Microsoft Eyes SMB Security with OneCare for Server - Heuristics, Integrating Komoku's Tech and Benefits of OneCare Circle (
Page 2 of 2 )
What are you doing along the lines of
expanding the heuristics capabilities of OneCare?
We're constantly evolving the capabilities of the anti-malware engine in
OneCare … We also acquired Komoku, [which focuses on] rootkit technologies. We
are continuing to update the ability of our engine to use heuristics as well as
signature-based protection … You need to be able to look at kind of behavioral
aspects, look more broadly across the range of threats, because they're always
changing. I think back to 2003 and that was kind of a real inflection point
when worms were the thing we were most concerned about.
Then in the second half of 2004 we started really worrying about spyware,
and that became a significant threat vector. And now we're much more concerned
about blended and silent attacks, where virus writers went from being vandals
and tagging their name on corporate sites to bragging in e-mails and bragging
in the virus code about how smart they are to now being quiet—because it turns
out if you're wanting to steal money, which is really the motivation now, it's
much better not to brag about it.
Where is Microsoft in terms of
integrating Komoku technology into OneCare?
We're working on [it]. As with most acquisitions in the security space,
there are benefits that accrue immediately from the people that come over with
the acquisition and the expertise that they bring, and there are technology
pieces, and a lot of times the technology pieces take a little bit longer to
integrate into products. So it's on the road map, but I don't have a timeline
to give you.
So, at this point, why go with
OneCare over rival tools from Symantec, Trend Micro or other security vendors?
Our biggest concern is that customers get and stay up to date with
protection, and I would be delighted if they wanted to use OneCare, but I'm
more concerned that whatever they're using is up to date. Because in the land
of always-on and persistent Internet connections, if you leave your house
unlocked, you're at threat of someone coming in and stealing your china, but if
you are leaving your PC unprotected, it's not just your china, you're also
allowing your computer potentially to be a vector of attack against other
computers … We think OneCare is more performant, inasmuch as there's no system
drag.
A lot of people complain about the anti-virus slowing down their systems,
and it's a reason that they either turn it off or they don't reup on it. We
don't want people to turn it off because they think it slows things down, so
one of the design goals of OneCare has been to be less noisy and less
intrusive. We also think that the benefits of the OneCare Circle in allowing
you to manage the PCs in your home and to make things like printer sharing and
centralized, scheduled backup really, really easy is a great benefit.
So if I install a printer on one computer in the
circle, it will say, 'Do you want to install this printer on the other PCs?'
'Yes'—done, easy. Yes, it is possible to do printer sharing with the wireless
network with Windows, but it's not necessarily easy and the real design goal of
OneCare is to be very, very simple to use and you don't need to be schooled in
IT or know IT technical language to be able to use it.
