I would've thought M$ would be one of the best AV makers soon enough since after all, M$ designed the windows operating system.
The fact that MS developed windows has nothing to do with understanding the exact attack vectors, and exploits. The rest are simply trojans. Almost every single virus I've encountered was delivered via a infected file or download, not by magical exploitation of some obtuse feature of the IIS service or something.
The people who would be best to write an AV would be the people who write the viruses. Of course, aside from the obvious issue of trust, we'd then have to deal with background music while the AV was running and poor grammar.
And lastly- there is no "inside" knowledge of windows. The thing is- the people who make viruses, are using public documentation in almost all cases, namely the windows SDK. For example- most viruses "hook" the "CreateFile" function, so that everytime a executable is accessed it will be infected. This is not done through magical voodoo- but through API calls designed for this purpose.
One might then think, well, remove the ability to hook then!
a shallow view. Removing features simply because they
can be exploited is a tad silly. The same routines are used by background virus scanners and any number of other programs.
Another example- keyloggers usually use a Windows keyboard Hook to intercept all keyboard events. many people claim that this should be removed.
These same people are obviously un-aware that this same keyboard hook is used by the menu subsystem of many programs, as well as a way of implementing a number of other features of practical value.
AND lastly, if MS suddenly becomes very successful and edging out competitors.... can anybody say "Anti-trust lawsuit"?
