Microsoft not happy with AV software performance

Microsoft is still experiencing growing pains as it brings its consumer and enterprise security products and service up to speed.

Microsoft released Windows Live OneCare for consumers in May 2006 and its Forefront Client Security for enterprises earlier this year. Both products entered a saturated security market populated by experienced security-specialist companies such as Symantec, McAfee, and Trend Micro.

When Microsoft began investing in the security field around 2003, the company didn't have "the ability to speak AV," said Vinny Gullotto, general manager of the company's Malware Protection Center. Now, that ability is much more developed, said Gullotto, who spoke Monday on the sidelines of IT Forum, the company's largest customer event in Europe.

At least initially, Windows Live OneCare didn't fare well in malware detection tests, but Microsoft is improving its performance, Gullotto said.

Between September 2006 and September this year, Microsoft has bettered its malware detection rate by about 20 points, Gullotto said. Now, Microsoft's detection rate is usually between 91 to 95 percent, depending on the testing plan, he said.

At least as recently as May, Microsoft's OneCare and Forefront products, which share the same set of malware detection signatures, only had a 76 percent detection rate, according to AV-Test.org, a German anti-virus testing organization that often performs tests on commission for technology magazines.

One way to improve detection rates is to increase the number of signatures, Gullotto said. Many testing organizations test anti-virus software against a batch of malicious software samples and rank those products according to how well the samples are flagged.

But generating more signatures demands more analysts and research capacity. Microsoft is investing heavily in both of those areas, although Gullotto declined to say how much.

Microsoft used to only have one malware research lab, based in Redmond, Wash. This year, Microsoft has opened new labs in Tokyo, Dublin, and Melbourne to allow it to respond to customers 24 hours a day worldwide.

Last year, it took Microsoft three days to respond to a query from one of its customers regarding security, Gullotto said. Now, that response time is down to between six to eight hours, but Gullotto said they'd like it to be around a maximum of six hours.

To meet that goal, Microsoft is hiring experts for all three new labs, Gullotto said, but "I'm not satisfied with it. We want to hire more experienced people." Over the last few years, Microsoft has had success in snagging experienced security analysts from companies such as F-Secure, Trend Micro, and McAfee.

The growth in the number of malicious software samples circulating on the Internet is "just immense at this particular point in time," Gullotto said. Microsoft is also trying to build more tools that can automatically analyze malware, he said.

In another improvement, Microsoft plans to update spyware signatures in its OneCare, Forefront, and Defender products once a day rather than twice a week as is done now, Gullotto said. "Spyware" is the term for an unwanted program that records and transmits information about a person's PC, often without the user's consent or knowledge.