Microsoft, VISTA, Defender

The END for most or all others?

Ok, maybe not the end. But it may start a big shift. VISTA is coming in only 1 year, and out of Microsoft comes a fabulous read about future virus scanners and problems to be solved. The question is, are Microsoft building this already themselves for Windows Defender or Microsoft AntiVirus (if there is such a thing). I'd love to know. Virus experts will be working hard again.

Here is the PDF, a (technical) article about the emulation method. Just HOW do you detect complex polymorphic malware, by decrypting it - now it's possible to do this really really fast. Article was presented at VB conference, October 2005.

This highlights the way to solve a serious problem - are Microsoft leading the way ? If a scanner equipped in this way can emulate and unpack, and also decrypt any polymorphic or other protective layer, real heuristic scanning can soon properly detect most malicious code. NOD32 already has a lot of capability in this area. Right now NOD32 detects a good percentage of new malicious code, in many categories from downloaders to file infectors. NOD32 does have strong unpacking, heuristics simply do not work until you look at the REAL program hiding behind layers of encryption or packing.

How powerful each AV engine is will eventually determine which survive and which do not... I believe Kaspersky, NOD32 and possibly only a few others could compete with Microsoft if that is what is to be - if they too join the AV market. If they embed everything into the OS and make it free with updates very cheap, I believe they WILL (very easily) take over much of the market.. OEM deals always need an OS, nothing else is really NEEDED. Microsoft then have a massive distribution advantage.

Consider...

During the peak of malware attacks (right now, 2005-2006) many antivirus scanners are flourishing, but as new antivirus technologies take the next quantum leap small scanners will die off.. if this is true then it will happen soon as the better bigger antivirus scanners integrate behavioural detection and API blocking - DLL injection, rootkits. Also integration of firewalls where it hasn't happened yet for some, these big players already dominate the market.

A serious suite like KIS 2006 could crunch many other competitors.. this is a powerful suite from what I have seen. Very good quality code from my testing, some quirks and little design issues but really good for a beta.

Yet this is small in compare to what effect the next-generation VISTA and Windows Defender could have on AV markets. An embedded, multifunctional protection system can do a lot more than those addon programs, despite many AV's being extremely powerful drivers deep in the OS, and written by very experienced professionals. A built in AV will have some hidden advantages due to OS secrets. Microsoft could also easily database all known executable code on a newly installed system for example. Newly introduced code could be inspected (they know what the entire OS is, they know whats new!). This could be also be an extension of the XP SP2 feature to ask about downloaded code (uses NTFS stream generated during downloading)

So when VISTA comes along with Windows Defender / Microsoft AV (whatever), what will happen ? With all the control available to the OS maker, it may well comprise a feature packed protection which negates many others. It is what people want, protection all built in together. It would surely have a big impact on the spread of malicious code, but maybe even more of an impact on the 3rd party antivirus manufacturers.

Doesn't leave much but loss of customers, when it happens. The effect takes a few years to filter down as people realise and start not renewing subscriptions.. will this happen - I don't know. Its a possibility, a lot depends on Microsoft.. as it always does.

My recommended antivirus

KAV has long been a world leader in antivirus technology. This scanner from Russia was and still is distributed as AVP from www.avp.ch (Antiviral Toolkit Pro). This brings back great memories of the old AVP and its power. A great free resource from KAV is VirusList.com including weblog. Stay up to date!

NOD32 has the most VB100 awards for ITW virus detection. For years and years it has been getting 100% detection on every test. These are real viruses that can really infect you because they are "In the wild" aka ITW.

Need more info? no problems! Email AnySpyware.com support