Microsoft: OneCare should not have been rolled out

CeBIT: In an frank interview, Microsoft admits that its OneCare security product should not have been released so quickly

Microsoft has said that its OneCare security suite has "a problem" with the underlying antivirus code, and admitted that security is just "a little part of Microsoft".

Speaking to ZDNet UK exclusively at the CeBIT show in Hanover, a senior manager for the software giant said that its consumer security product is far from perfect and that pieces are actually "missing".

OneCare has been dogged by controversy since its launch last May. Signs that the software was not up to scratch came earlier this month when OneCare failed to achieve certification in an independent test of security products. Shortly before that, it emerged that the product did not sufficiently protect users of Microsoft's Vista operating system against malware.

But the latest and most serious problems arose in March this year after the product mistakenly quarantined and even deleted Outlook and Outlook Express files for the second time.

Microsoft apologised for the problems and has issued an update that has now been automatically pushed out to OneCare customers, to halt the false positive identification as malware of Outlook .pst and Outlook Express .dbx files.

Asked about these problems, Arno Edelmann, Microsoft's European business security product manager, told ZDNet UK on Thursday that the code itself has pieces missing.

"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits and pieces are missing," said Edelmann.

The problem lies with a core technology of OneCare, the GeCAD antivirus code, and how it interacts with Microsoft mailservers. According to Edelmann, the Microsoft updates and mailserver infrastructure do not harmonise.

"It's a problem with the updates, and it's a problem with the implementation," said Edelmann.

If mail is received from a server running Exchange 2007, users are unlikely to encounter problems. However, if mail is received from servers running Exchange 2000 or 2003, the likelihood of quarantining is high, said Edelmann.

"OneCare is a new product — they shouldn't have rolled it out when they did, but they're fixing the problems now," said Edelmann.

According to the security manager, security is only a small part of what Microsoft does, suggesting it does not have as much security expertise as established security vendors.

"Microsoft is not a security company. Security is important, but it's just a little part of Microsoft," said Edelmann.

Security vendor Kaspersky said that it was not acceptable for two Microsoft products — such as OneCare and Exchange 2007 — to be incompatible, especially as Microsoft has market dominance.

"Microsoft, welcome to our business," said Eugene Kaspersky, the founder of the company. "All in all it's a bad thing. It's not acceptable for Microsoft products to do that. Microsoft dominates the market. If they do that it creates a big noise, many affected people, and happy lawyers."

This is not the first time Microsoft has had a problem with OneCare and Outlook. In January OneCare also erroneously quarantined Outlook files. However, Kaspersky said that although the problems then and now were the same, the cause of the problems in January was different.

"They fixed the first false positive, and now they have the next one," said Kaspersky.

Kaspersky said that false positives are not just a problem for Microsoft, but for the whole antivirus industry. He said that about 1 percent of Kaspersky records were false positives, but they were almost totally stopped by the company's test robots. He added, however, that sometimes false positives are released by Kaspersky.

Microsoft purchased the Romanian GeCAD company's technology in 2003.