…and snatch people from established players to gain expertise in the area. The most recent hire is Dan Wolff, formerly of McAfee, who will run the research operation in Tokyo.
The Ireland operation in Dublin is being led by Katrin Tocheva, another recent hire, who worked at F-Secure. Microsoft previously hired several other McAfee veterans, including Jimmy Kuo, now a Microsoft senior security researcher, and Vincent Gullotto, now general manager of security research and response at Microsoft.
Marx, who regularly tests antivirus software, has recently noticed "dramatic" improvements in the detection capabilities of Microsoft's OneCare. "In the past, it could take days or even weeks for the Microsoft team to add detection of a new worm or bot sample. This has been reduced to a couple of hours," he said.
That's a much-needed improvement. OneCare earlier this year failed an independent test in which Virus Bulletin, backed by a team of UK-based researchers, pitted 15 antivirus software packages against a series of viruses. OneCare didn't catch them all.
Although Microsoft's leaps in antivirus detection capabilities may be impressive, they alone are not enough. Today's threats are much broader and include zero-day vulnerabilities, targeted Trojan horses, remote breaches and data loss. Microsoft is far behind in offering protection against those threats, experts said.
Vista Upgrade Blog
Grappling with the OS
How is the switch to Vista affecting your workplace? Take a look at our new group blog and share your pain and praise.
"The problem is that Microsoft's functionality is limited in nature," said Natalie Lambert, a Forrester Research analyst. "If it's really concerned about today's emerging issues, enterprise will be better off with a full-suite product from the likes of McAfee, Symantec and Sophos."
Marx also said that Microsoft lacks some key protection technologies.
"Microsoft has not even implemented an email virus scanner in their OneCare product, not to speak about HTTP scanning or proactive detection technologies based on behaviour analysis," Marx said. HTTP, or hypertext transfer protocol, used for web browsing and behaviour-based detection, is meant to catch new threats for which no signature exists.
Microsoft itself admits it isn't there yet.
"We're a credible voice in the industry, but we continue to have work to do in improving our response capacity and building out our global team," Miller said. "We're always under construction. The threat landscape is always changing — it is so quickly evolving. We're both built and under construction at the same time."
