Part II: Could integrating antivirus software into Windows be the key to solving Microsoft's security woes or could the technology create more problems than it solves.
ICSA Labs' Bridwell is also convinced Microsoft will not challenge AV vendors directly, even though the company has purchased the technology and hired personnel to build antivirus products: "We have been told there are no plans to bundle this and make it part of the operating system or the office products. Instead of turning over the same product they purchased, Microsoft is going to redesign the antivirus program from the ground up and build a new product or service, but they have not been clear which one of these it is going to be," he claims.
But according to Governor, although Microsoft doesn't want to get into the same business model as the antivirus vendors, it has to protect its own interests. "When John Connors, Microsoft's chief financial officer, says that some companies have delayed their purchase of Microsoft software partly because of security fears, it is not a problem you can leave to someone else. Microsoft needs to prevent, or at least think about, the damaging behaviour of viruses."
Governor also believes despite boosting the profits of some companies, the AV community has actually been damaged by the recent spate of malicious attacks: "The antivirus community is not immune from spreading FUD [fear, uncertainty and doubt], and these organisations have hardly covered themselves in glory. We have an ongoing virus problem and yet these companies call themselves antivirus software vendors," he says.
So if Microsoft does not produce antivirus software to challenge the current offerings, how will it use the technology it has acquired from GeCAD? Both Governor and Bridwell are convinced that Microsoft will make the best use of GeCAD's technology when it launches the next major version of Windows, code named Longhorn.
Although there is no public timetable for Longhorn's launch, the operating system is not expected for at least three years, by which time the Trustworthy Computing Initiative should be well established. In the seven years between Microsoft launching Windows 95 and Windows XP, there has been an improvement in reliability, stability and usability -- the jump to Longhorn should hopefully be just as significant in terms of security. All programs -- such as file system drivers, utilities, antivirus and firewall products -- from Microsoft and its partners will have to be designed to stringent new standards that will ensure they do not step on one another while they are running, says ICSA Bridwell.
Microsoft will also make the settings and configurations in Longhorn programmable, which should ensure that applications behave in the manner set by the user or security manager, not in the way an attacker would like them to, explains Governor. "It is often the configurations that allow a particular behaviour to take place. Currently, you tend to have to go out and set the settings at each machine. Microsoft is opening its APIs to change those settings," he says.
But he warns that by opening certain APIs, the company could be inviting virus writers to "really have some fun". "As is often the case with Microsoft, they will give with one hand and possibly take with the other. But providing that is done in a sensible fashion, it will help with behaviour blocking."
Governor adds that if Microsoft does embed an antivirus package into its OS, it should include a reliable uninstall utility: "Providing an easy way to uninstall and install the software would be very, very good start -- including an off button has not always been Microsoft's speciality, but in this case it might not be such a bad idea," he claims.
So although there isn't going to be a magical cure for virus attacks, the future is looking slightly brighter. Windows users will have to continue taking sensible precautions in order to keep their systems virus-free, at least for the next few years. Microsoft could include an AV scanner into the next Service Pack for Windows XP, but the company seems intent instead on tearing GeCAD's code apart and fusing it with Windows.
We can only hope that a combination of the Trustworthy Computing Initiative, the increased functionality of Windows and more openness from Microsoft will mean that come the Professional Developers Conference in 2007, Microsoft's communications director will not have to run around telling delegates to get off the network because "we've got that blasted Blaster going around".
6%
1%
This would be a good idea if Microosoft got with one of the large Antivirus companies say Symantec or Trend Micro.
They could put together a very good antivirus software in Windows.