Microsoft this week began offering U.S. customers its free antivirus program via Windows' built-in update service, a move one major security firm said may be anticompetitive.
Last Monday, Microsoft started adding Security Essentials to the optional download list seen by U.S. users running Windows XP, Vista or Windows 7 when they fired up the operating system's update service. The move followed an Oct. 19 kickoff of a similar program in the U.K.
"Commercializing Windows Update to distribute other software applications raises significant questions about unfair competition," said Carol Carpenter, the general manager of the consumer and small business group at Trend Micro, on Thursday.
"Windows Update is a de facto extension of Windows, so to begin delivering software tied to updates has us concerned," she added. "Windows Update is not a choice for users, and we believe it should not be used this way."
If Windows doesn't detect working security software on the PC, Microsoft adds Security Essentials to the Optional section of Microsoft Update, a superset of the better-known Windows Update, or to Windows Update if it has been configured to also draw downloads from Microsoft Update.
Microsoft made a point to say that it was not offering Security Essentials via Window Update, but only through the Microsoft Update service, which also offers patches for new versions of non-operating system software, notably Office and Windows Media Player.
But most users won't understand the distinction because of the way that Microsoft has intermingled the two services.
In Vista and Windows 7, for example, Windows Update is configured out of the box to also poll Microsoft Update. And although Microsoft Update was once optional in Windows XP, new PCs with new installations of the OS now use Microsoft Update as the default update service.
"We welcome competition on a level playing field," said Carpenter of Trend Micro. "What concerns us is a vendor using market leverage to drive its solution in some unfair way."
Microsoft defended the practice, saying it was giving customers a convenient way to acquire antivirus software.
"We are always looking for the most effective and efficient ways to ensure our customers are protected against viruses, spyware and other malicious threats," said Jeff Smith, director of marketing for Security Essentials, in an e-mail reply to questions. "By offering Security Essentials as an optional download for PCs that are unprotected, we make it easy for those who want and know they need protection, but for whatever reason have not gotten around to installing it."
When asked to respond to rivals' anticompetitive concerns, Smith reiterated that Microsoft was not forcing users to download its product. "[It's] an optional download that customers with no antivirus solution can elect to download and install," he said. "[This is] just one of many options available to customers to get security software."
Other security vendors, including Symantec and McAfee, declined to say whether they, like Trend Micro, viewed Microsoft's move as anticompetitive or unfair. Instead, they downplayed Security Essentials' effectiveness.
"It's clear that today's threat landscape requires more comprehensive protection than what Microsoft Security Essentials offers," said Symantec in a statement. "From a security perspective, this Microsoft tool offers reduced defenses at a critical point in the battle against cybercrime."
McAfee took the same tack.
"Options that provide an elementary level of security, including Microsoft Security Essentials, mostly rely on traditional protection mechanisms," McAfee said. "McAfee products offer not only more features but most importantly, McAfee products offer real-time protection using cloud-based intelligence to combat even the most sophisticated threats."
All three vendors scoffed at the idea that they're scared of free antivirus rivals, and by implication, Security Essentials. "We've competed against free for a long time," said Carpenter. "We've not seen [free products have] much impact on our market share."
This isn't the first time that security companies and Microsoft have butted heads.
In 2006, Symantec and McAfee complained to European Union antitrust regulators about Microsoft's decision to block them from accessing the kernel in the 64-bit version of Vista, and barring them from its new integrated security center. Microsoft bowed to the pressure , and later promised to produce APIs (application programming interfaces) that gave security vendors some access to the kernel and allowed them to mesh their product's on-screen status features with the security center.
Carpenter declined to says whether Trend Micro would consider legal action against Microsoft over the issue, but said that her company "was always looking at issues like this."
In a follow-up e-mail, Carpenter was clearer. "We're concerned that Microsoft may be using its OS-based market leverage to box out other choices. If that were to happen, it would not be good for consumers or the industry, and would warrant a second look."
Trend was aware of the Security Essentials offer in the U.K. that started last month, but Microsoft's decision to do the same in the U.S. caught it by surprise. "We work with Microsoft on a lot of levels," Carpenter said, but added that Microsoft had not told Trend Micro it was expanding the deal to the U.S.
Not all eligible U.S. users have seen the Security Essentials offer because Microsoft is rolling it out over the course of the month, the company said.
Users who decline the download and then want to block the offer from reappearing can do so by right-clicking on the Security Essentials item, then selecting "Hide update" from the drop-down menu.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security hardware and software in Computerworld's Security Hardware and Software Topic Center.