Mystery of MS's missing AV software

Wherefore art thou, GeCAD?

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.

At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.

Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.

That covers "extending support for third-party antivirus vendors" but it doesn't cover the "platform improvements" Microsoft promised. Since the purchase of GeCAD we've had Blaster, MyDoom, NetSky and now Sasser so Microsoft is not exactly short of reasons to push on with improvements. So why the apparent lack of progress?

Road to nowhere

In the absence of any clear answer from Microsoft, the AV industry has ideas of its own. Microsoft has implemented a basic personal firewall into Windows with a minimum of trouble but doing the same for a basic AV product is far trickier.

Denis Zenkin, Head of Corporate Communications at Kaspersky Labs, explained that you can't have two anti-virus products scanning the same files. "AV software operates at a low level and seeks to control the machine it is loaded on," he said. Unless Microsoft comes with a straightforward way to uninstall any AV product built into Windows when an third party product is installed then anti-virus vendors could cry foul. The situation might even lead to accusations of anti-competitive behaviour. Alternatively AV vendors could introduce technology to boot Microsoft's putative AV product off a machine, effectively hacking Windows. Messy.

Microsoft has repeatedly said it wants to work with partners with the AV industry rather than compete with them in the security market. We've no reason to doubt them on this point. So how does it provide baseline protection against viruses without putting the nose of AV suppliers out of joint?

Creating an open API to allow multiple AV products on the same PC is possible but the interface could become a target for hackers itself, according to Zenkin.

Microsoft is stuck between a rock and a hard place and it’s going to take some careful navigation to put its AV plans back on track. Alternatively Microsoft might decide the GeCAD acquisition (which probably didn't cost it a great deal) is a useful research project and push off in another direction. We know Microsoft's researchers are working on behaviour blocking (active protection) technology but don't expect anything for at least two years from this.

In the meantime, Web users are left practicing the 21st century equivalent of duck and cover: patch your systems, hide behind a firewall and trust in third party AV to protect against Windows malware and hacker attacks.

Now where the hell did I put my tin-foil hat? ®

Related stories

Sasser worm creates havoc
Sasser creates European pandemonium
Security is our biggest ever challenge Gates
MS bigs up Windows XP SP2
Gates parades Windows security advances
Blaster clean-up tool was stellar success MS
On MS, AV and Addictive Updates
Microsoft enters AV market

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.