Microsoft OneCare lagging behind competitors
A few snips from John Dunn’s article on Techworld:
A new test of anti-malware programs has found that Microsoft’s OneCare software is by some margin the weakest product on the market.
OneCare was only able to detect an average of 82.4 percent of what was thrown at it. To put this into context, the next worse program, Dr Web, scored 89.27 percent…
AV Comparatives also tested each program against a sample of polymorphic viruses…
Again, OneCare scored weakly, detecting only 4 out of the 12 polymorphics pitted against it.
The article also links to another article describing Microsoft Defender’s abysmal performance, detecting less than half the malware tested.
Though I’ve talked in the past about the impracticality of letting the fox build the hen house, I’ll talk a little further about incentives.
Bruce Schneier discusses the economic incentives for corporations by looking at economics and externalities.
What is the economic incentive for Microsoft to perform well in the security arena?
None.
- Microsoft is not liable, legally or financially for compromises of its poorly written software.
- Microsoft has a huge stake in giving the appearance of security. Real or not. People “want” to see that Microsoft is doing something. If it looks like they are doing something, people will not look to alternatives.
- Microsoft has to combat the (ill-gained) notion that Mac’s are more secure. Apple threatens Microsoft’s bottom line.
Microsoft has turned into a Goliath. Like a huge government that has exceeded it’s ability to provide services in a fiscally reasonable manner.
This reminds me of some economics classes I took as an undergrad that focused on the role of government in the economies of developing countries.
There are some thing that government can do, but there are others that government cannot do effectively.
For example. One of the best things government can do to allow for rapid economic growth is to provide stable critical infrastructure:
- roads, railways, and shipping ports
- a stable electrical grid
- laws and regulations creating a “fair” environment for contract creation, negotiation, and disput resolution
- patent and trademark systems to protect the brand and intellectual property
Private sector companies can provide much of the rest.
When government steps outside those bounds, it begins assuming responsibility for things it cannot satisfactorily provide.
When a company gets to the point that there is no fair competition, they operate like a government that has exceeded its economically reasonable mandate (think a huge socialist government). The company becomes incapable of providing a service at a level of quality or cost that can be expected from the private sector.
This is what has happened at Microsoft.
They cannot provide security mechanisms better than the free market.
I’ve often thought that the best thing that could have happened to Microsoft during it’s anti-trust case was for the company to be broken down into several smaller companies, each of which would have to compete in the open market.
A new company, “Microsoft Security” could provide Defender, OneCare, and whatever other tools and resources it thought necessary.
Then those products could compete against other vendors for purchasing power in the market.
To get back to the point where they are producing truly innovative products, they need to get down to right-size.
If Microsoft wants to be successful in the coming decade, they must split up and compete in the market. The core OS could provide the critical infrastructure. Other Microsoft branded companies can provide the applications in a manner competitive in the market. Let them fight for it! We’ll get better products.
In the meantime smaller, more nimble and innovative companies (read, starving) will come along and produce products that will constantly nibble Microsoft’s bottom line. Like a million piranhas working on a poor water buffalo attempting a river crossing in the Amazon.
Maybe the buffalo makes it. My money is on the piranhas.
Bill