Mystery of MS's missing AV software
Wherefore art thou, GeCAD?
Microsoft's plans to improve the security of Windows through the purchase of an anti-virus company almost a year ago appear to be stuck in limbo. The software giant entered the AV market with the surprise acquisition of little known Romanian AV firm GeCAD Software for an undisclosed sum in June last year.
At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. "The knowledge and experience acquired from GeCAD will contribute to Microsoft's understanding of how systems are attacked, enabling Microsoft to more effectively focus on platform improvements," it said.
Speaking at the recent Infosecurity Europe show Jonathan Perera, Senior Director at Microsoft's Security Business and Technology Unit, said the company is not ready to announce a product strategy for GeCAD almost a year after the acquisition. GeCAD's technology is been used in programming interfaces to make it easier to plug anti-virus software into Windows, he said.
That covers "extending support for third-party antivirus vendors" but it doesn't cover the "platform improvements" Microsoft promised. Since the purchase of GeCAD we've had Blaster, MyDoom, NetSky and now Sasser so Microsoft is not exactly short of reasons to push on with improvements. So why the apparent lack of progress?
Road to nowhere
In the absence of any clear answer from Microsoft, the AV industry has ideas of its own. Microsoft has implemented a basic personal firewall into Windows with a minimum of trouble but doing the same for a basic AV product is far trickier.
Denis Zenkin, Head of Corporate Communications at Kaspersky Labs, explained that you can't have two anti-virus products scanning the same files. "AV software operates at a low level and seeks to control the machine it is loaded on," he said. Unless Microsoft comes with a straightforward way to uninstall any AV product built into Windows when an third party product is installed then anti-virus vendors could cry foul. The situation might even lead to accusations of anti-competitive behaviour. Alternatively AV vendors could introduce technology to boot Microsoft's putative AV product off a machine, effectively hacking Windows. Messy.
Microsoft has repeatedly said it wants to work with partners with the AV industry rather than compete with them in the security market. We've no reason to doubt them on this point. So how does it provide baseline protection against viruses without putting the nose of AV suppliers out of joint?
Creating an open API to allow multiple AV products on the same PC is possible but the interface could become a target for hackers itself, according to Zenkin.
Microsoft is stuck between a rock and a hard place and it’s going to take some careful navigation to put its AV plans back on track. Alternatively Microsoft might decide the GeCAD acquisition (which probably didn't cost it a great deal) is a useful research project and push off in another direction. We know Microsoft's researchers are working on behaviour blocking (active protection) technology but don't expect anything for at least two years from this.
In the meantime, Web users are left practicing the 21st century equivalent of duck and cover: patch your systems, hide behind a firewall and trust in third party AV to protect against Windows malware and hacker attacks.
Now where the hell did I put my tin-foil hat? ®
Sasser worm creates havoc
Sasser creates European pandemonium
Security is our biggest ever challenge Gates
MS bigs up Windows XP SP2
Gates parades Windows security advances
Blaster clean-up tool was stellar success MS
On MS, AV and Addictive Updates
Microsoft enters AV market
Sponsored: Becoming a Pragmatic Security Leader