Microsoft: Buying Spyware Firm Fastest Path To Anti-Spyware ToolsMicrosoft: Buying Spyware Firm Fastest Path To Anti-Spyware Tools

Microsoft acquired anti-spyware technology because it was the quickest way to put something into users' hands, an executive at the Redmond, Wash.-based developer said Tuesday in Microsoft's monthly wide-ranging discussion hosted by the company's head of security.

As part of the monthly Security360 Webcast, Gordon Mangione, a corporate vice president of Microsoft's security unit, said that last week's buy of anti-spyware technology from Giant Company Software was prodded by customers' concerns over spyware's impact on system security and performance.

"The acquisition was the fastest way to provide that," said Mangione.

Mangione also said that Microsoft had evaluated all the anti-spyware providers in the market, and come to the conclusion that Giant's was the best available. "It helped that [Giant's] approach to managing spyware dovetailed with ours," added Mangione.

Among the things that Microsoft liked when it looked at Giant's anti-spyware efforts, said Mangione, were its real-time protection -- which keeps spyware from infiltrating the system -- and the ability of users to see what's been installed or changed on their machine.

"SpyNet was another important reason," said Mangione. SpyNet was Giant's term for the online communality which took submissions of suspected spyware from users, examined them, and then rolled out signatures to defend systems.

"We'll continue to use the SpyNet community," said Mangione, "which will allow our customers to participate by IDing potential spyware." Earlier, Microsoft said that submissions to SpyNet would be examined by its own researchers, and if deemed to be spyware, signatures would be written and released. "SpyNet will make it possible for us to turn around signatures very, very fast," Mangione promised.

He repeated Microsoft's pledge to release a beta of a consumer-quality anti-spyware product by mid-January. In the meantime, he urged users to visit Microsoft's newly-created spyware Web site and/or download one of thefree anti-spyware products linked there.

The beta will run on Windows 2000, Windows XP SP2, and Windows Server 2003, Microsoft has said.

Much of the Webcast, which as usual was hosted by Mike Nash, Microsoft's chief of security, focused on patching issues, procedures, and recommendations, with Nash handing out a four-item checklist for companies looking to implement a patch policy, and Pete Boden, the chief information security officer for the company, talking about how Microsoft handles patching for its one infrastructure.

"Patching is still not a completely automated process today," admitted Boden, but said that recent moves by Microsoft -- including inspecting unmanaged systems before they connect to the network, then patching them if necessary -- has closed some earlier holes.

Microsoft regularly publishes papers detailing its internal efforts on the IT Showcase site. "If we've done, we're talking about it," promised Nash.

Nash also took questions from users, including one that asked what Microsoft was doing to speed up patches for Internet Explorer, which has been tagged with a continuing stream of vulnerabilities. The most recent patch for IE, for instance, which was released out of the regularly-scheduled monthly cycle, reached users about a month after actual attacks began.

Nash reiterated what Microsoft's said many times. "Our goal [with patches] is speed with quality, but quality is the higher priority," he said. More information about Microsoft's ongoing Security360 program, is available here.