Feeds

Mystery of MS's missing AV software

Wherefore art thou, GeCAD?

  • alert
  • submit to reddit

SANS - Survey on application security programs

Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.

At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.

Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.

That covers "extending support for third-party antivirus vendors" but it doesn't cover the "platform improvements" Microsoft promised. Since the purchase of GeCAD we've had Blaster, MyDoom, NetSky and now Sasser so Microsoft is not exactly short of reasons to push on with improvements. So why the apparent lack of progress?

Road to nowhere

In the absence of any clear answer from Microsoft, the AV industry has ideas of its own. Microsoft has implemented a basic personal firewall into Windows with a minimum of trouble but doing the same for a basic AV product is far trickier.

Denis Zenkin, Head of Corporate Communications at Kaspersky Labs, explained that you can't have two anti-virus products scanning the same files. "AV software operates at a low level and seeks to control the machine it is loaded on," he said. Unless Microsoft comes with a straightforward way to uninstall any AV product built into Windows when an third party product is installed then anti-virus vendors could cry foul. The situation might even lead to accusations of anti-competitive behaviour. Alternatively AV vendors could introduce technology to boot Microsoft's putative AV product off a machine, effectively hacking Windows. Messy.

Microsoft has repeatedly said it wants to work with partners with the AV industry rather than compete with them in the security market. We've no reason to doubt them on this point. So how does it provide baseline protection against viruses without putting the nose of AV suppliers out of joint?

Creating an open API to allow multiple AV products on the same PC is possible but the interface could become a target for hackers itself, according to Zenkin.

Microsoft is stuck between a rock and a hard place and it’s going to take some careful navigation to put its AV plans back on track. Alternatively Microsoft might decide the GeCAD acquisition (which probably didn't cost it a great deal) is a useful research project and push off in another direction. We know Microsoft's researchers are working on behaviour blocking (active protection) technology but don't expect anything for at least two years from this.

In the meantime, Web users are left practicing the 21st century equivalent of duck and cover: patch your systems, hide behind a firewall and trust in third party AV to protect against Windows malware and hacker attacks.

Now where the hell did I put my tin-foil hat? ®

Related stories

Sasser worm creates havoc
Sasser creates European pandemonium
Security is our biggest ever challenge Gates
MS bigs up Windows XP SP2
Gates parades Windows security advances
Blaster clean-up tool was stellar success MS
On MS, AV and Addictive Updates
Microsoft enters AV market

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.