Microsoft Stops Predicting AV Samples to Focus on Ecosystem

Holly Stewart, senior programme manager at the Microsoft Malware Protection Center, explained that in 2011, the Center spent “a third of our research budget predicting test samples and looking at comparative testers.” The reason, she said, is that it’s important for all anti-malware vendors to do well in the tests as they drive spending decisions.

In 2012, Microsoft made the decision to spend less research dollars on trying to predict test samples, and instead ploughed the money into prevalence-weighted response “which provided more value to Microsoft customers.”

The downside of the spending shift was that Microsoft performed worse in the tests, resulting in negative press coverage. Despite this, they stuck to their conviction, and went one step further. “In 2013, we are spending zero dollars on predicting rest samples. We risk more bad press, but it is the right thing to do for our customers”, Stewart explained.

In 2012, Microsoft began to sample and telemetry feeds for prevalent files to anti-virus partners and testers. “Microsoft has broadened its telemetry sharing – opening the book for testers – and will continue to do so in 2013.”

“We need partners to fight the bad guys”, Stewart continued. “Anti-virus vendors saw us as a competitor, which wasn’t good for customers. Three [anti-virus testers] have now removed us as a competitor which is good, and we encourage them to show value above the Microsoft standard, which will raise the bar across whole ecosystem.” The three anti-virus testers show Windows 8 Defender as the baseline or benchmark for AV vendors to be compared against. 

Stewart described Windows 8 defender as a “way to protect our customers, not to eat anyone else’s lunch”. The next step for the Microsoft Malware Protection Center is to give testers and vendors all Microsoft data to test and beat the standard.”



What’s hot on Infosecurity Magazine?