| By Woody Leonhard |
When Microsoft first announced Windows Live OneCare, I figured Redmond had a lot of cojones to charge consumers for protection against flaws in its own products.
In OneCare’s first month, however, it appears to my jaundiced eye that MS has responded admirably to two real, in-the-wild, zero-day attacks — first in Word, then in Excel — via a little-known free service called the Windows Live Safety Center. Never heard of it? Read on.
What is Windows Live OneCare?
"Help get confidence and peace of mind with round-the-clock protection and maintenance—virus scanning, firewalls, tune ups, file backups, the whole nine yards." That’s what Live OneCare’s marketeers say. Yes, I know that Windows XP SP2 has a firewall, of sorts, and that entire industries support firewalls, virus scanning, tune-ups and backups with packages that range from utterly free to very expensive. Not sure where you can buy a whole nine yards, or even half of one, but I’ll leave that to the philosophers.
Microsoft charges $49.95 USD for one year of OneCare, and that fee can cover up to three computers. Compared to more expensive antivirus programs, it’s a deal. Compared to highly capable free packages, well… you do the math.
What Windows Live OneCare offers that no other company can offer is the name. M-i-c-r-o-s-o-f-t. Face it. Microsoft built the products that need protection. They have, by far, the largest reporting and support organization for those products. If something goes bump in the night, Microsoft can call out a whole army of programmers who know the terrain and have the resources — even the source code — to find and fix the problem.
When you pay for Windows Live OneCare, you’re paying for that expertise.
Cavorting on a tilted playing field
Here’s the rub. Many people who discover real, new malware (viruses, Trojans, worms and the like) send a report to the manufacturer of their favorite antivirus program. Many people go straight to Microsoft. Industry insiders tell me that Microsoft has been "pretty good" about disseminating new information to its competitors, the traditional antivirus software vendors. But there’s no doubt in anyone’s mind that Microsoft has the big guns — the people and the tools necessary to pinpoint the cause of the problem.
Before Windows Live OneCare, Microsoft disseminated critical information about new problems to all the major antivirus software vendors more-or-less simultaneously. Now that Microsoft peddles its own antivirus product, the playing field’s no longer level.
This month’s Word zero-day exploit
Although details remain sketchy, it appears that Shih-hao Weng at the Information & Communication Security Technology Center in Taipei discovered a Word document that uses SmartTags in a malicious way that had never been seen before — a zero-day exploit. He contacted Microsoft, as you might expect. Sporadic reports about the exploit spread like wildfire around the Net. Several days later, Microsoft officially confirmed the existence of a "memory corruption error when handling Word documents using a malformed object pointer."