The company has announced Malicious Software Removal Tool, based on technology it got when it acquired antivirus developer GeCad Software 18 months ago, and confirmed that a full-blown antivirus offering will be released later this year.
The tool will be used just to clean infected machines, not to prevent them from becoming infected. Updates for the latest worms will be released on the second Tuesday each month, at the same time patches are published.
The moves suggest that Microsoft may end up promoting its antivirus software through the same channels as it uses to deliver the fixes for its own bugs that allow many of the viruses to propagate in the first place.
The company has been offering fixes for specific threats ad hoc for a year. Removal tools for Blaster and Download.Ject malware, both of which targeted Windows vulnerabilities, have been published.
Symantec senior director Vincent Weafer said that the release of the tool will be a good thing for antivirus firms. Users are more likely to be spurred to buy antivirus software, rather than seeing the tool as an alternative, he said.
We’ve all been doing removal tools for four or five years, he said. When people discover that they have been infected they will go out there and try to do something about it.
The tool does not answer any questions about when and how Microsoft plans to deliver its own antivirus offering. All that is known so far is that there will be a subscription component. How the software engine will be delivered is not known.
Symantec’s CEO John Thompson said he expects Microsoft will deliver its offering mid-year, and said he did not expect any immediate material impact on Symantec’s consumer business as a result.
Microsoft’s entry to the market has been seen as the biggest threat to the large growth rates antivirus firms, mainly Symantec, have experienced the last few years. Some say this new competition was a driver behind Symantec’s proposed merger with Veritas Software Corp.
Microsoft has also released a beta version of the spyware removal technology that it acquired a few weeks ago by buying security startup Giant Software. This is something of a rarity for Microsoft – through the acquistion and speedy relaunch of Windows AntiSpyware, the company has become an early mover in a nascent market.
Spyware, along with its less-dangerous cousin adware, is one of the fastest-growing Internet threats today, and none of the major desktop security vendors really has a convincing handle on it yet.
Windows AntiSpyware uses a database of spyware applications compiled by a distributed volunteer community Microsoft calls SpyNet. This may be a reason why it came to market some much quicker than Microsoft still-unreleased antivirus.
Having come to market with anti-spyware less than a month after buying Giant, its tardiness to market with antivirus suggests that the company has other business concerns to deal with, perhaps relating to its product delivery strategy.
Symantec’s Weafer said he thinks Microsoft, having acquired antivirus technology and a small staff, has spent the intervening time building up the support infrastructure required to support a major antivirus operation.
Thousands of new viruses are discovered every week, he said. The major antivirus firms have researchers working around the clocking spotting new threats and writing signatures to detect them.
Bill Kerrigan, senior vice president of consumer products at McAfee Inc, agreed that doing AV well is not just about technology. It’s also about process, he said, and that process has to be executed flawlessly on a global basis.
Kerrigan added that the antivirus market has invented new ways to protect users since Microsoft acquired GeCad. McAfee, for example, has added intrusion prevention to its enterprise AV, and plans to add it to its consumer offering this year.
