Microsoft adds security muscle

(continued from previous page)

Microsoft first gained antivirus expertise in 2003 when it bought GeCad Software. It has continued to acquire companies and snatch people from established players to gain expertise in the area. The most recent hire is Dan Wolff, formerly of McAfee, who will run the research operation in Tokyo.

The Ireland operation in Dublin is being led by Katrin Tocheva, another recent hire who worked at F-Secure. Microsoft previously hired several other McAfee veterans, including Jimmy Kuo, now a Microsoft senior security researcher, and Vincent Gullotto, now general manager of security research and response at Microsoft.

Marx, who regularly tests antivirus software, has recently noticed "dramatic" improvements in the detection capabilities of Microsoft's OneCare. "In the past it could take days or even weeks for the Microsoft team to add detection of a new worm or bot sample. This has been reduced to a couple of hours," he said.

That's a much-needed improvement. OneCare earlier this year failed an independent test in which Virus Bulletin, backed by a team of U.K.-based researchers, pitted 15 antivirus software packages against a series of viruses. OneCare didn't catch them all.

Although Microsoft's leaps in antivirus detection capabilities may be impressive, they alone are not enough. Today's threats are much broader and include zero-day vulnerabilities, targeted Trojan horses, remote breaches and data loss. Microsoft is far behind in offering protection against those threats, experts said.

"The problem is that Microsoft's functionality is limited in nature," said Natalie Lambert, a Forrester Research analyst. "If it's really concerned about today's emerging issues, enterprise will be better off with a full-suite product from the likes of McAfee, Symantec and Sophos."

Marx also said that Microsoft lacks some key protection technologies.

"Microsoft has not even implemented an e-mail virus scanner in their OneCare product, not to speak about HTTP scanning or proactive detection technologies based on behavior analysis," Marx said. HTTP, or hypertext transfer protocol, is used for Web browsing and behavior-based detection is meant to catch new threats for which no signature exists.

Microsoft itself admits it isn't there yet.

"We're a credible voice in the industry, but we continue to have work to do in improving our response capacity and building out our global team," Miller said. "We're always under construction. The threat landscape is always changing, it is so quickly evolving. We're both built and under construction at the same time."

[imacpwr]

Just another MS Band-aid fix..

This is the equivalent of a doctor applying a band-aid to a patient
with a severely broken arm..
Before they add a band-aid they need to rip out the guts (dump
the works) and fix (create a whole new OS) the underlying
framework of Windows..

[Penguinisto]

I'll believe the hype when they ditch the NT core.

Until they ditch the NT microkernel architecture and/or codebase for something better, it's all just air and vapor coming out of Redmond.

The underlying NT architecture was never made for the uses its being put towards today, as evidenced by Vista and its ungodly high requirements. Exploits are now coming out (almost) daily for even Microsoft's latest and greatest offering... nearly all of the flaws and means are based on inherent problems with the underlying architecture and codebase.

To be honest, it's sad and pathetic that an anti-virus industry should be a "multi-billion dollar" one. In a better world, A/V companies would be niche players at best. But... when you've got a swiss-cheese operating system used by zillions, well, this is what comes of it.

It's damned sad when an OS maker looks to cash in on fixing their own deficiencies, instead of doing their best to prevent and eliminate them [i]in the first place[/i]...

Quality control? Nah - it's easier to pass on the bugs as potential profit for Microsoft's other division; you know, the anti-malware one.

Damn am I glad I ditched that OS years ago...

/P

[lkrupp]

You gotta hand it to Microsoft...

They figured out how to make even more money on their defective
software. So here's how it goes. First build an operating system so
full of holes a truck can drive through it. Then set up an entirely
new business model to charge customers money to protect them
from the defective software you originally created all the while
telling your victims how much you care about them. Now THAT's
what I call double dipping.

My hat's off to you Steve Ballmer. It's frickin' genius

[Sparky672]

Ballmer nails it!

Quoting: ~ "Some of our customers view this a little
controversially, in a sense that if we could solve these problems at
the root, why is there a need for extra products," Microsoft Chief
Executive Officer Steve Ballmer said this week. ~

Brilliant.

Most people have a little safety switch between the brain and
mouth. Ballmer's is broken.

[MSSlayer]

Ballmer has a brain?

I thought he was a robot

[GGGlen]

Thesis, antithesis, synthesis

Create a problem, offer a solution to that very same problem, then
bask in the glory of being called a "security powerhouse"/
'scuse me while I go off and retch

[timber2005]

Ok now seriously

Though as you are trolling on C|Net new posts... one can therefore make a fair assumption brain usage is optional a serious amount of your life... opps sorry for big words.

"Logically" speaking (google logically if you are clueless), do you think (same for the word think) Microsoft would actually ship a product on purpose with holes. Really? Or do you think its 400 lb, generally worthless people, sitting at home, coding away to attack hundreds to millions of people. And even if you DO think its the first... that Microsoft intentionally does that... the second is probably much more prevalant. (Heck, look at the bloody ANIMATED CURSOR flaw. What kind of loser had to find that and make themselves famous?)

I'll agree the NT core isn't "the right engine belt" for today's computers. Time for a new one.

[Kenny Yeung]

About the new core

I agree that =]

lets see can Windows 7's sandbox mode does

[Penguinisto]

Never ascribe to malice...

...what can be more correctly ascribed to incompetence.

To wit:

"[i]do you think (same for the word think) Microsoft would
actually ship a product on purpose with holes. Really?[/i]"

On purpose, as in engineered? Nope - but it would certainly
remove any pressure to squash bugs so as to meet the
deadlines, wouldn't it?

"[i] Or do you think its 400 lb, generally worthless people, sitting
at home, coding away to attack hundreds to millions of people[/
i]"

Considering that those "400 lb. generally worthless people"
stand to make a shedload of money off of selling time on their
freshly created botnets (consisting of a huge pile of you
Windows users)? I'd say they have a HUGE incentive in coming up
with new and interesting flaws to get hold of your box, and
thousands of boxes just like yours.

"[i]Heck, look at the bloody ANIMATED CURSOR flaw. What kind
of loser had to find that and make themselves famous?[/i]"

A more correct question would be this: What kind of loser would
code a [i]mouse cursor[/i] handler to crawl that deep into the
microkernel and potentially cause that much damage?

How's that for cold logic?

/P

[n3td3v]

microsoft's losing battle

they microsoft maybe protecting their own bugs, but what software is going to protect us from the protection software?

you guys say "he he microsoft is making money out of their own bugs!", but guys, their protection software _will_ be buggy too and will be hacked by the underground.

this isn't a solution, its more microsoft software added to the stock pile of broken code.

enjoy the honeymoon, microsoft security software will break your computer further than it is already.

expect "patch tuesday" to come along with patches for protection software which is ment to prevent hackers, not add to the onslaughter of global insecurity amoung the fleet of microsoft products...

[Leria]

Hate to point this out

But Symantec's software, McAfee's software, etc. have ALL been cracked at some time.

Second, Microsoft does not have BROKEN code. The code does what it is supposed to do but it also does some things that it is NOT supposed to do when exploited by people with nefarious intentions.
That is something that Microsoft can do little if anything about in the real world, since code has gotten so complex that no one person knows everything about it.

[Kenny Yeung]

Reminder

Just want to remind everyone.

As I see, more than 99% virus is caused by users dowload BT, movies or keygen...

If people do have Windows Vista with all updates, I am quites sure that no people will get any virus, because Internet Explorer protected mode prevent anything "write" to HD.

In Windows Vista and Windows XP, Microsoft Offers Windows Defender that put spywares out of the way "free", so there is non-sence to say Microsoft will make their software more holes for virus/spyware and the UAC did prevent virus running from PC.

Microsoft did admit their software have problem and I agreed that no software is perfect (even Mac OS / Linux).

In someday I sure hackers will find the hole in UAC / Defender so do any software does...

Everyone is hoping a pain free computer future...

P.S. I am a Microsoft Fan Boy, I don't afraid to admit that... Some people like Google, some people like Yahoo... I can tell u that everyone do love something...

From time to time I think some anti-virus company develope some virus...

[MSSlayer]

lol

Even an up to date system is exploitable. Attackers are always ahead of MS, or any company for that matter. Then add in MS's normally long patch process and you have very exploitable situation.

If a black hat finds a flaw first(very common) it is exploited before a patch is out, before they even start trying to fix a problem.

It is like AV software. If I write a virus today, the AV scanners are not going to find it(unless it was poorly written, and just copies older virus code) for quite some time. First someone has to discover my virus, then report it, then someone at an AV company has to research it, then write the code needed to detect it. Meanwhile, if I wrote the virus to do so, it could be rapidly propagating itself and causing untold amounts of grief, and this is while you are feeling secure with your up to date windows box running up to date virus scanners.

People get viruses for one reason: they use Windows.

The same behavior you describe in a user using OSX or Linux would not cause them to get infected. They would also be safe from my fictional virus.