Microsoft has witnessed an improvement in the way people are securing their computers.
Speaking at the company's TechEd conference in Amsterdam on Tuesday, Detlef Eckert, chief security advisor for Microsoft, said although the level of hacking and virus attacks remains constant, people are being more vigilant about online threats.
Eckert told ZDNet UK sister site silicon.com: "While the attacks are not going down and the network worms are still a risk, society at large has got better. What we sense is a shift of the professional criminal attacks. They are more targeted and they go on the premise 'how do we get money?' They are phishing attacks that look for bank details, espionage attacks that use Trojans or botnets that do denial-of-service attacks."
However, Mario Juarez, product manager of security for Microsoft, said that only one in three people using Windows XP in the US had downloaded Service Pack 2, which tightens security on the operating system: "We know that the percentage of people using Windows XP SP 2 is lower than we would like it to be. One in three machines that run Windows XP is running SP 2. Customers are still reluctant to upgrade."
Microsoft has recently completed the acquisition of antivirus company Sybari and launched an anti-spyware service which it says 20 million people worldwide have signed up for. Some of the anti-spyware services will be provided for free but Eckert said the antivirus product will continue to be sold.
While Microsoft currently provides free patches for vulnerabilities in Windows, Eckert said Sybari's software would carry a cost because viruses were completely unrelated to its software flaws.
"We are not charging the user for anything related to vulnerabilities," Eckert said. "There are companies that charge for updates or services. There are virus attacks that are not related to vulnerabilities but exploit user behaviour. The virus attacks look at system or user log traffic. They use port 80 or HTTP as a way to attack companies. They get into the Web server and attack you directly."
But last week antivirus expert Graham Cluley of Sophos stressed that Windows was one of the greatest problems in the antivirus world.
Cluley said: "I believe that right now the real threat is on Windows computers and servers. Last month we saw more malware and most of them targeted Windows. Today there is a 50 percent chance you will get infected in eight minutes of plugging into broadband. It's [home] users — the businesses are patching themselves — they are the ones who are spreading it about."
When asked if it was fair to charge customers for antivirus products that secure flaws in Windows, Microsoft's Juarez said: "It's about philosophy. There is an inherent premise in the issue of propriety of charging for security that resonates in an interesting way. Customers are really keen on being protected. Our principal interest is providing the means for customers to stay secure.
"It's about making the entire ecosystem safer. As Microsoft we think on a global level of what keeps the Internet safe. We need to be sure that the world is safe."
Talkback
Microsoft are on a lose/lose situation with built in 'free' anti virus software.
Including it makes technical sense but I suspect people would accuse them of abusing their monopoly if they did. Personally I think they should be allowed to include anything they want in their OS. The world doesnt need 10 competing anti-virus software companies it just needs one that works
You're right Jon, but the only way you get one that works is through the driving force of competition. If you don't have competition then the product simply rests on it's laurels and ends up stagnant - look at Windows.
I believe most anti-virus software if up to date will find most virus, ie there isnt an awful lot of difference between them. A built in Microsoft anti-virus program would work well enough (MS could just buy whoever was the market leader with petty cash) but it would destroy the market for 3rd party ones. Who would buy a 3rd party product when it was included?
Won't charge. Would that include W2K and W98 with no strings attached whatsoever?