Microsoft adds CA vets to anti-malware team

In the last year or so, Microsoft  has made waves in the anti-malware community by hiring some of the top talent in the industry away from competitors such as Symantec and McAfee  That trend is continuing, as the software giant has recently brought on board Jakub Kaminski, one of CA's more talented and well-regarded antivirus researchers, and three of his colleagues from CA's Australian lab.

Kaminski is a 30-year veteran of the technology industry and was running CA's antivirus research lab in Melbourne, Australia. He has been in the antivirus industry for nearly 15 years and has been a fixture at industry events such as Virus Bulletin, and was a former technical editor of Virus Bulletin magazine. Kaminski will remain in Melbourne and work out of Microsoft's office there, company officials said. He will be working under the direction of Vinny Gullotto, who heads up Microsoft's antivirus research team.

In addition to Kaminski, Microsoft hired three other veterans of CA's Melbourne office, virus researchers Hamish O'Dea, Scott Molenkamp and Heather Goudey. O'Dea is well known for his research on Trojans, and he and Molenkamp have done quite a bit of research on the recent waves of spam-bot malware, particularly the Bagle family.

The addition of Kaminski is the third such high-profile move that Microsoft has made in the last year. In August 2006 Microsoft hired Gullotto away from Symantec with a mandate to establish an antivirus research team that would rival those at the older antivirus vendors. Gullotto, who had run McAfee's AVERT team for years before moving to Symantec, wasted no time in bringing in Jimmy Kuo, a research fellow at McAfee who was one of the original members of the AVERT lab. Kuo, like Gullotto, is a member of the antivirus community's old guard, one of a handful of researchers who have been hunting viruses since they spread via floppy disks and macros instead of email.

Microsoft has devoted a lot of resources to building out the anti-malware team, and though company officials would not comment on exactly how large the group is right now, Microsoft's moves have not gone unnoticed in the security community. A number of researchers at the recent Black Hat USA conference in Las Vegas commented on the amount of security talent that Microsoft has amassed recently. The antivirus community is a relatively small and insular one, and so in order to find talented researchers, Microsoft turned to the most logical sources: its most prominent competitors in the antivirus market. This has the effect of not only strengthening Microsoft's team, but also removing good researchers from other vendors.

Microsoft executives know that both the security community and customers are watching the company's initiatives closely.

"You don't get respect just because of your name. That's only earned through research," said Mark Griesi, a security program manager at the Microsoft Security Response Center. "You have to be up on your game. I think people recognise the work we're doing and recognise that we're serious about this."

And Microsoft is not done yet, either. Griesi said that with the state of affairs online these days, there's still plenty of work to be done.

"From what we've seen in the threat landscape, things aren't getting much better," he said. "We're definitely looking to grow the team."