Antivirus, Anti-Spyware Strategy Moves Forward for Microsoft

by Alex Woodie

Windows users who want to rely on Microsoft for basic PC security will be able to participate in a beta program this summer for Windows OneCare, the new antivirus and anti-spyware service announced last month. People hesitant to trust the software giant for such protection may breathe easier knowing Microsoft plans to keep newly acquired security software vendor Sybari Software a separate subsidiary. Meanwhile, a new Yankee Group study says we should not take for granted the security of security tools themselves.

Yesterday, Microsoft announced the acquisition completion of Sybari, a Long Island, New York, company that has been developing security software since 1995. Terms for the acquisition, which was unveiled in February, remain undisclosed.

There were no earth-shattering revelations with this week's completion of the acquisition. Microsoft will begin selling Sybari's line of antivirus and anti-spam products, which install on e-mail, collaboration, and portal servers, and continue to support them. Sybari will maintain its headquarters and keep its sales channel intact "for the immediate future," Microsoft says. No changes are being made to Sybari's licensing models, reflecting the confidence Microsoft has in the company's business model. Sybari has also withdrawn its registration for an initial public offering of stock on the NASDAQ National Market, which it made last May.

Not surprisingly, Microsoft will discontinue new sales of Sybari's products for the Unix (Solaris and AIX) and Linux operating systems. It will, however, continue to sell and support Sybari software running on IBM's Lotus Notes platform; the Notes installed base is predominantly Windows-based.

Microsoft's lineup of Sybari products includes Antigen for Microsoft Exchange, Antigen for Microsoft SharePoint Portal Server and Windows SharePoint Services, Antigen for Instant Messaging, Antigen for SMTP Gateways, Sybari Enterprise Manager, Advanced Spam Manager, Advanced Spam Defense, and Antigen for Domino on Windows NT.

Antigen's capability to use up to eight scan engines, including those developed by Sybari and third-party engines, such as Vbuster, Sophos, Kapersky Lab, and others, separates it from competing antivirus products, says Gregory Tetrault, Sybari's chief technology officer. "The key element of our technology is the ability to employ each scan engine for specific jobs where it can be most effective and efficient. For example, certain scan engines are better equipped to handle specific types of attachments such as Word documents, ZIP files, or HTML files," Tetrault says in a Microsoft PressPass Q&A.

Meanwhile, Microsoft is gearing up for a beta test this summer of Windows OneCare, a new PC security service that Microsoft announced about a month ago. Windows OneCare will provide antivirus and anti-spyware protection, a firewall, preventive maintenance to clean up PC "clutter," and backup and restore functionality. Windows OneCare will automatically update the antivirus and spam-checking engines over the Internet, activate full-system virus scans, and run tune-ups once a month, users won't have to worry about performing this drudgery themselves.

As opposed to the Sybari line of products, which install on servers and are targeted at businesses and other organizations, Windows OneCare is for people "who don't have the time or technical expertise necessary to secure and manage a computer on a daily basis," Microsoft says. So far, the only people who have had access to Windows OneCare, for test purposes, are Microsoft employees. (We hope they have the technical expertise to manage and secure their computers, at least on a weekly basis.)

The potential pool of testers will expand in the next several weeks, when the first public beta of Windows OneCare becomes available, according to the Windows OneCare beta Web site at beta.windowsonecare.com. If you believe you have what it takes to be a Windows OneCare beta tester (or, more precisely, if you lack the advanced computer skills it takes to secure your PC these days, or the time or inclination to learn them), you can sign up for the Windows OneCare beta after clicking with your mouse pointer here.

People and organizations looking to Microsoft for all their security software needs should pay attention to a new report issued by the Yankee Group this week, which shows the number of security holes in security products is increasing at a significant rate.

Over the last 15 months, Yankee found, 77 vulnerabilities have been discovered in a range of antivirus, firewall, and other security products, including those from Symantec, F-Secure, and CheckPoint Software Technologies. If 2005 trends continue, the number of vulnerabilities for security products will be 50 percent higher than 2004 levels, the group found.

In fact, the vulnerabilities are showing up at such a high rate that the unthinkable has happened: The relative number of vulnerabilities in security products is outpacing vulnerabilities found in Microsoft products, Yankee says.

Andrew Jaquith, a senior analyst in the security solutions and services branch of Yankee, says security researchers these days are less interested in poking holes in desktop operating systems. "A more fascinating and profitable area exists in finding vulnerabilities in the products meant to defend against the attacks themselves," Jaquith says. Yankee says security software vendors should protect their customers by performing comprehensive penetration testing before release, and by reviewing the entire code base for potentially dangerous functions. End users, in turn, should start demanding proof that these steps have been taken, the group says.

While Microsoft's security record is nowhere close to being perfect, it has taken some solid steps since it began its security crusade about two years ago, culminating in the release of Windows XP Service Pack 2 last summer and Windows Server 2003 SP1 this spring. And now that Windows is ceding the top slot on the list of hackers' most targeted systems--or at least sharing it with security tool-makers--one would hope Microsoft translates that focus into keeping its new security offerings vulnerability-free.