Microsoft acquires Komoku

Today, Microsoft announced the acquisition of Komoku to add to Forefront and Windows Live OneCare's technological capabilities. I would like to take this opportunity to review the year since my "Hello World" blog post and again provide insight on where we will be going.

 

A year ago, I noted our test results were "not stellar" :-). We were lacking VB100 certification, and independent test results placed us ten to fifteen points behind where we hoped to score. I then promised that we were going to do our best to obtain the VB100 every time after. And while always concentrating on what was important—the malware most likely to affect our users—we brought our test scores on par with the rest of the industry. This year is going well, and we now have test results again to see how we delivered on those promises.

 

Virus Bulletin continues its bi-monthly VB100 Awards, and both Forefront and Windows Live OneCare have obtained VB100 Awards each time they were considered, five in total. That is no simple task as many products, some sporting incredible streaks previously, managed to have that streak broken in that time. We continue to maintain our certifications by ICSA Labs (www.icsalabs.com) and West Coast Labs (www.westcoastlabs.org). Additionally, we now seek and obtain “Cleaning” certification. That means malware removal is now also being certified.

 

In the area of test scores, we attained the level where we are competitive in our detection rates. AV-Comparatives (www.av-comparatives.org), which had rated us a Fail with 82.4% last year, now rates our detection as Advanced at 93.9%. At the same time, AV-Test (www.av-test.org) shows our detection rate to be 97.8%. This is above most of the other products listed, including those we consider our peers. Last year, I had said, "You will see our results gradually and steadily increase until they are on par with the other majors in this arena. And soon after, they will need to catch up to us!" I think we are somewhere between those two sentences.

 

But, why the difference between the two scores? Isn’t that a significant difference?

 

AV-Test used malware exclusively from the two months prior to its test. AV-Comparatives, on the other hand, used malware stemming up to three years past. The higher detection of more recent malware highlights our dedication to protect our users from malware that they will more likely encounter. Malware older than a year, or even six months, that hasn't been seen in that time, is not likely to be encountered again. Malware writers are more keen to create new malware that none of the security products detect than to reuse old malware that some already detect. This issue of meaningful testing is an area that the newly forming Anti-Malware Testing Standards Organization (AMTSO) seeks to address.

 

So, are we “stellar” yet? That would imply that we are satisfied with where we are. So, the obvious answer is that we will never feel satisfied.

 

AV-Test.org tests more than just malware detection. There are criteria where we still need to improve. Among them are rootkit detection, generic/proactive capabilities and response time.

 

Response time is a component in how we support our users. Now, with fully staffed Research Labs in Dublin (headed by Katrin Totcheva) and Melbourne (headed by Jakub Kaminski) and beefing up Redmond with the addition of Joe Hartmann, we are well suited to do our best to support our users.

 

And now back to the acquisition of Komoku. The addition of Komoku, especially its talented core of researchers, will add to our proactive capabilities in detecting zero-day vulnerabilities and improve rootkit detection. We are very excited and hope soon to conquer these next challenges.

 

-- Jimmy Kuo

 

For additional information visit: https://blogs.technet.com/forefront/archive/2008/03/20/microsoft-acquires-komoku.aspx