• United States
Senior Editor, Network World

Microsoft seeks antivirus fix

Jan 13, 20034 mins

Microsoft is working behind the scenes with leading antivirus software vendors to improve the way desktop security software works with its next major operating system, code-named Longhorn.

REDMOND, WASH. – Microsoft is working behind the scenes with leading antivirus software vendors to improve the way desktop security software works with its next major operating system, code-named Longhorn.

Under enormous pressure from customers, partners and competitors to clean up its security act, Microsoft plans to open up Longhorn through one hundred or so APIs that antivirus software developers could use to get a more direct path into the operating system and applications running on it. Longhorn will be only client desktop software,and according to Microsoft, Longhorn isn’t expected out until late 2004 or early 2005.

“When Microsoft gives [developers] these APIs, it will be easier to scan for viruses,” says Bruce Hughes, content security lab manager at ICSA Labs, a Mechanicsburg, Pa., organization that tests antivirus products.

Those familiar with the plan say Microsoft’s effort to work with antivirus software vendors should result in products that are less prone to interfering with operating systems and applications.

“Antivirus, for Microsoft, is a nuisance,” says John Pescatore, a security analyst at Gartner, pointing to part of the company’s incentive to work more closely with antivirus companies.

The availability of the APIs also should make for a de facto standardization of desktop antivirus software, making it easier for more companies to get into the $1.7 billion antivirus market, now the territory of vendors such as Network Associates, Symantec and Trend Micro. If the effort works out, observers say, it could pave the way for similar Microsoft projects involving intrusion-detection and other security technologies.

Sources say there is no evidence yet that Microsoft’s APIs will help vendors looking to design better tools for cleaning up after a virus strikes computers.

Microsoft, which already has provided server-based antivirus APIs for its Exchange messaging server, acknowledged the Longhorn plan for desktop antivirus APIs, but declined to discuss it further.

Enthusiastic following

Antivirus vendors say they are enthusiastic about Microsoft’s effort. While there always is concern about Microsoft taking too much control of a market, Microsoft’s leadership is required in this area given the prevalence of its desktop software, they say.

Some antivirus companies already have had a preview of the potential benefits of APIs by using the server-based antivirus APIs that Microsoft makes available for its Exchange messaging server.

Trend Micro, for instance, has used Microsoft’s VSAPI 2.0 for Exchange to better design its ScanMail product to block mail-based viruses, says Kevin Murray, Trend Micro’s product marketing manager for messaging. Desktop antivirus APIs are where the industry is headed, says Murray, who predicts the change will result in antivirus software that’s “a lot less intensive on system resources.”

It could lead to antivirus software vendors no longer having to store thousands of signature updates – the information used to identify new viruses – on desktops. Instead, a central server could remotely scan desktops periodically.

The APIs also might help vendors develop new services, such as charging a fee per signature update or scan, Pescatore says.

Another result of Microsoft’s effort could be a further commoditization of antivirus software.

Operation antivirus

Microsoft’s next version of its desktop operating system will include antivirus APIs.
Possible benefitsPossible benefits
More efficient scanning of the operating system and files.Could open new security holes inadvertantly.
Less intensive use of system resources.Independence of antivirus software industry withers under Microsoft control.
Easier updating of virus signatures.

“As long as Windows users are still afforded the choice of which antivirus plug-in they wish to license, this is an expected evolution for pure antivirus technology,” says Ian Hameroff, a director at eTrust Security Solutions, which sells antivirus and other security products. “[It is] moving into the realm of where TCP/IP stacks and Web browsers are today – a part of the underlying services found on standard workstations.”

Chris Wraight, technology consultant to antivirus software vendor Sophos, says the downside for those vendors that felt they had a technological advantage is that the effort somewhat levels the playing field.

“It makes it more incumbent on antivirus vendors to distinguish themselves with what they would do once the APIs give them the file to scan,” he says.

Network executives say they are happy to see Microsoft working with others to ensure that antivirus products work better with Windows. But at the same time, they continue to question Microsoft’s security expertise.

“What scares me is all these viruses written for attack on Microsoft vulnerabilities,” says Thomas Wagenhauser, IT manager at Harlan Bakeries in Avon Ill. “I’m not comfortable relying on Microsoft for antivirus security.”

Such thinking helps to explain why Microsoft has not aggressively pursued a takeover of the antivirus business, analysts say.