Mike Nash, VP of Microsoft's security business unit, was tight-lipped regarding specific details as to how GeCAD's antivirus software may be incorporated into Microsoft's software, services, and operating systems. "We wanted to share information about our intent, but as far as how the technology will be packaged, that has not been worked out. I would look at this as adding additional value to our platform," he says.
Traditionally, experts say, Microsoft platforms have been prime targets for virus writers because of their ubiquity. The recent worms and viruses with the greatest impact, from the IloveYou virus in 2000 to Code Red, Nimda, and the SQL Slammer worm, all have targeted Microsoft apps. Analysts have pegged the cost of cleanup and damage caused by these viruses and worms well into the billions.
"We've been talking to our customers, and we've been hearing a lot about the threat of malicious code," Nash says.
This isn't the first security acquisition for Microsoft this year. In January, it quietly acquired Israeli security software start-up Pelican Security, reportedly for $1 million in cash. Pelican developed software which attempts to determine the behavior of applications and then potentially stop malicious activity.
While Nash says antivirus signatures are a trusted and proven way to help customers battle malicious software, customers are becoming increasingly disenchanted with antivirus software which most often requires antivirus companies to issue their signatures after a new virus hits the Internet. And the technology has been falling short against new, so-called blended threat attacks. As viruses and worms strike with ever-increasing speed, more companies are considering intrusion-prevention software as an additional layer to their information security armor.
Nash says Microsoft is developing intrusion-prevention software that it will incorporate into its software. "We have development and activity going on with intrusion-prevention software to improve its overall quality," he says.
At least two antivirus vendors aren't fazed by Microsoft's latest move into their market. Both Computer Associates and Network Associates Inc. say their enterprise customers' environments are too complex with various operating systems for Microsoft to pose any real immediate threat to their business. "A lot of these fundamental pieces of computing [antivirus] will become part of the operating system, and this appears to be a part of that trend. But companies need a way to manage their risk in terms of a bigger security picture. It's about managing all of your risk, not just one piece of risk around one vendor," says Ian Hameroff, security strategist at Computer Associates.
"Our competitor is the hacker and the virus writer. Those dastardly demons, over the past couple of years, have gotten smarter," says Gene Hodges, president of Network Associates, who adds that the security industry is moving away from relying so heavily on signature-based security solutions. "It's now about much more proactive and preventative security solutions. We're not concerned about what Microsoft is doing. We were pretty concerned about our ability to stop the next Slammer, Code Red, or Nimda. And we are comfortable we can do that now," Hodges says.
Earlier this year, Network Associates acquired network intrusion-prevention software maker IntruVert Networks as well as host-based intrusion prevention vendor Entercept Security Technologies. And in January, Cisco Systems acquired Okena Inc., which made software that attempts to stop known and unknown attacks against desktops and servers.
As for Microsoft's long-term intentions, Pete Lindstrom, research director at Spire Security, says both of Microsoft's acquisitions make sense as part of the company's "trustworthy computing" initiative. "It's clear that they're not holding all of their eggs in the signature [antivirus] technology basket. They want to use all approaches. The interesting thing with the sandbox [Pelican Security's software] is that you can look for nasty stuff done by authorized applications, such as spot a malicious Word macro, and that's where host-intrusion prevention [from Okena/Cisco, Entercept/Network Associates] technology is weak. Those apps can't tell if a legitimate application has been hijacked to do nasty stuff. That's where a technology like Pelican can add value," he says.
And that's exactly what John Pescatore, VP and research director of Internet security at Gartner, expects Microsoft to do. "Microsoft now has an opportunity, and a responsibility, to really change the security rules with the technology and the talent that they have acquired," he says "They ought to be looking at Outlook, Exchange, and Hotmail, and figuring out how they can reduce the virus-attack surface of those applications and services. That's job one. The next job is to build antivirus and security engines into Windows. The thing we don't want to see happen is Microsoft become just another antivirus vendor with a huge advantage. If that happens, security will just get worse. Customers should be able to use the engine Microsoft builds into Windows and purchase antivirus signatures from the antivirus vendors that produce them the fastest."
Microsoft's Nash says the company will continue to work with antivirus vendors. "The key thing to realize is we are a long way off from having an offering," he says, "and there will be a while before we can bring this to market. The thing we will be offering is a choice, and some will choose Microsoft."