumbing to Uniloc’s appeal to the jury, which he said “elevates form over substance,” in assessing damages not at $18 million or less but at $388 million. Should this case be retried, Judge Smith wrote, the evidence that led the jury to that higher figure should be deemed “irrelevant.”

Launched on Tuesday, Bento 3 is the third major release of the personal database from Apple’s FileMaker division since the original rollout of the product in January 2008.

With the new Bento 3, users can employ Apple Bonjour, a technology intro’d earlier for iTunes and iPhotos, to let other users on a Wi-Fi or wired LAN locate and view information in their personal databases.

Bento 3 users can protect their information by allowing access only to those who know a “sharing password,” said Ryan Rosenberg, FileMaker’s VP of marketing services, in a briefing for Betanews. The new version also adds 128-bit AES encryption, which can be used for safeguarding either the entire database or fields.

New in version 3, too, are iPhoto integration, a “Grid” view, and ten more templates, including Job Search, Home Search, TV & Movie Catalog, Vacation Planner, and Meeting Notes, for instance.

Added to the 25 templates already included in Bento, the ten new ones bring the total to 35. But users can also download any of 286 templates from the online Bento Template Exchange that went live on June 16, Betanews was told.

In a demo, Rosenberg showed how a husband and wife might use the new Home Search template in Bento 3 to give individual ratings to new houses they’ve visited, and then to share their respective ratings of the various buildings over a network.

But although people continue to use Bento for these and other personal purposes, including keeping track of hobby collections, recent research by Apple’s FileMaker indicates that many users have turned to Bento for running small businesses out of their homes. One home-based appellate lawyer in San Francisco, California, uses Bento to organize information about clients and cases, said Rosenberg.

Mac users in larger organizations tend to gravitate to the FileMaker database, according to Rosenberg. Apple first devised Bento to compete with Microsoft Access, he noted.

Through the new iPhoto integration in Bento 3, you can see photos in Bento through any of four views: Table, Form, Split, or the new Grid view. You can link photos to contacts, projects, events, and other Bento data, and you can store more information about a photo than what iPhoto is able to accommodate, the VP elaborated. The new Grid view can show text along with thumbnails of pictures, forms files, and movies.

Available immediately, Bento 3 is priced at $49. Apple’s FileMaker is also offering $20 rebates to people who own Bento 1 or 2.

Last May, FileMaker unveiled a smaller edition of Bento specifically for the iPhone and iPod Touch, Rosenberg pointed out. A free update to the $4.99 mobile edition — supporting synchronization with the Bento 3 desktop edition for Mac OS X Leopard and Snow Leopard — was also announced this week.

Today Microsoft released Security Essentials for free. I’ve been testing the software for the last month, and I’m nearly at a loss how to really review it. Either the software doesn’t really work and my laptop is a malware whore, or Security Essentials works so well you just set it and forget it.

The software has never warned of any malware infection. It works silently and doesn’t hog resources — typically less than 6,000k memory, according to Task Manager. Next to perhaps AVG 8.5, I’ve never used anti-malware software that asked so little of me or my computer (Read Scott Fulton’s take on Security Essentials).

Security Essentials is another example of Microsoft improving software UX (user experience). Among Joe’s six principles of good software design, Security Essentials embodies the two most important. Good software: Emphasizes simplicity and hides complexity.

By comparison, Windows Vista and Internet Explorer 7 violate these two principles at seemingly every opportunity. User Access Control prompts in Vista and security warnings in IE 7 demand too much from end users. Rather than drive 120km per hour, users must slow down for Windows Vista or IE 7 speed bumps. It’s terrible product design because:

• End users get angry about waiting and they so develop bad feelings about the software and Microsoft.
• Most people don’t understand enough about security or the prompts to make the best decision. Confusion makes some people feel stupid, and so they also feel unhapppy about the software and Microsoft.
• Numbness sets in, so that end users ignore the security prompts. They develop bad click-through habits, increasing risk from ignoring prompts or mindlessly clicking through a browser generated-malware pop-up.

Good security UX is about balance, by providing the best protection without being too intrusive. My favorite analogy is the street-side shop, where goods are displayed in the window and on the sidewalk. People need to see the goods to buy them. But as the economy has declined, so has sidewalk thievery, so the shopkeeper moves the goods inside. That turns out not to be enough. Someone breaks into the shop through the big window and steals the goods, so the shopkeeper puts up bars and a gate. Each new security measure limits the shop’s ability to conduct business with legitimate customers, just to keep out a few criminals. At some point, the security measures sacrifice commerce for safety. That’s exactly the kind of security approach Microsoft applied to Windows Vista and IE 7.

Windows 7 and IE 8 reduce the security complexity, but there is still too much of it. That said, there is lots more balance than before. The defaults are just about right but security prompts still a few too many. Microsoft’s approach is more like a car prompting when the driver hits the left-hand signal: “Remember to look over your shoulder for oncoming traffic before making the turn.” Such audio prompts would drive drivers crazy. Hehehe, maybe it would be a good green tactic. Riding a bicycle would be preferable to the constant nagging while driving.

So, it is refreshing to find Security Essentials to be so silent and unassuming. Good security software should protect, not ask if you want to do something that might be risky or whether you really want to be protected. But this unassuming simplicity makes a review, other than perhaps purposely infecting my laptop, difficult because there isn’t much to say.

An Essential Utility

As such, I’ll talk strategy and what the software means for Microsoft’s former security software partners. The question: Should Microsoft offer free security software to consumers? Absolutely. There is no choice, and Microsoft would do customers better by fully integrating security software into Windows 7. But Microsoft has enough antitrust problems in Europe to make including antivirus risky business.

Integrated or separate, I see four reasons why free security software from Microsoft is a must:

• Windows brand
• Customer safety
• Shadow ecosystem
• Corporate responsibility

Windows brand. Security problems have damaged the Windows brand. Who wants to drive an unsafe car? Apple has enjoyed much success by ragging on Windows security in advertisements, such as “Get a Mac” commercials. Additionally, offensive third-party anti-malware — meaning annoying and resource hogging — detracts from the end-user experience, which also hurts the Windows brand.

Worst of all: Malware infections, where people feel vulnerable and invaded before a torrent of porn popups or other malady. Who gets the blame? Microsoft and Windows. It’s funny how little the criminals are accused. When the bank is robbed, despite its security measures, who do people blame? The bank or the robbers? You know the answer.

Customer safety. Windows is Microsoft’s product. The primary responsibility for protecting it from marauders should be Microsoft’s, not third parties like McAfee or Symantec. Microsoft’s first obligation is to the customer who buys Windows with the reasonable expectation of using it safely. Microsoft must do everything possible to ensure customers’ privacy and identities are protected from criminals. Who wants to move into a bad neighborhood, where muggers and murders roam the streets and house to house? Just one worm, Conficker, has infected millions of PCs. But experts dispute the number, which could be as low as 3 million or as high as 10 million, when considering variants.

A second obligation: The PC manufacturer who sells a computer with Windows. Security problems tarnish brands like Dell and HP, too. There, many OEMs have failed their customer responsibilities, by shipping consumer PCs with anti-malware software that typically expires in 30-90 days. Microsoft is doing right by both customers — OEMs and PC buyers — by taking more security responsibility.

Shadow ecosystem. OK, this is going to start the flamethrowers. Calm down, commenters for what you are about to read. I assert that Microsoft has got an undeserved bad security rap. Windows XP is pretty secure from Service Pack 2 onward. Windows Vista and 7 are even safer, mainly because of changes to user rights privileges and the hardened kernel. IE is still a bugger, but it’s safer today than two versions ago.

Microsoft’s security problems are more a byproduct of its success than poorly written code.

Microsoft describes its Windows partners and their products and services as an ecosystem. Third parties greatly profit from this ecosystem. But there is what I call a shadow ecosystem that profits from exploiting Windows rather than extending it. Third-party anti-malware providers operate in the shadow ecosystem fringes, by fixing security bugs rather than exploiting them; their assistance is vital to Microsoft and its customers and partners.

But the shadow ecosystem is mostly made up of parasites. They attack the Windows ecosystem and would destroy it by profiting from it. Microsoft can’t escape the shadow ecosystem. The ecosystem of developers, resellers and other partners make money from Windows platform strengths. The shadow ecosystem profits from the platform’s weaknesses. Because both ecosystems come from Windows, Microsoft must take responsibility for them.

Corporate responsibility. But Microsoft’s security responsibility is bigger, because most PCs connecting to the Internet run some version of Windows. Microsoft’s responsibility to protect then is about 1 billion PCs and the commerce that takes place on them.

Every botnet puts the entire Web community at risk. For years, I’ve recommended that companies should provide all employees with free anti-malware software. Actually, use of the software on personal PCs should be a requirement of employment. If your employee’s personal PC is infected by malware and participates in a botnet spewing spam or other maladies, he or she is the enemy. To Microsoft I say this: You should make free security software available for personal use a part of corporate volume-licensing contracts. Competitors will cry antitrust fowl, but they could offer similar option. Microsoft, do the right thing.

Security Essentials’ release isn’t enough, however. Microsoft should take a bigger risk of offending third-party anti-malware developers and even European or US trustbusters: Advertise. Microsoft should make Security Essentials a part of Windows advertising, as the company has done with Windows Live Photo Gallery. Microsoft should build brand awareness like it has with Bing. “There’s a safer Windows. Windows 7. It’s safer still with Microsoft Security Essentials. It’s so simple. Set it and forget it. Security Essentials will remember to lock the Windows so you don’t have to.”

For the consumer market, Security Essentials is the kind of product Microsoft should have released long ago. Is it good enough? That’s the question millions of users will answer over the coming months.