http://seattlepi.nwsource.com/business/1700AP_Free_Security.html By ANICK JESDANUN AP INTERNET WRITER September 17, 2006 NEW YORK -- Microsoft gives away a security firewall with its latest operating system. Many high-speed Internet service providers offer free anti-virus protection for subscribers. And several Web sites distribute free toolbars to warn of Web scams. AOL even recently made a package of basic security tools - anti-virus, anti-spyware and firewall programs - available for free to anyone, not just paying subscribers. Despite all the free protection, primarily for Windows computers, leading security vendors are moving forward with plans to start selling their annual slate of security products this fall. Why bother, when so much is available elsewhere at no cost? "I absolutely don't argue that the highly tech-savvy consumer will and can search the Web for freeware and knock out 90, maybe 95 percent of the risk," said Lane Bess, Trend Micro Inc.'s general manager for consumer products. "That's not the largest (base of) consumers out there." Most people, he said, would rather install a package - for $50 in Trend Micro's case - that does everything. Free often means cobbling a package together: * Taking the basic firewall that comes with the Service Pack 2 version of Microsoft Corp.'s Windows XP, or getting a stronger one like Check Point Software Technologies Ltd.'s Zone Alarm to monitor and block outbound traffic as well; * Adding anti-virus protection from a high-speed Internet provider like Comcast Corp. or Time Warner Inc.'s Road Runner; * Obtaining one or more free spyware removal tools like Spybot Search & Destroy; * Installing a toolbar from EarthLink Inc. or elsewhere to block Web sites known to engage in e-mail "phishing" scams. Even AOL's free all-in-one package, which uses technology from McAfee Inc. and others, is incomplete, said Joel Davidson, an AOL executive vice president for products and technologies. Last week, the Time Warner unit announced that subscribers who pay $26 a month will get additional protections, such as a stronger firewall and alerts when malicious software tries to send out a bank account or credit card number. They'll even get more online storage for backup and free insurance for identity theft and computer damage. The free standalone products have even more limits. Major e-mail providers scan messages for viruses automatically, but they won't address threats that come from instant messaging or a rogue Web site, or a virus already on the computer. Trend Micro's free HouseCall virus scanner covers those situations, but users must remember to periodically perform a check, and they won't be automatically protected in the interim. Same goes for the free scan from Microsoft; automated scanning comes with Windows Live OneCare, which costs $50 a year for up to three computers and includes computer backup and tuneup services. And while Microsoft plans a more robust firewall in its upcoming Windows Vista operating system, it's holding back enough to justify selling OneCare separately. The free Zone Alarm, meanwhile, will generate a pop-up warning when newly installed software attempts to connect to the outside world. The $40 Zone Alarm Pro will have a continually updated database of programs that researchers know as good or bad, so pop-up prompts only come up in rare cases. "I don't think (the free version) reduces protection, but it is definitely less convenient," said Laura Yecies, general manager of Check Point's Zone Labs consumer division. "The user is essentially then putting themselves in the role of making determinations." The free and subscription versions of Grisoft Inc.'s anti-virus and anti-spyware products are nearly identical, but paying customers can get technical help from humans, instead of only the software's help files and Web site documents. And free software won't come with the ability for companies to easily update all their computers remotely, an issue for larger organizations, said Johannes B. Ullrich, chief research officer with the SANS Institute security group. Google Inc., Yahoo Inc. and computer manufacturers distribute free security products as well, but they are trial versions often with features disabled, said Kraig Lane, Symantec Corp.'s manager for consumer security products. The six-month Symantec software bundled with Google, for instance, will block known viruses but won't detect unknown ones, based on behavioral patterns, in the hours before a software update can be developed and distributed for new threats. "We want to have a little extra value" for paying customers, Lane said. Other restrictions are in the free software's license terms. A standalone version of AOL's anti-virus software, from Kaspersky Lab, comes with terms that permit AOL to send e-mail marketing messages, while Sophos Inc. gives free software only if a person's employer or school is already a paying customer. Some security is better than no security, said Bruce Schneier, a computer security expert with Counterpane Internet Security Inc. "I can complain about them (the free products), but going out free to millions and millions of users, you have to like that." Yet it's not entirely clear how many users even know of the free offerings. Bari Abdul, McAfee's vice president for consumer marketing, said Internet users often configure their browsers to bypass home pages that high-speed service providers use to promote free software. AOL subscriber Gail Taylor, a teaching assistant at the University of Illinois at Urbana-Champaign, said she never knew AOL gave away security software. But even after checking a number of free products at the request of The Associated Press, she said she still couldn't decide which of the free or fee offerings work best for her. She said she'd need to find time for more research, leaving her computer largely unguarded for now. Consumers who do install free products may be left with a false sense of security, added David Luft, a senior vice president for security vendor CA Inc. "Some of those limitations aren't always obvious to the end users until they run into a problem they thought might be addressed," he said. "They think they have something that's fully protecting them, when in reality they don't protect in a way they might need." -=- On the Net: AOL package: http://daol.aol.com/safetycenter Grisoft: http://free.grisoft.com Spybot: http://www.safer-networking.org _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Sun Sep 17 2006 - 22:38:40 PDT