AV vendors, in fierce competition for users, should remember that cooperation is key in fighting malware, a top Microsoft security official said Friday.
Data sharing between vendors has resulted in a drop in the overall number of malware families affecting computers, said Dennis Batchelder, director of the Microsoft Malware Protection Center, at a conference of the Association of Antivirus Asia Researchers in Sydney.
The numbers of computers encountering one of those top 20 families of malware have dropped from 24 million a month to 13 million a month over the last two years, he said.
Batchelder said the data covers broad-spectrum malware and not mobile threats or so-called "advanced persistent threats," a label usually attached to more sophisticated, targeted attacks.
The improvement is due in part to better cooperation among security companies, which in turn have become a lot better at automating the processing of new malware samples and using big data and cloud computing to analyze it, Batchelder said.
But there are new companies into the antimalware field, which sometimes don't play fairly, he said.
"We have to remember who the bad guys are," Batchelder said. "It's not each other."
Antivirus software is a money spinner for the industry even though experts say it may miss highly targeted attacks. But it is still recommended that consumers use an AV product, as it can block standard malware that steals login credentials or personal data.
But Batchelder said in the last year he has seen several antivirus products wrapped into bundles of unrelated software. He saw one example where AV was included in a fake Java update. The AV program was legitimate, but the same installation technique is used by hackers to trick people into installing malware.
"If we're not careful, AV is going to turn into unwanted software," he said.
In China, antivirus vendors have at times engineered their products to remove their competitors' products from people's computers, he said.
In other cases, users may be blocked from running an AV program unless another application is removed, such as a chat app. The situation may occur if a software company isn't a pure play security vendor and offers other products, such as a search toolbar. That essentially turns AV into a weapon, Batchelder said.
Remedying the scenario means holding marketing departments accountable, Batchelder said.
"If we fall in a heedless pursuit of competitors, we hurt our customers," he said. "We have a job to do."
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.