Should Microsoft be in the anti-malware business?

New malware-fighting tools raise debate about making profit from holes in your own products

Microsoft has a cadre of anti-malware tools. Most are free, but some current and forthcoming options are commercial. Any marketplace entry by the Redmond-based company becomes an immediate formidable foe lessening competitor profits.

Many analysts are asking if Microsoft, which could be blamed for creating the very insecurities that Windows malware is exploiting, should be able to reap additional profit from closing those same holes? The company's worst critics are worried that key vulnerabilities could be left in Windows longer to benefit additional Microsoft revenue streams.

[Talkback: Is Microsoft's anti-malware business a conflict of interest?]

I think it is a fair question, and I encourage the discussion and debate. I admit to having mixed emotions, but I ultimately support Microsoft’s objectives as long as they compete in the anti-malware marketplace fairly. Here’s why.

First, it might be helpful to review Microsoft’s newest anti-malware tools. They are the Malicious Software Removal Tool (MSRT), Windows Defender, Live OneCare, and Microsoft Forefront Client Security.

MSRT is automatically downloaded and run every month when the normal Patch Tuesday patches are installed. MSRT looks for and removes the most popular critical malware threats; the current version looks for 75 different malware families. It can be downloaded and run on demand by connecting to this site.

Windows Defender is Microsoft’s beta anti-spyware tool, which the company picked up during the Giant Software Company acquisition. It looks for and removes spyware, adware, and other potentially malicious programs and hacking tools. It provides real-time protection, blocking the installation of monitored items into more than 100 different Windows locations. It scans all downloads arriving via Internet Explorer and Outlook, and is able to perform on-demand scans of local media.

Windows Live OneCare is Microsoft’s subscription-based PC protection service for nonenterprise computers. For $49.95 a year, OneCare will cover up to three PCs, giving you anti-virus, anti-spyware, host-based firewall, performance tune-ups, backups, and automated Windows patch management. About the only thing it is missing is e-mail anti-spam protection.

Microsoft Forefront Client Security (formerly known as Microsoft Client Protection) is designed to compete against the established industry players in the UTM (unified threat management) arena, such as McAfee, Symantec, and Trend Micro. Forefront leverages several other Microsoft product technologies (Windows Defender, OneCare, etc.), but can be distributed as a single client agent and managed using Active Directory. Microsoft also purchased and rebranded an Exchange anti-virus product called Antigen (look for the InfoWorld Test Center's review of Antigen in the coming weeks).

Despite all these tools, I’m not sure Microsoft will immediately crush its competition, if it competes fairly. Microsoft doesn’t have a stellar past record of doing well in the anti-malware field. Microsoft entered and left the antivirus market back in the days of MS-DOS 6.0 because they couldn’t be competitive. They have been promising better anti-malware tools for years now, and they still don’t have mature tools on the market. What they have brought out isn’t as good as what the competitors already have.

Windows Defender, for example, only downloads new signatures once a month or prior to on demand or scheduled scans. Other anti-virus programs check at least daily or more often, for much-needed updated signatures. MSRT only checks for the 75 top malware families; the typical anti-virus tool can detect more than 10,000 different families.

Windows Defender also doesn’t look for or remove spyware browser cookies, which number in the hundreds or thousands on most people’s computers. OneCare’s firewall is less secure and is less feature-rich than other free host-based firewalls (such as ZoneAlarm) already on the market.

This is not to say that Microsoft won’t make its tools better. It’s guaranteed that it will. But can Microsoft’s own technologists protect Windows against malware better than the industry leaders and innovators? Past history says it might be a struggle.

Back to the moral question of whether Microsoft should be allowed to compete in the anti-malware marketplace at all. First, if you are a critic, ask yourself if you would have the same objections if it was Apple better protecting OS X, or Sun better protecting Solaris? If you’re honest with yourself, you might find your anti-Microsoft predispositions creeping into your arguments.

What harm is there in allowing Microsoft to offer free or additional adjunct software protection alternatives? As long as Microsoft is not anti-competitive -- pushing its computer defense choices over other vendors' in an illegal way -- additional choices are a good thing. If any of the Microsoft-derived tools prevent a malware program from being installed that might otherwise be missed, then they are a good thing.

Prior to Microsoft’s Windows Firewall, for example, many Windows users did not install a host-based firewall. There are many free choices available, including the excellent and popular ZoneAlarm. But a large percentage of users never installed any host-based firewall, so those systems did not benefit from the additional protection.

When Microsoft released, and later pushed, Windows Firewall, it installed a host-based firewall to many XP Pro users who would have otherwise gone without. It is this segment of the desktop user population that benefits from Microsoft’s additional security defense software products. And when those users are protected, it benefits us all because their systems are less likely to be exploited and used to spread malware and attack our systems. In fact, several vulnerability reporting agencies reported an immediate, significant, decrease in Internet malware in the months following the Windows Firewall push.

Another case in point is the MSRT results. Based upon results gathered from MSRT over 15 months, the Microsoft Anti-malware Team revealed the following statistics in a June 2006 white paper: MSRT was run more than 2.7 billion times on more than 270 million unique computers. It found and removed 16 million malware programs from more than 5.7 million computers (1 in 311 scanned). Approximately 3.5 million computers had a backdoor Trojan and 9 percent of the infected computers had a rootkit.

That’s nearly 6 million computers better off with Microsoft's assistance. That’s 6 million computers that could have availed themselves of other free and commercial resources, but either didn’t or those tools were bolstered by Microsoft’s adjunct tool. That’s 6 million computers that aren’t trying to attack my computer, generate spam, or being controlled in a massive botnet.

If Microsoft’s actions benefit its end-users (without being anticompetitive) and prevent malware, it would appear to be a positive move for customers.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies