Mystery of MS's missing AV software

Wherefore art thou, GeCAD?

  • alert
  • submit to reddit

Seven Steps to Software Security

Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.

At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.

Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.

That covers "extending support for third-party antivirus vendors" but it doesn't cover the "platform improvements" Microsoft promised. Since the purchase of GeCAD we've had Blaster, MyDoom, NetSky and now Sasser so Microsoft is not exactly short of reasons to push on with improvements. So why the apparent lack of progress?

Road to nowhere

In the absence of any clear answer from Microsoft, the AV industry has ideas of its own. Microsoft has implemented a basic personal firewall into Windows with a minimum of trouble but doing the same for a basic AV product is far trickier.

Denis Zenkin, Head of Corporate Communications at Kaspersky Labs, explained that you can't have two anti-virus products scanning the same files. "AV software operates at a low level and seeks to control the machine it is loaded on," he said. Unless Microsoft comes with a straightforward way to uninstall any AV product built into Windows when an third party product is installed then anti-virus vendors could cry foul. The situation might even lead to accusations of anti-competitive behaviour. Alternatively AV vendors could introduce technology to boot Microsoft's putative AV product off a machine, effectively hacking Windows. Messy.

Microsoft has repeatedly said it wants to work with partners with the AV industry rather than compete with them in the security market. We've no reason to doubt them on this point. So how does it provide baseline protection against viruses without putting the nose of AV suppliers out of joint?

Creating an open API to allow multiple AV products on the same PC is possible but the interface could become a target for hackers itself, according to Zenkin.

Microsoft is stuck between a rock and a hard place and it’s going to take some careful navigation to put its AV plans back on track. Alternatively Microsoft might decide the GeCAD acquisition (which probably didn't cost it a great deal) is a useful research project and push off in another direction. We know Microsoft's researchers are working on behaviour blocking (active protection) technology but don't expect anything for at least two years from this.

In the meantime, Web users are left practicing the 21st century equivalent of duck and cover: patch your systems, hide behind a firewall and trust in third party AV to protect against Windows malware and hacker attacks.

Now where the hell did I put my tin-foil hat? ®

Related stories

Sasser worm creates havoc
Sasser creates European pandemonium
Security is our biggest ever challenge Gates
MS bigs up Windows XP SP2
Gates parades Windows security advances
Blaster clean-up tool was stellar success MS
On MS, AV and Addictive Updates
Microsoft enters AV market

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.