Windows anti-spyware to come free of charge

Bill Gates says Microsoft won't charge customers for its spyware and pop-up killer.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read
SAN FRANCISCO--Ending speculation about whether it was shifting to a paid model, Microsoft said on Tuesday that it will provide customers with its new anti-spyware software for free.

The pledge, made by Microsoft Chairman Bill Gates during his keynote speech kicking off the RSA Conference 2005 here, comes after the company had been testing its AntiSpyware application--technology it acquired with its purchase of security software maker Giant Software.

"Just as spyware is something that we have to nip down today, we have decided that all licensed Windows users should have that protection at no charge," Gates said.

The initiative is part of Microsoft's efforts to strengthen security for home and business users of its Windows desktop software. Consumers are not always aware of the dangers of such threats as spyware, viruses and "phishing." A study published last October found that more than 80 percent of consumers had been infected by spyware.

While Microsoft turned its attention to general software security three years ago with its Trustworthy Computing Initiative, the spotlight on consumers began a year and a half ago, after the MSBlast worm infected millions of home PCs. The worm taunted Microsoft's founder with the message, "billy gates why do you make this possible? Stop making money and fix your software!"

Microsoft introduced the beta, or test version, of its Windows AntiSpyware application last month. The program is designed to protect Windows PCs from spyware--software installed on computers without their owners' knowledge. Typically, spyware generates pop-up ads or keeps track of people's Web surfing.

Windows AntiSpyware is Microsoft's answer to a threat that came essentially as a surprise to the software giant. Gates acknowledged that the threat appeared on the company's radar over the last year and said the company had to do better this year.

"We need significant advances to make sure this (threat) does not spread like it did this year," he said.

The company also gained a valuable spyware-reporting network, dubbed SpyNet, in the Giant acquisition, Gates said. The tool identifies potential spyware on PCs connected to the network. It then asks customers if they want to clean the software and reports back to Microsoft what code has been removed.

"We can see what (malicious software) is being downloaded and make sure the signatures are kept very up-to-date," Gates said, adding that the company gets about a half million reports a day of spyware through SpyNet. Nearly 3 million users participate in the SpyNet program, he said.

One security company welcomed the Microsoft announcement but struck a note of caution about the company's expansion

into security software.

"I am glad to see Gates is focusing on securing the desktop," said Gregor Freund, chief technology officer of Check Point Software, which develops desktop security software. "However, there are some serious downsides to Microsoft's approach. Just by entering the security market, Microsoft could stall innovation by freezing any kind of spending of venture capital on Windows security, which, in the long run, will lead to less security, not more."

Microsoft has recently been making buys to bolster its security lineup. After closing its aquisition of Giant, the software giant last week said it plans to buy enterprise security software maker Sybari Software, a business-focused move.

During his speech, Gates also said Microsoft will release a new, more secure version of its Internet Explorer browser, which will launch separately and in advance of the next version of Windows, aka Longhorn.

IE 7.0 will use security features available in Microsoft's most recent security update to its operating system, Windows XP Service Pack 2, he said.

The company also plans to bring together its various update services and offer a single place to get security updates for each class of customer. The software giant will centralize Windows, Office and application updates through a consumer service called Microsoft Update, Gates said. Microsoft Update is similar to Windows Update and includes the Automatic Updates feature, plus access to security and reliability updates for Office and other Microsoft applications that run on Windows, a Microsoft representative said after Gates's speech.

Small and midsize businesses that have many PCs to manage and that want some control will be offered another service, dubbed Windows Update, he added. Large companies can exercise more control using Systems Management Server, also known as SMS.

Customers last got a major security upgrade from Microsoft in August, when the company launched Windows XP Service Pack 2, aimed at locking down computers. The operating-system revamp took more than nine months to complete and added a central security interface, a better firewall and several under-the-hood improvements to lock down Windows PCs.

Microsoft is spending fully one-third of its $6 billion research and development budget on security technology, Gates said Tuesday.

Separately, Gates said a planned Windows Server 2003 update, expected later this year, would ship "next year." A Microsoft representative said Gates was referring to the software maker's next fiscal year and that the update, code-named R2, is still on track to ship this calendar year.

CNET News.com's Ina Fried contributed to this report.