Microsoft Expands And Unifies Security Efforts

Microsoft has pulled together its somewhat scattered malware  programs, projects and efforts under one roof to more closely resemble the research centers of Symantec, McAfee and other security vendors.

Microsoft  formally introduced the Malware Protection Center today during a keynote at the RSA Conference Japan 2007 in Tokyo. The division’s general manager Vinny Gullotto announced two new research labs in Japan and Ireland to provide global research and response support to its customers.

“We’ve been in this space for a while and things are evolving,” Mark Griesi, security program manager at the Malware Protection Center told internetnews.com. “When Vinny Gullotto was brought on, his mission was to pull this group together and try to build out Microsoft’s efforts in this area.”

Microsoft also announced the launch of the Malware Protection Center Online Portal, which will be the single point of entry for Microsoft customers to get information on Microsoft’s multiple security products and information on viruses, spyware, and other potentially unwanted software.

The software giant released its second Security Intelligence Report (SIR), which reflects what every other malware report has shown for the last few months; things are getting worse, not better. More vulnerabilities were disclosed in the second half of 2006 than in any single year between 2000 and 2004.

There were more complex vulnerabilities in 2006 than ever and the bad guys are getting better at hiding their malicious cargo. On the plus side, Microsoft’s Malicious Software Removal Tool (MSRT) has been proving effective even though it’s only used once per month.

It runs when people do an update through Windows Update. When checking the computer for needed updates and fixes, MSRT also checks for 12 types of malware, such as Trojans and key loggers.

Microsoft noted that in 2006, there was a consistent drop in computers needing cleaning, meaning that as people ran a monthly update to get the latest fixes on Patch Tuesday, their computers were being cleaned and staying that way.

Microsoft has three separate security products – Windows Defender, MSRT and OneCare – plus a fourth product in the works, Forefront. Griesi said they all serve different functions.

MSRT is used during Windows Update checks while Windows Defender is for catching spyware. Forefront, which is yet to ship, will be a corporate/enterprise product while OneCare is the consumer product.

OneCare, which has been on the market less than a year, scored embarrassingly low in a recent comparison of antivirus products. It was found to have an 82 percent accuracy rate against known viruses, while the top programs had 98-99 percent accuracy. Griesi said Microsoft expects to do much better on future tests.

“When you’re developing products, you learn from [experience] to make the product better. For tests like this, if there’s a lesson to be learned, we learn that lesson and build it into the product for the next test,” he said.

Part of Microsoft’s goal in setting up the lab is to be able to respond to threats in real time, like Symantec Security, McAfee Avert Labs and Kaspersky Lab do. “It is key to be able to respond quickly to threats,” said Grisei. “In the next six months, we would like to see key hires, open additional labs, and continuing to drive up our detection rate. Our goal is to come into this and be on par with others in the industry.”