15 of 17Image
Why did it take so long for Microsoft to include effective, free antivirus software as part of Windows? Blame the 2001 United States versus Microsoft antitrust settlement, which severely restricted the company's ability to bundle software with Windows if that software would compete with third-party products.
Through the decade, Microsoft slowly introduced various antimalware solutions. Windows Live OneCare was a paid product, and Windows Defender (included free with Windows Vista) blocked only adware and spyware.
Microsoft Security Essentials was the first free full-strength security product from Microsoft, based on the same engine as the enterprise-grade Forefront product. Its successor will be included by default in all editions of Windows 8, using the well-established Windows Defender brand name.
These closely related malware families represent a disturbing trend. Yes, there are competent programmers behind these Trojans, which specialize in stealing information about online banking accounts. (Brian Krebs has done an exceptional job of documenting the workings of these bad actors.)
But what’s new and different is that the malware authors have essentially franchised their work, selling the results as crimeware kits that even a non-programmer can use. Some experts estimate that the Zeus/SpyEye botnets have lifted more than $100 million from innocent victims.
Fortunately, a very aggressive worldwide legal effort led by Microsoft has taken out the most aggressive of these botnets, and the survivors have to be feeling a little nervous. Legal proceedings have become an increasingly effective part of Microsoft’s response to malware, especially in persistent cases like this.
Malware authors relentlessly attacked Internet Explorer in the early 2000s, and they had no trouble finding holes to exploit. As a consequence, cautious web surfers switched to other browsers that promised to be safer. First it was Firefox, then it was Google Chrome.
But malware authors are like cockroaches. They adapt to changing conditions. As a result, one group (possibly the same one that targeted Mac users with Mac Defender) took dead aim at Chrome users with a targeted attack like the one shown here.