Feeds

Mystery of MS's missing AV software

Wherefore art thou, GeCAD?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.

At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.

Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.

That covers "extending support for third-party antivirus vendors" but it doesn't cover the "platform improvements" Microsoft promised. Since the purchase of GeCAD we've had Blaster, MyDoom, NetSky and now Sasser so Microsoft is not exactly short of reasons to push on with improvements. So why the apparent lack of progress?

Road to nowhere

In the absence of any clear answer from Microsoft, the AV industry has ideas of its own. Microsoft has implemented a basic personal firewall into Windows with a minimum of trouble but doing the same for a basic AV product is far trickier.

Denis Zenkin, Head of Corporate Communications at Kaspersky Labs, explained that you can't have two anti-virus products scanning the same files. "AV software operates at a low level and seeks to control the machine it is loaded on," he said. Unless Microsoft comes with a straightforward way to uninstall any AV product built into Windows when an third party product is installed then anti-virus vendors could cry foul. The situation might even lead to accusations of anti-competitive behaviour. Alternatively AV vendors could introduce technology to boot Microsoft's putative AV product off a machine, effectively hacking Windows. Messy.

Microsoft has repeatedly said it wants to work with partners with the AV industry rather than compete with them in the security market. We've no reason to doubt them on this point. So how does it provide baseline protection against viruses without putting the nose of AV suppliers out of joint?

Creating an open API to allow multiple AV products on the same PC is possible but the interface could become a target for hackers itself, according to Zenkin.

Microsoft is stuck between a rock and a hard place and it’s going to take some careful navigation to put its AV plans back on track. Alternatively Microsoft might decide the GeCAD acquisition (which probably didn't cost it a great deal) is a useful research project and push off in another direction. We know Microsoft's researchers are working on behaviour blocking (active protection) technology but don't expect anything for at least two years from this.

In the meantime, Web users are left practicing the 21st century equivalent of duck and cover: patch your systems, hide behind a firewall and trust in third party AV to protect against Windows malware and hacker attacks.

Now where the hell did I put my tin-foil hat? ®

Related stories

Sasser worm creates havoc
Sasser creates European pandemonium
Security is our biggest ever challenge Gates
MS bigs up Windows XP SP2
Gates parades Windows security advances
Blaster clean-up tool was stellar success MS
On MS, AV and Addictive Updates
Microsoft enters AV market

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.