Microsoft to bundle own anti-virus protection?

Confirms it will launch its own product but admits it needs to gain the trust of consumers and businesses...

Microsoft has admitted it must overcome a reputation for poor security in its products if it is to successfully move into the anti-virus market. The company acquired Romanian anti-virus company GeCAD last month for an undisclosed sum in what it said was an effort to better understand how viruses attack systems. Steven Adler, European senior security strategist at Microsoft, told silicon.com at the TechEd developer conference in Barcelona this week that earning the trust of end-users is critical. “We have a legacy to overcome in terms of this history we’ve had and reputation,” he said. He confirmed that Microsoft’s long-term aim is to bring out its own anti-virus product along with a subscription-based automatic update for virus protection files, but did not elaborate on how closely tied, or bundled, into the Windows operating system this would be. “Viruses are still a very visible threat to customers and so we need to improve the underlying foundation and the architecture that would then allow us to provide really good infrastructure for third-party anti-virus vendors to plug into or for our own internally developed anti-virus solutions to work with,” he said. Adler admitted security will be important so as to prevent a potentially bizarre situation of Microsoft issuing a vulnerability warning on its own anti-virus software, which would then need to automatically download a patch and virus protection file from itself. “We recognise that has to be very high quality so it doesn’t also introduce its own vulnerabilities,” he said. Microsoft’s move into the anti-virus market, which has not surprisingly been questioned by some security vendors, is part of the company’s Trustworthy Computing strategy and Adler said tangible progress has been made on this. “If you look at the recent Internet Explorer bug it was critical for Windows 2000 and XP but only moderate for Windows Server 2003. Because of the default installation out of the box it did not trust web sites out of its own intranet zone and so it meant out of the box you were not as vulnerable to that exploit.”