Microsoft security revisited

By Ron Grattopp ronaldg-001_thumb2_thumb_thumb1_thum….a while back, OK, a fairly long time back, when TS2 first started blogging (and we were still doing individual blogs), one of the things I liked to do was take current news articles and blogs that I felt were biased or sensationalized (typically anti-Microsoft) and do a bit of a rebuttal or reality checking. Recently I came across this post that I felt deserved a bit of that treatment again and it was also along one of my favorite themes as well – security. Here’s the article: Microsoft vows to improve security tools after failed evaluation. Interestingly it wasn’t as negative of an article as the title had led me to believe, but I take issue with what I consider to be another sensationalized title, and so I want to give you some insight, in case this should surface in a customer conversation around Microsoft security technology.

Basically, if you read the above article, you should also read the actual Microsoft TechNet article that details how Microsoft looks at and uses the evaluation’s results — Key lessons learned from the latest test results.  In fact, a good part of the Computerworld post is actually given to comments from Joe Blackbird, program manager in Microsoft’s Malware Protection Center, and excerpts from his TechNet post (see link), but if you take the Computerworld article’s title statement at face value without fully reading the articles, you’d get the wrong impression IMHO. Joe’s TechNet post calls out that Microsoft advanced “telemetry”, which is information coming into our Malware Protection Center from literally hundreds of millions of systems across the globe, paints a much more realistic picture of the actual threat environment than most laboratory tests, and we prioritize our protection work based on “prevalence and customer impact” (vs trying to meet an arbitrary 3-rd party certification). And, I would also remind everyone that, from a practical perspective, we “eat our own dogfood” (use our own technology including security) and no one is a bigger target than we are. You know I reference Paul Thurrott as a knowledgeable pundit on Microsoft technology from time to time and here’s his related article: Microsoft Strongly Refutes Yet Another Anitvirus Test, now that’s a more accurate and descriptive title. And, I like his bottom line, “The message here is simple. You can conduct tests that prove almost anything. But in the real world, Microsoft’s MSE [Security Essentials] and Forefront Endpoint Protection products don’t just work, they work very, very well. And this isn’t based on anecdotal data…—it’s a fact.” And as far as “Microsoft vows to improve security tools after failed evaluation”, here’s how Joe Blackbird ended the TechNet article: “We’re committed to reducing our 0.0033 percent margin to zero”, so after the failed evaluation, yes, but because of it, not so much IMHO. 

Here’s some more links if you’d like additional info on Microsoft’s world-class security operations:
Microsoft Malware Protection Center home page
Microsoft Security Intelligence Report
Microsoft Security Response Center home page