They said security remains a problem because of commercial incentives to build malicious software, but progress is being made and the fight will continue.
"The biggest trend I think we hear talked about is the move toward kind of commercial malicious software," such as spyware and software to harvest passwords, said Adam Overton, a group manager on the Microsoft Antimalware Team. The chance for monetary gain means there will be a lot more of this software, he said.
Other panelists agreed. "There's a growing trend on getting on a machine and staying [stealth] on the machine," so people cannot detect that the software is there, said Mark Russinovich, chief software architect and co-founder of Winternals Software.
Responding to a question on the perception that malicious software is Microsoft's fault, Matthew Braverman, also a program manager for Microsoft's Antimalware Team, cited social engineering as a cause of attacks. These attacks can enter a system through e-mail, Instant messaging, or peer-to-peer networking. Social engineering, added Russinovich, tries to get people to consent to having malware installed on their machines.
Malware, he said, will be adapted to live in a limited environment, not needing a rootkit, for example.