IT FORUM: Microsoft not happy with AV software performance

Microsoft is still experiencing growing pains as it
brings its consumer and enterprise security products and service up to speed.

Microsoft released Windows Live OneCare for consumers in May 2006 and its Forefront
Client Security for enterprises earlier this year. Both products entered a saturated
security market populated by experienced security-specialist companies such
as Symantec, McAfee and Trend Micro.

When Microsoft began investing in the security field around 2003, the company
didn't have "the ability to speak AV," said Vinny Gullotto, general
manager of the company's Malware Protection Center. Now, that ability is much
more developed, said Gullotto, who spoke Monday on the sidelines of IT Forum,
the company's largest customer event in Europe.

At least initially, Windows Live OneCare didn't fare well in malware detection
tests, but Microsoft is improving its performance, Gullotto said.

Between September 2006 and September this year, Microsoft has bettered its
malware detection rate by about 20 points, Gullotto said. Now, Microsoft's detection
rate is usually between 91 percent to 95 percent, depending on the testing plan,
he said.

At least as recently as May, Microsoft's OneCare and Forefront products, which
share the same set of malware detection signatures, only had a 76 percent detection
rate, according to AV-Test.org, a German antivirus testing organization that
often performs tests on commission for technology magazines.

One way to improve detection rates is to increase the number of signatures,
Gullotto said. Many testing organizations test antivirus software against a
batch of malicious software samples and rank those products according to how
well the samples are flagged.

But generating more signatures demands more analysts and research capacity.
Microsoft is investing heavily in both of those areas, although Gullotto declined
to say how much.

Microsoft used to only have one malware research lab, based in Redmond, Washington.
This year, Microsoft has opened new labs in Tokyo, Dublin and Melbourne to allow
it to respond to customers 24 hours a day worldwide.

Last year, it took Microsoft three days to respond to a query from one of its
customers regarding security, Gullotto said. Now, that response time is down
to between six to eight hours, but Gullotto said they'd like it to be around
a maximum of six hours.

To meet that goal, Microsoft is hiring experts for all three new labs, Gullotto
said, but "I'm not satisfied with it. We want to hire more experienced
people." Over the last few years, Microsoft has had success in snagging
experienced security analysts from companies such as F-Secure, Trend Micro and
McAfee.

The growth in the number of malicious software samples circulating on the Internet
is "just immense at this particular point in time," Gullotto said.
Microsoft is also trying to build more tools that can automatically analyze
malware, he said.

In another improvement, Microsoft plans to update spyware signatures in its
OneCare, ForeFront and Defender products once a day rather than twice a week
as is done now, Gullotto said. Spyware is the term for an unwanted program that
records and transmits information about a person's PC, often without the user's
consent or knowledge.

IDG News Service

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine