RSSMicrosoft Engineer Attempts Daring OneCare PR Rescue
By Scott M. Fulton, III | Published March 16, 2007, 10:51 AM
In a short span of time, Microsoft's new OneCare anti-virus service has been faced with a barrage of reports and blog posts remarking about how it failed a Virus Bulletin test that several of its competitors passed, along with consumers' complaints that OneCare deleted their Outlook e-mail files in the act of disarming viruses they may have contained. Now, a key engineer on the company's anti-virus team finds himself in the awkward position of defending the reputation of a firm he's only worked with for a few months, after having spent ten years at McAfee, and some time at Symantec before that.
"When we think about priorities we put our customers first and in doing that we ask ourselves, 'What do our clients want? What do they need?"' writes Jimmy Kuo, a respected anti-virus engineer who joined Microsoft last September along with some McAfee colleagues, in his inaugural blog post for the Anti-Malware Engineering Team yesterday.
"In my years in this business," Kuo continues, "the answer to the first question is some form of, 'I want to be able to sleep soundly each night knowing that when I wake up, my world hasn't fallen apart. And if something does happen, I can rely on my vendor to easily resolve it for me."'
Kuo may have been showing sympathy for consumers' recent complaints, such as this one which was posted to Microsoft's support forum on Tuesday: "The irony of the antivirus issue is that viruses simply exploit defects in the operating system. So if Microsoft would produce a zero-defect OS, we wouldn't need anti-virus software. Not only do we get a defective products from Microsoft and all other software manufacturers, we, the end-users, get to pay directly and indirectly for these defects. We need to buy security software subscriptions to hopefully safeguard our systems and if we have a problem with the software due to these defects, we get to pay tech support to provide marginal technical assistance. Oh, and then I get to waste my time and have to load potentially system breaking software to prove that I have a genuine copy of Windows to get some of the updates and security patches to fix my defective software! And there are so many other situations like this one."
Some OneCare customers have theorized that the Outlook e-mail deletion disaster may have arisen from a bug that was detected in an early beta of version 1.0, that was identified and corrected in later betas - according to reports from testers - although it may have crept back into the source code of the final build. Much of the product's testing took place before Kuo and others on his team came on board.
After the first reports of e-mail deletions were made known last January, Microsoft officials did little to acknowledge the problem until last week, leaving a volunteer MVP to apologize to customers on behalf of the company, when an official finally announced the deletion bug would be fixed in an engine update. That update was apparently rolled out last Tuesday, though IT managers and consultants continue wrestling with the damage the bug originally caused.
Kuo's post yesterday did not address the Outlook deletion problem directly, choosing instead to characterize OneLook's performance issues as a kind of discrepancy that arises when the methodology an anti-virus program uses to detect threats doesn't mesh with what someone else - someone like the industry journal Virus Bulletin - expects. Virus Bulletin hands out the "VB100" seal of approval to anti-virus programs that pass its battery of performance tests.
"We missed capturing a VB100 in the last test because we missed one virus," Kuo writes, perhaps hoping that readers will see a "99%" in their minds and remember that a 99 score is still an "A" in elementary school.
"So, as a result we have adopted new methodologies to remedy that," he continues. "The methodology we adopted is to look more closely at families of viruses that have been found to be 'in the wild' (ITW)...This means someone working off the same code base is actively spreading the malware of this family, and thus more of the same family will likely become ITW in the future. And we want to be able to detect them with signatures we write today rather than after they've been loosed upon the public."
If we're interpreting Kuo's words accurately, he appears to be saying OneCare attempted a methodology that attempted to locate future viruses mutated from earlier ones, based on the signatures of those earlier ones - and it was that methodology that made it fail to find the critical virus in the VB100 test. Virus Bulletin has previously maintained that its battery of tests are geared toward the detection of existing, common viruses.
Microsoft's goal, Kuo maintains, is to leapfrog from here over its competition. "So while we concentrate on what's truly important (malware actively being spread ITW), we will also be bringing up these other test detection numbers," he writes. "You will see our results gradually and steadily increase until they are on par with the other majors in this arena. And soon after, they will need to catch up to us!"
Kuo's comments may have been read by many IT managers and consultants who weren't getting any sleep last night, desperately scrambling to recover their clients' and employers' e-mails.
I also was involved with the beta testing for OneCare. I have been really happy with the product!
Only issue I had was on 1 pc where the .net framework for the beta version was causing problems with the release version.
I love it because its not BLOTWare like Norton has become.
Keep up the great work MS!
Score: 0
|Microsoft already owns the freaking world. We might as well just give everything else to them...
Score: 0
|What you dont know is microsoft already owns the freaking world...including your shoes, and the s*** on your back.
Score: 0
|Since I use XP, one care will not be any good to me and I certainly would not trust MS with an AV.
I use Avg on my laptop and Avast on my main machine, they both do a great job and more trustworthy then any MS AV.
Score: 0
|Anti-Virus in a Microsoft-bound system should be FREE from Microsoft. Protection of our systems shouldnt require us to pay the price of what 29.95 a year to guarantee our systems to be free from viruses that LARGELY are directed at MICROSOFT Based systems as there are very few directed toward any other Operating System. Linux nor Mac's OS has these problems (I have a linux based system and know many folks who use Linux AND Macs that laugh at those of us that use MS OS Computers)
Score: 0
|If they gave it away, it would immediately send up the red flag to Symantec, McAfee, etc. that it was predatory or dumping practice. The DOJ would pounce on that within seconds of learning of it. MS can't continue on losing profits to their legal counsel and remain attractive to their shareholders.
For the record (or whatever) I was an active beta program participant from early on. I thought it had potential, but then they announced pricing and I walked away from it. Even beta testers usually get a complimentary copy after a product ships (Vista, Office 2007, server products, etc.) depending up on how early in the process you join in. OneCare beta testers were given a discount of 20%. I chuckled.
Score: 0
|Yeah, the beta testing benefits have gone way down which, in turn, is going to reduce the quality of the testers. Microsoft is not terribly good at listening to their testers either, frustrating lots of good people out of the programs.
Personally, I gave up on OneCare when it detected and disabled the LoJack program on my laptop. I reported the bug and they denied that it existed (told me it was my fault) until they got it fixed.
Score: 0
|Interesting how they only start employing "reputable" AV programmers once the damage has been done. Who was writing OneCare before that, refugees from the Bob team? Anyway, we all know how this will go down. Microsoft will patch Vista to ensure that OneCare is the only AV that runs correctly on it, and when systems start falling left and right due to the virii it misses, M$ will simply start calling them "exploits" instead of viruses..and nobody can predict every possible exploit, right?
Score: 0
|Microsoft will patch Vista to ensure that OneCare is the only AV that runs correctly on it,
You sir, just became a troll.
Congratulations!
Now go crawl back under your rock.
Score: 0
|My 2c. Either put Onecare back into beta or make it free for another year or so....refunds arent as easy as people think, so simply carry people's subscription for an extra year or 2 (paying customers) after the product goes gold. Work on it, make it a better product.
I wouldn't buy it for $1, I suspect only MS fans are supporting it right now. Don't get me wrong, when I used Onecare I liked it, but it has always messed with my system so I removed it permanently. In a world where Kaspersky, Antivir and the host of truely exceptional avs exist currently, Onecare is looking like a bad infection rather than a competitor.
Score: 0
|MS fan here.
Not supporting OneCare. Never used, never planned to. Been kinda stuck on NOD32 as of late. :)
Give 'em time, I'm sure they'll figure it out eventually.
Score: 0
|"Give 'em time, I'm sure they'll figure it out eventually."
I just hope you're not backing that faith up with stock ownership. ;o)
Score: 0
|yay nod =]
Score: 0
|Missed that gravy boat a *long* time ago...
Score: 0
|'I want to be able to sleep soundly each night knowing that when I wake up, my world hasn't fallen apart. "
I'd say the removal of one of the most critical data files on a home user's system as qualifying for this.
"And if something does happen, I can rely on my vendor to easily resolve it for me."'
The vendor hemmed and hawed, and said "It'll be fixed in a few days."
You want to keep us as customers? Refund our money, we'll wait 3-4 years to see where onecare is then, and THEN we will reconsider.
That will never happen.
Score: 0
|The poor dude seems to have landed on his butt.
Maybe he was a Trojan Horse from Microsoft's competitors :-)
Score: 0
|