Microsoft Live OneCare – May Need More Care
A number of news resources have already shown interest in Virus Bulletin’s  recent comparative test of antivirus scanners for Vista: for instance, the Register.  Not surprisingly, the inclusion of Microsoft’s own Live OneCare antivirus package received particular attention, and maybe its failure to achieve the VB100 award attracted more criticism than was strictly fair, simply because of the Microsoft brand name.
This morning, however, my attention was drawn to another item  about Microsoft’s plans to expand its security response and research operations into Europe and Asia. No-one – except maybe the company’s competitors – is likely to regard it as a Bad Thing for Microsoft to increase its investment in security, and the acquisition of AV luminaries like Jimmy Kuo and Katrin Tocheva won’t do their credibility any harm. It would be ungracious to stress that OneCare is not, in fact, Microsoft’s first excursion into antivirus scanning – a minimally rebranded version of Central Point Antivirus was supplied with the last versions of MS-DOS – since it seems to have been CNET that overlooked that fact, not Microsoft. MS was, however, probably hoping that no-one else remembers that particular fiasco – sorry, guys.
While the VB review tables show that OneCare missed 37 samples from the In the Wild (ItW) test set, Vinny Gullotto was quoted by CNET as saying that “We missed one virus in their collection. ” In fact, Gullotto seems to be correct: close examination of the original review shows that the product lost out on the VB100 award because it missed “numerous samples” of a W32/Looked variant from the WildList set. Still, the numeric disparity does illustrate once more the complexities of interpreting – let alone conducting – antivirus testing. And with its Forefront business range of security solutions starting to loom, it’s reasonable to assume that MS will indeed be thinking more carefully about meeting the testing criteria for industry standard detection testing…