Microsoft to install AV engine in Windows

Vendors like to visit technology journalists from time to time, say hello, hand out a T-shirt or a logo mug, and then demo the latest version of whatever product they’re selling. They’re demo meetings, pure and simple.

Years back, I attended one of these demo meetings with a large anti-virus software vendor who must remain nameless. Being me, I surrendered to my sophomoric sense of humor and deadpanned a joke about how AV vendors must be paying virus writers in third-world countries so they could stay in business. The room got real quiet real fast. Apparently, AV marketing professionals don’t think that joke is funny.

Unfortunately, you won’t see any increase in the humor level of AV marketers in the near term, because the world’s most humorless marketing department just entered the anti-virus arena. That’s right: Microsoft just bought its own AV engine.

But instead of snapping up a big player such as Symantec or Trend Micro, Microsoft jumped the pond and dropped a few shekels to purchase only the IP and technology assets of GeCAD Software, a development company in Bucharest, Romania. 

Officially, Redmond has no comment on what the GeCAD buyout means to Windows users, but given that the company’s primary IP was the GeCAD RAV AntiVirus series, the writing on the wall is pretty plain: Microsoft operating systems and server platforms will soon have access to their own scanning engine and virus signature database.

Does this mean Microsoft products will soon be safe from malicious code attacks without the need for third-party AV? Hardly. In fact, possibly less so. Microsoft’s marketing muscle is the strongest around, and if it starts pumping out the message that an internal AV engine means Windows is finally secure, many folks will probably believe it, despite the fact that viruses are really just one item on the malicious software menu.

Malware comprises several types, including not only viruses but also Trojans, worms, mail bombs, keyboard sniffers, and password crackers. Even denial-of-service attacks can make use of a client-side malicious software package. Then there is the improper use of reputable software packages, such as vulnerability scanners, packet sniffers, cookies, and e-mail scanners.

That’s why simply installing any old AV engine just isn’t enough by itself to ensure system integrity. AV must be bolstered by additional software features designed to detect other kinds of malware. Systems administrators must carefully monitor not only of the activity on their own networks, but also of the cyber-security landscape in general — especially those systems administrators dealing with Microsoft platforms.

Although some may lament that third-party AV vendors may now face extinction because Microsoft has lumbered onto the scene, I disagree. There may be a shakeout, but in the end, we’ll see better third-party security products. Where once simple anti-virus was the order of the day, we’ll now see a battle for the best overall security available to the Windows platform.

Some AV vendors, such as Symantec, are already well versed in detecting more malware than simple viruses and in offering complementary features and services. Microsoft’s entry just means they’ll have that much more incentive to offer the best end-to-end Windows software security. And the rest of the anti-virus community will simply have to follow suit or fall prey to the Microsoft marketing maul.

In short, Microsoft’s purchase of an AV engine may well mean better security for Windows — but it’ll probably still come out of Cupertino, Calif., rather than Redmond, Wash.