Microsoft Adds Security Muscle

Computer giant adding security response and research operations around the world


Microsoft may be a desktop software powerhouse, when it comes to security tools it is still bulking up.

The Redmond, Wash., software giant announced this week that it is setting up security response and research operations in Ireland and Japan and launched a preview of a new online Malware Protection Center. The efforts are meant to make Microsoft, a security industry newcomer, more competitive.

"This is significant. It is part of the globalization of our research and response effort," Mark Miller, director of communications for security response at Microsoft, said on Wednesday.

Microsoft is taking on incumbents such as Symantec, McAfee and Trend Micro, the world's top-three antivirus companies, to conquer part of the multibillion dollar security market. Industry watchers say Microsoft has done an impressive job building its security organization, though the scaffolding has yet to come off.

"Microsoft is entering a very competitive market and one that is new to them," said Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. "It will take several more months until Microsoft's products can be directly compared with those offered by Symantec, McAfee and Trend Micro."

Others think it will take much longer.

"It will take some years, perhaps five, for Microsoft to be up to par," said Andreas Clementi of AV Comparatives, an organization that tests antivirus products. "Microsoft's detection rates are still low compared to other products. OneCare today is more of a system utility." Clementi was referring to OneCare's backup and disk clean-up features.

Together with a team in Redmond, Wash., Microsoft's new Europe and Asia research locations will offer round-the-clock coverage of security incidents. Microsoft started selling its Windows Live OneCare consumer antivirus product almost a year ago. Its Forefront Client Security software for businesses is set to ship in the coming weeks.

The security research and response team at Microsoft, as at traditional antivirus providers, investigates and responds to threats. A primary response is developing the "fingerprints" of known threats, called signatures. These are then sent to customers so their machines can be protected against those risks.

Turning irritation into opportunity

Security used to be just something that Microsoft got hammered on, but five years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft now sees it as a market it had not previously tapped. Yet, the company recognizes that some may balk at what could be seen as Microsoft turning lemons into lemonade.

"Some of our customers view this a little controversially, in a sense that if we could solve these problems at the root, why is there a need for extra products," Microsoft Chief Executive Officer Steve Ballmer said this week. "We do live in a world in which the bad guys are also getting smarter all the time. It is important to be able to lock the core infrastructure and then protect around it in a way that is a bit more dynamic."

Microsoft first gained antivirus expertise in 2003 when it bought GeCad Software. It has continued to acquire companies and snatch people from established players to gain expertise in the area. The most recent hire is Dan Wolff, formerly of McAfee, who will run the research operation in Tokyo.

The Ireland operation in Dublin is being led by Katrin Tocheva, another recent hire who worked at F-Secure. Microsoft previously hired several other McAfee veterans, including Jimmy Kuo, now a Microsoft senior security researcher, and Vincent Gullotto, now general manager of security research and response at Microsoft.

Marx, who regularly tests antivirus software, has recently noticed "dramatic" improvements in the detection capabilities of Microsoft's OneCare. "In the past it could take days or even weeks for the Microsoft team to add detection of a new worm or bot sample. This has been reduced to a couple of hours," he said.

This content continues onto the next page...