Symantec has lashed out at Microsoft's business security product, saying that the technology used to run it is not adequate.
Microsoft told ZDNet UK last week that Forefront Client Security (FCS) runs on the same engine as OneCare, Microsoft's consumer product. OneCare failed to reach the Virus Bulletin malware detection benchmark last year, and in March this year incorrectly quarantined and deleted some Outlook and Outlook Express files.
Symantec called into question whether businesses could entrust mission-critical systems to technology that has in the past been proven to be flawed.
"Forefront Client Security is based on the same antivirus and anti-spyware technology as [Microsoft's] OneCare product," said Symantec in a statement. "OneCare has failed multiple third-party antivirus tests, including the latest Virus Bulletin, which is widely considered the benchmark test for AV [antivirus] engines."
Read this
What happened at the Red Hat Summit
All the news, show floor photos and buzz from the Linux leader’s user conferencethis year in San Diego.
Speaking to ZDNet UK at the Infosecurity Europe 2007 conference in April, Microsoft confirmed that FCS runs on the same engine as OneCare, but said that Microsoft was investing in the product.
"Security is not a fixed point in time," said Nick McGrath, Microsoft's UK director of security. "Any customer deploying any technology runs the best signatures and scanners available. Microsoft remains committed to investing in OneCare and Microsoft malware software tools."
Microsoft had previously admitted to ZDNet UK that OneCare should not have been rolled out, due to problems with the core architecture and with how the software interacted with other Microsoft products. Arno Edelman, Microsoft's European business security product manager, said that "bits and pieces" were missing from the code.
However, in a conference call after the Infosecurity event, Margaret Dawson, group product manager for security and access product marketing at Microsoft Corporation, insisted that the common engine for OneCare and FCS was "strong", and that the fact that OneCare had returned false positives for Microsoft's own products did not matter.
"The anti-malware engine in Forefront is a very strong engine," said Dawson. "No software is 100 percent — all [antivirus] software returns false positives."
In a flurry of emails after the conference call, Microsoft said that OneCare held accreditation from both ICSA and West Coast Labs, which benchmark anti-malware products, and that OneCare had only narrowly missed the Virus Bulletin 100 (VB100) test.
"We currently hold ICSA and West Coast Labs accreditation for Windows Live OneCare," Dawson said in an email.
"On the Virus Bulletin 100, we missed the last VB100 award as we were unable to detect one piece of malicious code," Dawson continued. "We are, of course, disappointed to not have gained the VB100 accreditation and are very focused on rectifying this when the VB100 test is next run."
However, senior security analysts have said that Symantec's criticism of FCS is "valid". Andy Buss, senior analyst at Canalys, said that businesses should evaluate any security product before deploying it, and that, as a new product, FCS doesn't have a security track record. This would not overly affect Microsoft sales, said Buss.
"There are numerous technical criticisms of Microsoft code, but that never stopped it winning markets," said Buss. "Microsoft is about throwing resources at strategic areas, and they've won a lot of markets by pushing heavily to get it widely adopted."
Buss added that he expected FCS to improve but that the scope of the product was too narrow, as it does not cater for Apple Macs.
Talkback
Microsoft has a history of releasing flawed products and fixing them AFTER the flaws have been found and exploited.Examples: win95,
win98, 98SE, ME, 2000, XP, and now vista. It's business as usual in Redmond.
I was unaware of Forefront Client Security. I don't believe I installed it but I did install the One Care some time ago. Don't believe I ever used it. I do use and like the MS Essentials.
My main virus control is ZoneAlarm Extreme security and i use it on may computers and networks. Recently my main computer started to lock up on boot. I would get to the login screen, login and then the ZonweAlarm window would pop up automatically. After a few seconds the mouse would freeze on the screen and the computer would be locked up with a hard reset being the only way out. Keyboard was as frozen as the mouse. I tried safe mode and restore and with some early success only to freeze up again. I finally removed ZoneAlarm and everything worked fine. When I reinstalled ZoneAlarm, during the initial scan the computer locked up again. Upon reboot ZoneAlarm loaded and continued the install but this time a window popped up stating there was conflicting virus removal software that needed to be removed for Zonealarm to work properly. Below that, in red, was the software and the name of it was Forefront Client Security. i can't fiond it anywhere on the computer. Not in Programs or Conrol Panel where I went to uninstall it. No where. I can't find One care either. I may have uninstalled that a while back. MS Essentilas and ZoneAlarm coexist on most of my computers for a while now. Never had a problem. I suppose I will look in the registry next but i know I never installed this Forefront Client security. I've used ZoneAlarm for at least ten years and I have 3 ZoneAlarm routers running checkpoint software and I have been blaming them. It took some time and a lot of aggravation for this problem to come to light.