Grey bar Blue bar
Share this:

Wed, 11 Jul 2007

Have a (one) care sir....

Someone in the office was discussing Microsoft's recent horrible foray into the anti-virus market. Apparently an online source held one-care as faring worse than a simple man with a perl script. A quick scan shows that they have indeed faired pretty poorly in independent tests:

"(BBC News) OneCare was the only failure among 17 anti-virus programs tested by the AV Comparatives organisation."

Now the obvious question was: How could Microsoft possibly get it so wrong? (Cue the drum roll, bring out your tin foil hats)

You have less people running around these days screaming "Microsoft just dont get security" (Compare a BlackHat today with a BlackHat 5 years ago where Microsoft employees hid their name badges more than any of the guys from 3 letter agencies did). There is little doubt that they have skilled engineers and that they quickly step up when they have to.. So how is it possible that they can do this badly at a new market they were keen to enter?

There are probably good reasons for it, but since i do have a shiny new tin foil hat, im going to run with a different ponderation. Microsoft knew they were going to take heat for patchguard (preventing 3rd parties from hooking into the kernel). They had to know that the Symantecs and McAfees of the world would be up in arms, about the fact that this would give Microsoft an unfair advantage in this space. This would affect not just their AV lines, but their HIPS products that Microsoft would surely want to bundle with the OS in the future..

Of course, Microsoft's biggest defense was to claim that their engineers were not given access to windows internals where their product competed with 3rd parties. Almost all of us responded with: "riiiiiiiigghtt...."

But then.. Microsoft releases one-care, and it really _does_ do poorly against its industry peers! Surely if one-care engineers had preferred treatment they would have done better? Surely this proves that they were honest all along??? From an MSFT point of view, it would be giving up fairly little (a market they have not yet come to rely on) to gain favor in markets where they do indeed have a lot to lose.. all in all.. it would make an excellent sacrificial lamb..