Heuristics, Integrating Komokus Tech and Benefits of OneCare Circle

By Brian Prince  |  Posted 2008-05-13 Print this article Print


What are you doing along the lines of expanding the heuristics capabilities of OneCare?

We're constantly evolving the capabilities of the anti-malware engine in OneCare ... We also acquired Komoku, [which focuses on] rootkit technologies. We are continuing to update the ability of our engine to use heuristics as well as signature-based protection ... You need to be able to look at kind of behavioral aspects, look more broadly across the range of threats, because they're always changing. I think back to 2003 and that was kind of a real inflection point when worms were the thing we were most concerned about.

Then in the second half of 2004 we started really worrying about spyware, and that became a significant threat vector. And now we're much more concerned about blended and silent attacks, where virus writers went from being vandals and tagging their name on corporate sites to bragging in e-mails and bragging in the virus code about how smart they are to now being quiet-because it turns out if you're wanting to steal money, which is really the motivation now, it's much better not to brag about it.

Where is Microsoft in terms of integrating Komoku technology into OneCare?

We're working on [it]. As with most acquisitions in the security space, there are benefits that accrue immediately from the people that come over with the acquisition and the expertise that they bring, and there are technology pieces, and a lot of times the technology pieces take a little bit longer to integrate into products. So it's on the road map, but I don't have a timeline to give you.

So, at this point, why go with OneCare over rival tools from Symantec, Trend Micro or other security vendors?

Our biggest concern is that customers get and stay up to date with protection, and I would be delighted if they wanted to use OneCare, but I'm more concerned that whatever they're using is up to date. Because in the land of always-on and persistent Internet connections, if you leave your house unlocked, you're at threat of someone coming in and stealing your china, but if you are leaving your PC unprotected, it's not just your china, you're also allowing your computer potentially to be a vector of attack against other computers ... We think OneCare is more performant, inasmuch as there's no system drag.

A lot of people complain about the anti-virus slowing down their systems, and it's a reason that they either turn it off or they don't reup on it. We don't want people to turn it off because they think it slows things down, so one of the design goals of OneCare has been to be less noisy and less intrusive. We also think that the benefits of the OneCare Circle in allowing you to manage the PCs in your home and to make things like printer sharing and centralized, scheduled backup really, really easy is a great benefit.

So if I install a printer on one computer in the circle, it will say, 'Do you want to install this printer on the other PCs?' 'Yes'-done, easy. Yes, it is possible to do printer sharing with the wireless network with Windows, but it's not necessarily easy and the real design goal of OneCare is to be very, very simple to use and you don't need to be schooled in IT or know IT technical language to be able to use it.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel