Dennis Batchelder, director of the Microsoft Malware Protection Center (MMPC), presented the keynote speech for the 8th International Conference on Malicious and Unwanted Software (Malware 2013 for short)
The key player in Microsoft's self-check is something you've seen every Patch Tuesday, the Malicious Software Removal Tool. The MSRT runs briefly during Windows Update and then goes away, until the next month. As part of its job, it reports a collection of entirely non-personal system information back to Microsoft. By aggregating the many millions of reports thus generated, Microsoft can learn a lot.
The whole purpose of the Malicious Software Removal Tool is to detect and wipe out a small but active collection of prevalent malware—nasties that Microsoft research has flagged as the most important. If the MSRT wipes out one of these threats on a system that does have antivirus protection installed, it means the antivirus failed to prevent the infection.
Of course, any time a bad test result gets published, the Powers That Be at Microsoft demand to know why. Batchelder told me they offered him a team that he could assign to the task of getting better scores in independent lab tests. "I told them go ahead," he said. "Give me that team. But I won't use them for passing tests. I'll assign them to protecting our customers better."
Given Microsoft's immense resources, though, why not work both ends of the equation? Why not create a product that does a good job and also passes all the tests? Batchelder explained that Microsoft's aim is to ensure protection for Windows customers, not to be the biggest, baddest antivirus around. From his point of view, the more diverse the protective software installed, the more information Microsoft gets, and the better they can protect their customers.
He wound up reminding us of an important point from his keynote. There's a huge malware ecosystem of criminals and supporting actors working against everyone's security. If the antimalware industry doesn't likewise work as an ecosystem, if each company insists on individual success at the expense of the competition, we're doomed.
Read More
The key player in Microsoft's self-check is something you've seen every Patch Tuesday, the Malicious Software Removal Tool. The MSRT runs briefly during Windows Update and then goes away, until the next month. As part of its job, it reports a collection of entirely non-personal system information back to Microsoft. By aggregating the many millions of reports thus generated, Microsoft can learn a lot.
The whole purpose of the Malicious Software Removal Tool is to detect and wipe out a small but active collection of prevalent malware—nasties that Microsoft research has flagged as the most important. If the MSRT wipes out one of these threats on a system that does have antivirus protection installed, it means the antivirus failed to prevent the infection.
Of course, any time a bad test result gets published, the Powers That Be at Microsoft demand to know why. Batchelder told me they offered him a team that he could assign to the task of getting better scores in independent lab tests. "I told them go ahead," he said. "Give me that team. But I won't use them for passing tests. I'll assign them to protecting our customers better."
Given Microsoft's immense resources, though, why not work both ends of the equation? Why not create a product that does a good job and also passes all the tests? Batchelder explained that Microsoft's aim is to ensure protection for Windows customers, not to be the biggest, baddest antivirus around. From his point of view, the more diverse the protective software installed, the more information Microsoft gets, and the better they can protect their customers.
He wound up reminding us of an important point from his keynote. There's a huge malware ecosystem of criminals and supporting actors working against everyone's security. If the antimalware industry doesn't likewise work as an ecosystem, if each company insists on individual success at the expense of the competition, we're doomed.
Read More
