In-Depth

Microsoft Update Onslaught Targets Spyware, Viruses

Experts say Microsoft could be leading the charge for antivirus and anti-spyware software that runs from a single interface

• By Mathew Schwartz
• 02/16/2005

Microsoft issued 18 security updates last week. Security vendor Symantec classifies nine of them as serious, and notes security managers have less time than ever to patch.

“With the time between the disclosure of a vulnerability and publication of exploit code dropping to 5.8 days, new vulnerabilities pose an increasing risk to unpatched systems,” says Oliver Friedrichs, a senior manager for Symantec Security Response.

One of the new vulnerabilities affects Microsoft Office XP, Project 2002, Visio 2002, and Works Suite 2002-2004. They’re vulnerable to malicious links sent via e-mail or on Web sites.

Another security bulletin concerns Windows Messenger Service, MSN Instant Messenger, and Windows Media Player 9. They’re vulnerable to remote code execution, due to a buffer overflow bug affecting certain applications able to process PNG images.

Internet Explorer also makes the new-vulnerabilities list. In fact, the security update released by Microsoft disables some Internet Explorer image handling—via an ActiveX control—leading observers to guess at the vulnerability, the full extent of which wasn’t disclosed.

“It is assumed that this vulnerability is high severity and it is likely that exploitation can result in compromise of client-side systems,” says Symantec.

Combining Anti-Spyware and Antivirus

Some observers contend Microsoft’s current patching process—releasing all patches on one day of the month—is a public relations coup. Instead of generating a public outcry by releasing patches as they become available, which this month would amount to nearly one every weekday, bundling them lessens the apparent impact. Microsoft contends its schedule is to make life easier for security managers.

Either way, Microsoft appears to be taking steps to harden its operating system against vulnerabilities. For example, in 2003 it acquired a Romanian antivirus provider, GeCAD Software Srl. Late last year, it bought Giant Software, just as the small software company was putting final touches on an enterprise-grade anti-spyware product. Microsoft then put Giant’s software into Microsoft Windows AntiSpyware software, which it released in beta—so far for free—for Windows 2000, Windows XP, and Windows Server 2003.

Microsoft Windows AntiSpyware seems to be aimed at the home-user market, and has drawn mixed reviews from critics, who say it lacks the capabilities of such also-free software as Ad-Aware Spybot Search & Destroy, not to mention enterprise-grade anti-spyware software.

Then this month, Microsoft announced plans to acquire Sybari Software, makers of antivirus software for servers. “This now puts Microsoft into the antivirus business competing with Symantec and McAfee,” notes Rob Shively, CEO of security vendor PivX Solutions.

The acquisition of anti-spyware and antivirus companies also presages single software that combines the two features. For many IT managers, the move couldn’t come too soon; businesses are increasingly hammered by spyware. According to IDC, 64 percent of consumer PCs are infected with it; corporate PCs are also infected. Yet “the antivirus industry has been disturbingly slow in addressing this requirement, leaving a huge market opening for major vendors such as Microsoft and Computer Associates,” notes a Gartner research brief. Computer Associates acquired PestPatrol—one of only two companies with enterprise anti-spyware software then on the market—last year.

Expect imminent convergence. “It seems natural that anti-spam and anti-virus would be part of the same security application,” notes Ferris Research analyst Chris Williams. “Microsoft is likely moving in this direction, since it acquired anti-virus technology last year as well” as anti-spyware.

Of course, one of the primary conduits for spyware conduit is Microsoft IE. Gartner predicts Microsoft won’t better protect Internet Explorer itself from spyware until the release of Windows XP Service Pack 3 (SP3)—currently scheduled for the second half of 2005.

Gartner also advises companies to use that six-month window as a deadline for their antivirus vendors to build in anti-spyware protection, or else it advocates switching to a new product offering the combined functionality.

Related Stories

New Enterprise Tools Attack Spyware
http://www.esj.com/Security/article.aspx?EditorialsID=1215

CA Jumps into Anti-Spyware Market
http://www.esj.com/security/article.aspx?EditorialsID=1094

Microsoft Entering Antivirus Market
http://www.esj.com/news/article.aspx?EditorialsID=591