Microsoft has defended the reputation of its new Web services software, claiming that a virus targeting files used in its .Net Framework is actually based on an old Windows virus.
Antivirus vendors on Wednesday reported a new "proof of concept" virus, dubbed W32.Donut, that infects executable files created for Microsoft"s Web services, which are expected to be released to the public in the coming months. But Microsoft says W32.Donut has little to do with .Net.
"This is not a .Net virus," Tony Goodhew, product manager for the .Net Framework, said on Thursday. "It"s a Windows virus that infects .Net files. It"s not running in the .Net Framework as managed code. It"s not finding some hole in the security model and exploiting it."
However, researchers at antivirus companies Symantec and Network Associates said the Donut virus is a new virus that takes advantage of the .Net architecture.
"It"s all positioning," Motoaki Yamamura, senior development manager at Symantec, said of Microsoft"s claim.
That claim comes as the company faces criticism of its security practices, especially in light of its huge .Net initiative. Through that effort, the Redmond, Wash.-based software heavyweight is pushing to take more and more computer-related transactions online--making software available as an Internet-based subscription service, for example, instead of something purchased in a box. But increased exposure to the Internet demands tighter security, and some wonder if the company is up to the task. Along with several recent security flaws found in Microsoft products, W32.Donut is seen by some as an indication that it"s not.