Despite the much vaunted launch of its Trustworthy Computing Initiative nearly two years ago, security concerns are continuing to impact on Microsoft's bottom line, with large customers reported to be holding back orders as a result.
In terms of security, Microsoft has had an awful 2003, with a summer of endless patches and security alerts. Things got so bad that a virus actually managed to penetrate the hallowed grounds of the Microsoft Professional Developers Conference in Los Angeles last month. According to one attendee, who wishes to remain anonymous, delegates were unable to access the conference's wireless network due to a security problem. Apparently, the Wi-Fi network was brought crashing down on the first day because a number of laptops -- belonging to the crème de la crème of Microsoft's developer community -- were infected with the MSBlast worm. Not a great start by any means.
Despite the recent rash of viruses it seems the call for firewalls, antivirus (AV) software and patching has fallen on deaf ears. Foreseeing this kind of problem, in June 2003 Microsoft acquired GeCAD Software, a small antivirus vendor based in Romania. Experts believe this could lead to future versions of Windows having a basic antivirus program bundled into the main OS. True to form, Microsoft is playing its cards close to its chest and keeping plans for GeCAD's technology a secret. At an analyst conference earlier this month, chief executive Steve Ballmer reaffirmed that security is top of the Microsoft agenda. "We rarely fail at something that is our top priority, and this is absolutely our top priority. It's not like horseshoes -- we can't just come close," he said.
The software giant isn't new to antivirus technology. Back in the early 1990s, the company included an antivirus utility made by Central Point Software in its MS-DOS and early Windows operating systems. MSAV, as it was known, was short-lived, however. It was dropped from Windows shortly after Symantec acquired Central Point Software in 1994.
More recently, Windows XP was the first Microsoft OS to include a built-in firewall, but because the default setting is off, the majority of users -- including the PDC delegates -- remain unprotected. To get round the problem Microsoft claims that when Service Pack 2 for XP is installed, the firewall will automatically default to on. But while this will improve security for some users, it could leave others frustrated and confused. If the firewall is automatically on, large numbers of users, especially in enterprise environments, may complain they have to spend time and money switching the feature off as it interferes with internal applications. On the other hand, consumers will undoubtedly prefer the firewall to protect them from the Internet without any tinkering.
Microsoft is facing a similar dilemma as it decides whether to embed AV software in Windows, or offer it as a stand-alone product. For corporate users that deploy AV clients on every desktop, the inclusion of an embedded application could cause problems. James Governor, principal analyst at RedMonk told ZDNet UK that Microsoft needs to be careful in how it implements the technology. "Different antivirus software doesn't tend to play well together in one system and given Microsoft's history of bundling, it would certainly make sense for them to be careful how they implement any strategy in this area," he says.
Larry Bridwell, content security manager at ICSA Labs, an independent research division of security specialists TruSecure, says generally, antivirus programs conflict with each other, unless they have been configured correctly: "Do not have both of them operating in what we would call 'on-access mode' at the same time," he explains, referring to the mode where AV software actively scans for infection instead of waiting for files to be opened.
As antivirus products are designed to detect malicious code they have to be invasive and get close to the kernel, says Bridwell. They also look inside file reads and writes which other programs would not do. "They have to look at certain bits within the stream to see if macros and certain types of activities are involved. When they do that, an antivirus program might step on another program because it feels it needs higher priority," he says.
RedMonk's Governor agrees that antivirus applications argue over system resources. "You can guarantee that some organisations will have that problem because applications argue for each other's resources in a Windows environment." But, he thinks that Microsoft will avoid the problem altogether by not taking on the antivirus companies directly, but instead use its newly acquired technology to change the playing field. "Microsoft is looking to change the game a little -- it is looking at 'behaviour blocking technology', which is where the system is prevented from executing certain operations."
1%
1%
This would be a good idea if Microosoft got with one of the large Antivirus companies say Symantec or Trend Micro.
They could put together a very good antivirus software in Windows.