Microsoft clarifies its intentions with the security community
November 12, 2010
Microsoft wants to clarify its intentions to the Internet security community and says that its rivals and the media have greatly misunderstood its plans to offer its free anti-virus scanner to Windows users without security protection via its Microsoft Update service.
Panda Security and Trend Micro both viewed Microsoft's offer of Security Essentials via automatic downloads and now both security firms say the service could be anti-competitive. As can be expected, Redmond disagrees.
For instance, Panda suggested that Windows users should be offered a ballot screen listing a range of possible options for obtaining anti-virus software instead of being presented only with Microsoft's offer.
For its part, Trend Micro said Microsoft's approach of offering the updates via Microsoft Update (which offers updates for Office and other applications) rather than Windows Update is a distinction that would be lost on most ordinary PC users and small business owners.
A Microsoft spokesman said that Microsoft's Security Essentials’ availability over Windows Update is not an "auto-download" as your headline and our valued security partners suggest in their previous comments.
Instead, Microsoft Security Essentials will be available as an optional update to customers through the Microsoft Update (MU) Website (for XP) and through Windows Update, if the user has opted in to the MU service. Microsoft Security Essentials will only be offered to those genuine Windows customers who have no antivirus solution detectable through Action Center in Windows.
A Microsoft spokesman responded yesterday by saying that the difference is important since Microsoft Update is an opt-in service. Microsoft took offence at the suggestion that it is pushing Security Essentials as an auto-download.
"The fact is that Microsoft is always looking for the most effective and efficient ways to ensure our customers are protected against viruses, spyware and other malicious threats. Despite the broad availability of anti-malware software, we still find that many consumer and small business PCs remain unprotected. By offering Microsoft Security Essentials as an optional download for PCs that are unprotected, we make it easy for those who want and know they need protection, but for whatever reason have not gotten around to installing it. Now they can download the software when they perform their other system updates without having to search the Internet or make a special trip to the PC store," said the spokesman.
The software behemoth began offering baseline security protection to consumers through Microsoft Security Essentials about fifteen months ago. Reviews of the product have been largely positive so far.
Microsoft extended its offer of the free anti-virus scanner to small businesses in September, and it's tempting to think that this is the real focus of Trend Micro and Panda's gripe, though neither have said as much so far.
Luis Corrons, technical director of Panda Labs, said its objection that Microsoft was pushing Security Essentials without giving its users an informed choice still remains.
"The problem we are seeing with this isn't about using Microsoft Update or Windows Update, but rather about pushing only MSE and offer no choices to the end users-- options that in fact are a lot better when you analyze the whole picture," said Corrons.
So far, none of the established free antivirus scanner firms - AVG, Avira and Avast - has complained about changes in how Microsoft Security Essentials is being offered. Each focuses on persuading a percentage of users of its freebie scanners to upgrade, and none has ever reported a decrease in downloads as a result in Microsoft's entry to the market segment.
For its part, AVG likes to point out that it has more experience than Microsoft in developing security scanners while arguing that their products are technically superior because they include behaviour-based malware detection.
In other Microsoft security news, publicly accessible information indicates that since Sep. 24, Internet IP addresses belonging to Microsoft have been used to re-route email traffic to more than 1,000 fraudulent Web sites maintained by a notorious group of Russian criminals, and this isn't the first time that a similar incident is discovered.
The 1,025 unique websites, which include seizemed.com, yourrulers.com and crashcoursecomputing.com are all pushing Viagra, Human Growth Hormones and other pharmaceuticals products though the Canadian Health & Care Mall.
The spammers are using one of the two IP addresses belonging to Microsoft to host their official domain name system servers, search results from Microsoft’s own servers reveal. The authoritative name servers have been hosted on the Microsoft IP addresses since at least September 22nd, according to Ronald Guilmette, an Internet security researcher who first discovered the DNS hijacking.
Guilmette's findings were also checked with other Internet security experts who specialize in DNS and the take-down of criminal websites and botnets all over the world.
By closely examining the results used with an Internet lookup tool such as Dig, the security experts were able to determine that the IP 126.96.36.199 and 188.8.131.52 — which are both registered to Microsoft — are hosting dozens of DNS servers that help convert the pharmacy domain names into the numerical IP addresses that host the spam sites in question.
The experts say that the most likely explanation is that a computer on Microsoft's campus has been re-programmed to divert the DNNS, probably after it became infected with some malware. There's also a good possibility that it could have been done manually, by a person that has access to that computer, or by a group of people that have access to the machine.
A Microsoft spokeswoman added that she was investigating the findings and expected to provide a statement once the investigation was completed.
Guilmette, who said he has uncovered evidence that other large organizations have been similarly hijacked in the past, said he's convinced the results mean that Microsoft has faced some sort of serious DNS system compromise.
“The most critical segment seems to be some sort of compromise that appears to be in play,” said Randal Vaughn, a professor of DNS and information systems at Baylor University. “It could be an NS compromise, an OS compromise, a rogue customer computer or something else entirely. In order to get the DNS zones entered in there, they must have pawned the computer.”
Source: Panda Security and Trend Micro.
You can link to the Internet Security web site as much as you like.