Wednesday, November 14, 2007

We're still struggling with security, admits Microsoft

Microsoft is still experiencing pain as it struggles to bring its own security products and service up to speed.

Microsoft released Windows Live OneCare for consumers in May 2006 and its Forefront Client Security for enterprises earlier this year. Both products entered a saturated security market populated by experienced security-specialist companies such as Symantec, McAfee and Trend Micro.

When Microsoft began investing in the security field around 2003, the company didn't have "the ability to speak AV," said Vinny Gullotto, general manager of the company's Malware Protection Centre. Now, that ability is much more developed, said Gullotto, who spoke early this week on the sidelines of IT Forum in Barcelona, the company's largest customer event in Europe.

At least initially, Windows Live OneCare didn't fare well in malware detection tests, but Microsoft is improving its performance, Gullotto said.

Between September 2006 and September this year, Microsoft has improved its malware detection rate by about 20 points, Gullotto said. Now, Microsoft's detection rate is usually between 91 percent to 95 percent, depending on the testing plan, he said.

At least as recently as May, Microsoft's OneCare and Forefront products, which share the same set of malware detection signatures, only had a 76 percent detection rate, according to AV-Test, a German anti-virus testing organisation that often performs tests on commission for technology magazines.

One way to improve detection rates is to increase the number of signatures, Gullotto said. Many testing organisations test anti-virus software against a batch of malicious software samples and rank those products according to how well the samples are flagged.

But generating more signatures demands more analysts and research capacity. Microsoft is investing heavily in both of those areas, although Gullotto declined to say how much.

Microsoft used to only have one malware research lab, based in Washington . This year, Microsoft has opened new labs in Tokyo, Dublin and Melbourne to allow it to respond to customers 24 hours a day worldwide.

Last year, it took Microsoft three days to respond to a query from one of its customers regarding security, Gullotto said. Now, that response time is down to between six to eight hours, but Gullotto said they'd like it to be around a maximum of six hours.

To meet that goal, Microsoft is hiring experts for all three new labs, Gullotto said, but "I'm not satisfied with it. We want to hire more experienced people." Over the last few years, Microsoft has had success in recruiting experienced security analysts from companies such as F-Secure, Trend Micro and McAfee.

The growth in the number of malicious software samples circulating on the Internet is "just immense at this particular point in time," Gullotto said. Microsoft is also trying to build more tools that can automatically analyse malware, he said.

In another improvement, Microsoft plans to update spyware signatures in its OneCare, ForeFront and Defender products once a day rather than twice a week as is done now, Gullotto said. Spyware is the term for an unwanted program that records and transmits information about a person's PC, often without the user's consent or knowledge.

courtesy @TechWorld.com


No comments: