Is Microsoft Mocking Users with Security?

I thought long and hard about the title to this article. And this is the most comprehensive illustration of my conclusion after reading some blog posts authored by Gina Narkunas, Microsoft Lead Product Manager and Jimmy Kuo of the Microsoft Security Research & Response team. Both address recent reports that the anti-malware protection delivered by Windows Live OneCare is poor to say the least.

Curiously, neither of the two Microsoft representatives denied the performances delivered by Windows Live OneCare, or managed to explain them. However, they both stated that the consumer comes first.

"What our clients "need" is for us to identify what things are important and be sure to address them before they become an issue for our users. This is why MSRR is focused on adding detections for the most prevalent and active malware in the wild and we do that by combining our breadth of data with experienced malware researchers and automated analysis techniques to rapidly respond to the threats that will have the greatest impact to our customers," commented Kuo.

Narkunas explained that Microsoft is continually laboring to "enhance OneCare and to help ensure the most effective level of protection and service that we can provide our customers. It is important for OneCare customers to know that we remain committed to the security and maintenance of their PCs."

This to me sounds like a PR statement and nothing more. Microsoft claims that Windows Live OneCare is certified by International Computer Security Association (ICSA) Labs and West Coast Labs both "key authorities within the industry for research, intelligence, and certification testing of anti-malware products."

I am not here to dispute this in any way, but the fact of the matter is that, these certifications aside, OneCare has managed to fail two tests one performed by Virus Bulletin and one by AV Comparatives. Kuo tried to turn this around and stated that, while OneCare might not detect all threats, it is because of the way Microsoft is prioritizing and focusing the work needed to support its customers, and it is not an actual representation of the detection capabilities of its anti-virus.

"So while we concentrate on what's truly important (malware actively being spread ITW), we will also be bringing up these other test detection numbers. You will see our results gradually and steadily increase until they are on par with the other majors in this arena. And soon after, they will need to catch up to us," Kuo promised.

OneCare's dedication to Microsoft's customers... I will leave it to you to determine whether the title is rhetoric or an actual question.