Microsoft Responds to AV Attacks
Microsoft has taken a lot of heat lately for their results in various AV testing (Examples: -1-, -2-, -3-, -4-, -5-). My opinion has stayed pretty much the same... My assumption is that the product failed due to missing older viruses... so their competitors who have years of industry experience and a large signature database would have a better chance... I highly doubt that these AV tests use only new viruses. This is why the AV Tests fail in my opinion... The older viruses aren't usually the problem... How many people reading this blog even remember CIH for example (t could, in certain cases, cause you to go out and buy a new motherboard). Microsoft is new to the game... If they were to cover every old virus and front load them before product release, then the product may never get out the door... So they had to pick and choose... I'm sure this older coverage will come. They probably have a small team dedicated to filling in the coverage. In the mean time it was much more important that they cover viruses that are in the wild and current... So that was my take on it and I didn't think very much of them failing the virus tests. At the same time, I don't use OneCare... There are plenty of free AV Solutions that are great and I prefer them.
Regardless, Microsoft has now stepped forward and responded on their Anti-Malware Engineering Blog. The writeup confirmed some of what I had assumed and pointed out that they are new to the AV game. Sure they purchased Sybari so they had some AV insight... but I don't think that insight was comparable to that of Symantec, McAfee or Trend Micro. Anyways give the article a read... a follow up is coming in a few weeks from the Microsoft Security Research and Response GM.