Microsoft senior manager: OneCare should not have been rolled out

[MICHAEL]

http://news.zdnet.co.uk/security/0,1000000189,39286351,00.htm

Microsoft has said that its OneCare security suite has "a problem" with the underlying
antivirus code, and admitted that security is just "a little part of Microsoft".

Speaking to ZDNet UK exclusively at the CeBIT show in Hanover, a senior manager for the
software giant said that its consumer security product is far from perfect and that pieces are
actually "missing".

OneCare has been dogged by controversy since its launch last May. Signs that the software was
not up to scratch came earlier this month when OneCare failed to achieve certification in an
independent test of security products. Shortly before that, it emerged that the product did not
sufficiently protect users of Microsoft's Vista operating system against malware.

But the latest and most serious problems arose in March this year after the product mistakenly
quarantined and even deleted Outlook and Outlook Express files for the second time.

Microsoft apologised for the problems and has issued an update that has now been automatically
pushed out to OneCare customers, to halt the false positive identification as malware of
Outlook .pst and Outlook Express .dbx files.

Asked about these problems, Arno Edelmann, Microsoft's European business security product
manager, told ZDNet UK on Thursday that the code itself has pieces missing.

"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits
and pieces are missing," said Edelmann.

The problem lies with a core technology of OneCare, the GeCAD antivirus code, and how it
interacts with Microsoft mailservers. According to Edelmann, the Microsoft updates and
mailserver infrastructure do not harmonise.

"It's a problem with the updates, and it's a problem with the implementation," said Edelmann.

If mail is received from a server running Exchange 2007, users are unlikely to encounter
problems. However, if mail is received from servers running Exchange 2000 or 2003, the
likelihood of quarantining is high, said Edelmann.

"OneCare is a new product - they shouldn't have rolled it out when they did, but they're fixing
the problems now," said Edelmann.

According to the security manager, security is only a small part of what Microsoft does,
suggesting it does not have as much security expertise as established security vendors.

"Microsoft is not a security company. Security is important, but it's just a little part of
Microsoft," said Edelmann.

Security vendor Kaspersky said that it was not acceptable for two Microsoft products - such as
OneCare and Exchange 2007 - to be incompatible, especially as Microsoft has market dominance.

"Microsoft, welcome to our business," said Eugene Kaspersky, the founder of the company. "All
in all it's a bad thing. It's not acceptable for Microsoft products to do that. Microsoft
dominates the market. If they do that it creates a big noise, many affected people, and happy
lawyers."

This is not the first time Microsoft has had a problem with OneCare and Outlook. In January
OneCare also erroneously quarantined Outlook files. However, Kaspersky said that although the
problems then and now were the same, the cause of the problems in January was different.

"They fixed the first false positive, and now they have the next one," said Kaspersky.

Kaspersky said that false positives are not just a problem for Microsoft, but for the whole
antivirus industry. He said that about 1 percent of Kaspersky records were false positives, but
they were almost totally stopped by the company's test robots. He added, however, that
sometimes false positives are released by Kaspersky.

Microsoft purchased the Romanian GeCAD company in 2003.

 

[John Barnett MVP]

Michael, i've know that for ages that is why i won't use OneCare. I never
found it that good, either in beta or afterwards.

--
John Barnett MVP
Associate Expert
Windows - Shell/User

Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org

The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..

 

[MICHAEL]

I did a couple of the OneCare betas.. like you, I didn't
like it. I use NOD32 and believe it to be far superior than
any AV currently out there. I think I've seen you post that
you use NOD32, also.


-Michael

 

[Mike Hall - MS MVP]

I use NOD also.. One Care , or anything like it, is not something I would
ever consider..

I did a couple of the OneCare betas.. like you, I didn't
like it. I use NOD32 and believe it to be far superior than
any AV currently out there. I think I've seen you post that
you use NOD32, also.


-Michael

--


Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/

 

[Nina DiBoy]

http://news.zdnet.co.uk/security/0,1000000189,39286351,00.htm

Microsoft has said that its OneCare security suite has "a problem" with
the underlying antivirus code, and admitted that security is just "a
little part of Microsoft".

Speaking to ZDNet UK exclusively at the CeBIT show in Hanover, a senior
manager for the software giant said that its consumer security product
is far from perfect and that pieces are actually "missing".

OneCare has been dogged by controversy since its launch last May. Signs
that the software was not up to scratch came earlier this month when
OneCare failed to achieve certification in an independent test of
security products. Shortly before that, it emerged that the product did
not sufficiently protect users of Microsoft's Vista operating system
against malware.

But the latest and most serious problems arose in March this year after
the product mistakenly quarantined and even deleted Outlook and Outlook
Express files for the second time.

Microsoft apologised for the problems and has issued an update that has
now been automatically pushed out to OneCare customers, to halt the
false positive identification as malware of Outlook .pst and Outlook
Express .dbx files.

Asked about these problems, Arno Edelmann, Microsoft's European business
security product manager, told ZDNet UK on Thursday that the code itself
has pieces missing.

"Usually Microsoft doesn't develop products, we buy products. It's not a
bad product, but bits and pieces are missing," said Edelmann.

The problem lies with a core technology of OneCare, the GeCAD antivirus
code, and how it interacts with Microsoft mailservers. According to
Edelmann, the Microsoft updates and mailserver infrastructure do not
harmonise.

"It's a problem with the updates, and it's a problem with the
implementation," said Edelmann.

If mail is received from a server running Exchange 2007, users are
unlikely to encounter problems. However, if mail is received from
servers running Exchange 2000 or 2003, the likelihood of quarantining is
high, said Edelmann.

"OneCare is a new product - they shouldn't have rolled it out when they
did, but they're fixing the problems now," said Edelmann.

According to the security manager, security is only a small part of what
Microsoft does, suggesting it does not have as much security expertise
as established security vendors.

"Microsoft is not a security company. Security is important, but it's
just a little part of Microsoft," said Edelmann.

Security vendor Kaspersky said that it was not acceptable for two
Microsoft products - such as OneCare and Exchange 2007 - to be
incompatible, especially as Microsoft has market dominance.

"Microsoft, welcome to our business," said Eugene Kaspersky, the founder
of the company. "All in all it's a bad thing. It's not acceptable for
Microsoft products to do that. Microsoft dominates the market. If they
do that it creates a big noise, many affected people, and happy lawyers."

This is not the first time Microsoft has had a problem with OneCare and
Outlook. In January OneCare also erroneously quarantined Outlook files.
However, Kaspersky said that although the problems then and now were the
same, the cause of the problems in January was different.

"They fixed the first false positive, and now they have the next one,"
said Kaspersky.

Kaspersky said that false positives are not just a problem for
Microsoft, but for the whole antivirus industry. He said that about 1
percent of Kaspersky records were false positives, but they were almost
totally stopped by the company's test robots. He added, however, that
sometimes false positives are released by Kaspersky.

Microsoft purchased the Romanian GeCAD company in 2003.

Finally some truth!

--
Priceless quotes in m.p.w.vista.general group:
http://protectfreedom.tripod.com/kick.html

Most recent idiotic quote added to KICK (Klassic Idiotic Caption Kooks):
"DRM is not added to anything in Vista."

"Good poets borrow; great poets steal."
- T. S. Eliot

 

[Robert Moir]

I use NOD also.. One Care , or anything like it, is not something I would
ever consider..

Yep. If I want to delete my email I can write a script to do it for free.

 

[StephenB]

Finally some truth!

Too bad that not all of it is accurate, particularly the business about Exchange
Server versions playing apart in the quarantined Outlook files. Additionally,
we've now learned that all of the supposed deleted .pst files were not actually
deleted, but in quarantined. They were invisible to the UI because the panicked
user performed a System Restore in an effort to recover the "lost" .pst rather
than open OneCare and restore this file from the Quarantine UI. The System
Restore caused the list of quarantined files to be reverted, so the .pst file
would not appear, yet it was still there.
-steve

 

[Robert Moir]

Too bad that not all of it is accurate, particularly the business about
Exchange
Server versions playing apart in the quarantined Outlook files.
Additionally,
we've now learned that all of the supposed deleted .pst files were not
actually
deleted, but in quarantined. They were invisible to the UI because the
panicked
user performed a System Restore in an effort to recover the "lost" .pst
rather
than open OneCare and restore this file from the Quarantine UI. The System
Restore caused the list of quarantined files to be reverted, so the .pst
file
would not appear, yet it was still there.

So the user, quite reasonably, performed one of the actions that Microsoft
tell you to take when your system acts up, and it just made the problem
worse?

What a wonderful product One Care is.

 

[StephenB]

So the user, quite reasonably, performed one of the actions that Microsoft
tell you to take when your system acts up, and it just made the problem
worse?

What a wonderful product One Care is.

I cannot defend the fact the OneCare quarantined an entire email store - the
..pst file - for anyone. I was livid when the first post appeared in the forum
and immediately reached out to our contacts on the OneCare team. There's no
excuse for the problem or the time it took to identify and fix.
However, System Restore *never* corrects problems with lost data. I understand
why someone would panic and try to recover the email store by performing a
System Restore, but I also know it will *never* work - System Restore corrects
problems with Drivers, Programs, and Windows - not data. It is not a "roll-back"
of the entire system.
The secondary problem with this, as I see it, is that System Restore rolled back
the index or manifest of quarantined files. In my opinion, that file should not
have rolled back as it is a data file - a list of the files in quarantine.
-steve

 

[Robert Moir]

I cannot defend the fact the OneCare quarantined an entire email store -
the
.pst file - for anyone. I was livid when the first post appeared in the
forum
and immediately reached out to our contacts on the OneCare team. There's
no
excuse for the problem or the time it took to identify and fix.
Indeed.

However, System Restore *never* corrects problems with lost data. I
understand
why someone would panic and try to recover the email store by performing a
System Restore, but I also know it will *never* work - System Restore
corrects
problems with Drivers, Programs, and Windows - not data. It is not a
"roll-back"
of the entire system.

You know that. I know that. We've both had access and encouragement to view
lots of the material that documents that. Probably most of the other people
who post here on a regular basis know that too.

But "John Q. End User" doesn't know that. They see some whizz-bang blurb
from Microsoft telling them to use system restore if their system has a
problem and when they lose data of course they use system restore. The damn
"system" ate their data, so obviously there _is_ a problem with it, from
their point of view.

The trouble with knowing how computers work is that you can easily lose
sight of the assumptions made by people who don't understand. People build a
mental model of how they perceive a system works, and make assumptions and
predictions based on that model. Where the mental model differs from the
actual model, people have problems.

The secondary problem with this, as I see it, is that System Restore
rolled back
the index or manifest of quarantined files. In my opinion, that file
should not
have rolled back as it is a data file - a list of the files in quarantine.

Indeed. Maybe someone at Microsoft has a problem with their mental model of
how Windows works.

I _am_ sure of this much: If Microsoft spent as much time and attention on
tracking issues like this as they do on commercials spouting on about "Wow",
over the top anti-piracy systems that are flawed and don't do anything to
prevent real piracy, and on picking the exact degree of transparency on the
new start bar, they'd have have a far better product for it.