ZDNet UK is running a story claiming Arno Edelmann, Microsoft's European Business Security PM makes several very damning statements about Windows Live OneCare. Here is an excerpt:
Asked about these problems, Arno Edelmann, Microsoft's European business security product manager, told ZDNet UK on Thursday that the code itself has pieces missing.
"Usually Microsoft doesn't develop products, we buy products. It's not a bad product, but bits and pieces are missing," said Edelmann.
The problem lies with a core technology of OneCare, the GeCAD antivirus code, and how it interacts with Microsoft mailservers. According to Edelmann, the Microsoft updates and mailserver infrastructure do not harmonise.
"It's a problem with the updates, and it's a problem with the implementation," said Edelmann.
If mail is received from a server running Exchange 2007, users are unlikely to encounter problems. However, if mail is received from servers running Exchange 2000 or 2003, the likelihood of quarantining is high, said Edelmann.
"OneCare is a new product — they shouldn't have rolled it out when they did, but they're fixing the problems now," said Edelmann.
According to the security manager, security is only a small part of what Microsoft does, suggesting it does not have as much security expertise as established security vendors.
"Microsoft is not a security company. Security is important, but it's just a little part of Microsoft," said Edelmann.
There are several reasons why I don't think there is a shred of truth in this article whatsoever. First of all, the bug in OneCare quarantines Outlook ".pst" files, as well as Outlook Express ".dbx" files. Anyone that uses Exchange knows that Outlook uses ".ost" files with Exchange, and Outlook Express can't even access it. If you want to use Exchange, you can't use the free mail client, that's how Microsoft sells Outlook licenses.
Second, Microsoft only buys products? Hmm, their massive R&D budget might suggest otherwise. Microsoft has developed a bunch of their own products, contrary to this guy's statement. The .NET Framework, MSN Messenger, Visual Studio Team Foundation Server, and Windows Home Server are all products that were completely built internally. Oh yeah, by the way, did Microsoft build Windows Vista, or buy it?
Thirdly, I've never heard of a Microsoft employee running their mouth off like that. The Security Business PM saying security is only a small part of Microsoft? And if all that stuff is true, wouldn't he be partially responsible for those problems, as a PM in that Product Group?
So either ZDNet UK author Tom Espiner made the article up, or Edelmann had a serious lapse in judgement. Anyone want to take bets on who gets fired first?