Microsoft has said that its OneCare security suite has "a problem" with the underlying
antivirus code, and admitted that security is just "a little part of Microsoft".
Speaking to ZDNet UK exclusively at the CeBIT show in Hanover, a senior manager for the
software giant said that its consumer security product is far from perfect and that pieces are
OneCare has been dogged by controversy since its launch last May. Signs that the software was
not up to scratch came earlier this month when OneCare failed to achieve certification in an
independent test of security products. Shortly before that, it emerged that the product did not
sufficiently protect users of Microsoft's Vista operating system against malware.
But the latest and most serious problems arose in March this year after the product mistakenly
quarantined and even deleted Outlook and Outlook Express files for the second time.
Microsoft apologised for the problems and has issued an update that has now been automatically
pushed out to OneCare customers, to halt the false positive identification as malware of
Outlook .pst and Outlook Express .dbx files.
Asked about these problems, Arno Edelmann, Microsoft's European business security product
manager, told ZDNet UK on Thursday that the code itself has pieces missing.
"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits
and pieces are missing," said Edelmann.
The problem lies with a core technology of OneCare, the GeCAD antivirus code, and how it
interacts with Microsoft mailservers. According to Edelmann, the Microsoft updates and
mailserver infrastructure do not harmonise.
"It's a problem with the updates, and it's a problem with the implementation," said Edelmann.
If mail is received from a server running Exchange 2007, users are unlikely to encounter
problems. However, if mail is received from servers running Exchange 2000 or 2003, the
likelihood of quarantining is high, said Edelmann.
"OneCare is a new product - they shouldn't have rolled it out when they did, but they're fixing
the problems now," said Edelmann.
According to the security manager, security is only a small part of what Microsoft does,
suggesting it does not have as much security expertise as established security vendors.
"Microsoft is not a security company. Security is important, but it's just a little part of
Microsoft," said Edelmann.
Security vendor Kaspersky said that it was not acceptable for two Microsoft products - such as
OneCare and Exchange 2007 - to be incompatible, especially as Microsoft has market dominance.
"Microsoft, welcome to our business," said Eugene Kaspersky, the founder of the company. "All
in all it's a bad thing. It's not acceptable for Microsoft products to do that. Microsoft
dominates the market. If they do that it creates a big noise, many affected people, and happy
This is not the first time Microsoft has had a problem with OneCare and Outlook. In January
OneCare also erroneously quarantined Outlook files. However, Kaspersky said that although the
problems then and now were the same, the cause of the problems in January was different.
"They fixed the first false positive, and now they have the next one," said Kaspersky.
Kaspersky said that false positives are not just a problem for Microsoft, but for the whole
antivirus industry. He said that about 1 percent of Kaspersky records were false positives, but
they were almost totally stopped by the company's test robots. He added, however, that
sometimes false positives are released by Kaspersky.
Microsoft purchased the Romanian GeCAD company in 2003.