by Trevor Zion Bauknight

When it comes to virii, spyware and their cousins, Microsoft is in a very strange position. The software giant is in control of some 90% of the world's personal computer desktops; and so the Windows OS, with its porous security model, is fertile ground for some of the most insidious marketing practices known to man. By the same token, it is in the single-best position to ensure the distribution of the tools needed to attack the problem after the fact. To that end, Microsoft has followed its longstanding business model: it purchased a solution. Unfortunately, the solution is designed to kill the mosquitoes without drying the mud.

Today, for example, Microsoft announced the purchase of Sybari Software, makers of Antigen antivirus and anti-spam/content filtering software for Microsoft's Enterprise-level server components. This follows Microsoft's purchase, in June of 2003, of Romania's GeCAD Software, makers of traditional desktop antivirus software. The first tangible evidence of Microsoft's AV strategy arrived last month when the company finally released its Malicious Software Removal Tool. The move was seen as a baseline effort to combat virus propagation because of the program's reliance on virus signatures for recognizing them. AV heavies like Symantec and Network Associates claimed that they aren't worried because their software works better, relying more heavily on heuristic analysis of processes' behavior - noticing when a program is trying to send 100,000 e-mail messages, for example.

Also last month, Microsoft released the first public-beta version of the rebranded anti-spyware utility the company bought from GIANT Software late last year. These releases have been greeted with a round of cheers and jeers by people fed up with having their personal computers hijacked and have been looked at with fear by competing makers of these kinds of software who just saw their markets disappear into the same black hole that swallowed Netscape ten years ago.

It isn't at all clear whether Microsoft intends its solutions as a way to capture the market currently dominated by commercial packages like NAV, VirusScan and SpySweeper or simply as a stop-gap measure for its customers who have yet to come face-to-face with the reality that they should have invested in good antivirus and anti-spyware software. Therein lies recognition of the problem: Microsoft's customers have previously had to purchase add-on software or download unsupported free software to provide basic protection for their Internet-connected computers, which I've seen become deathly-ill when left unprotected for disturbingly brief periods of time. These moves can only help the current state of affairs; but the problem remains that Microsoft's shipping OS, e-mail and browser products arrive unsecured and the average user is scarcely aware of the dangers, let alone of the solutions.

It's easy to be cynical (and I think the cynics are among the most under-appreciated of the great philosophers) and think that Microsoft is hopping on the anti-malware bandwagon in order to realize a trainload of filthy lucre from a problem it helped create by being slow to address security shortcomings in its OS and especially in Internet Explorer. Microsoft does seem to be moving to a subscription model for its software, as it has done with some of its Enterprise offerings; and there is palpable fear around 'Net that Microsoft will use these deep-scanning technologies to achieve other ends, such as disabling or reporting pirated copies of Windows or Office, or even reporting competing products as potentially dangerous.

Microsoft, of course, is well within its rights to do the former, whether that would be economically wise or not; but more disturbing is that there are reports the latter has already occurred. The Register, an online IT tabloid based in the U.K., reported that MS' anti-spyware program wrongly identifies BitDefender's (perhaps coincidentally, also a Romanian AV-software company) antivirus software as Brilliant Digital, a known menace. It also detects tools like VNC (remote desktop software) and FTP servers that legitimate users may want on their systems as potentially harmful; though it does identify them as low-risk and the default action was Ignore, which is what most people who have these loaded will want to do.

To be fair, at this point Microsoft has done little more in combating spyware than purchase and slap its logo across GIANT's anti-spyware package, arguably the best such package out there; so whatever behavior it has now was most likely inherited from GIANT. That MS purchased Sybari and GIANT bodes well for its interest in getting it right technically, and from the looks of the beta version of MS Anti-Spyware, it seems to have done so.

The program installs (and uninstalls!) cleanly, and, incredibly, the first thing it identified as potentially problematic on our test system was Microsoft's own Messenger Service, widely targeted for spam. In addition, MSAS was able to detect and remove spyware that the two most popular free anti-spyware tools (AdAware and Spybot S&D) were unable to remove. In fact, I downloaded a trial version of the GIANT software months ago in order to successfully remove a stubborn piece of malware from my Mom's machine, so I know Microsoft is at least starting out with worthwhile technology.

The fact that it chose to purchase commercially-available technology might mean it doesn't think protection from malware should cost you money, or it may mean that it doesn't think you'll mind paying. Nobody knows at this point, and Microsoft isn't saying. What Microsoft does seem to be saying is that it recognizes the problem with malware in its various forms. The very real concern is that Microsoft, even by giving away these tools, is removing its incentive for fixing its broken OS, e-mail programs and Web browser.

With Windows XP SP2, Microsoft took some positive steps toward doing so, implementing a Security Center, which encourages you to keep your software up-to-date automatically, encourages you to run some sort of antivirus software, encourages you to turn on your firewall, etc. We recognize, however, that educating yourself is the key to preventing your system from getting hijacked, and no amount of protective software will keep your system secure if you insist on circumventing your anti-malware measures by installing malware by hand. A good percentage of it still gets loaded initially by the end-user blithely installing carrier programs like Kazaa and GAIM.

At Cafe ID, we use Microsoft products just as most other offices in America do, and we've been successful in keeping our machines free of malware. On our office desktops, we browse the Web with Firefox and read our e-mail with Thunderbird, we've turned on Windows Automatic Update and our antivirus and anti-spyware programs are fully functional and updated with the latest definitions. Of course, having everything behind a locked-down Linux firewall and hosting our websites on Linux helps us sleep better at night, just the same. We continue to encourage our customers, as well as the larger online community, to be proactive in helping to take back the 'Net from the malicious marketers, script kiddies and similar assorted vermin who are working just as hard to make our lives miserable online. We hope Microsoft will make these tools freely available, at least until it dries the mud.

[all trademarks are properties of their respective owners]

About the Author

Trevor Zion Bauknight is a web designer and writer with over 15 years of experience on the Internet. He works with Cafe ID and specializes in the creation and maintenance of business and personal Online Identity and can be reached at trevor@cafeid.com.