« Evolving viruses | Main | The IT Security market will never be "mature" »
May 17, 2005
Microsoft OneCare: The Wrong Security Model
MS is to begin testing its new OneCare subscription model out on its employees. This is an automated update subscription service that includes security features such as anti-virus and anti-spyware updates.
OneCare has some in the security industry up in arms. They claim that it's wicked for MS to charge money to fix its own software; instead it should produce secure software to start with. Of course, this is absurd: no company or open source community on the planet produces secure software, and none ever will, just as no company will ever produce bug free software.
I think it's laudable that MS is trying to do something about security, but it is going about it the wrong way. The subscription model using signatures is flawed. It will not save MS from the problem of security failures, because signature-based systems are failure driven: an attack has to occur before the defenses can be developed, meaning there is a failure in security for every new attack. MS will still get hammered for failing to provide secure systems.
There are also major business and perceptiion problems with the signature-based subscription model. First, it creates competitive issues with existing security companies, and might get MS caught up in more anti-trust suits. Why go there if you don't have to? Second, it creates the potential for a conflict of interest: if MS wants to ensure that everyone uses its subscription service, then it will have incentive to avoid fixing root causes (when such a thing is possible) because it will want its customers to absolutely need its service. For example, if MS could implement technology that (without sigantures) effectively deals with most malware, would it? If it did, that would make OneCare much less attractive and MS could lose subscribers, so it would have an incentive not to implement the non-signature technology.
I think it would be much better for MS and its customers if, instead of doing security the old signature-based way, through OneCare, it implemented new and effective protection mechanisms that didn't require updates (and these do exist!). Then they would sidestep all the legal issues, the trust issues, the problems of continual failure, and consequently, profoundly change the way security for MS systems is perceived.