MS-YASS 1.0? (Yet Another Security Suite)

By Larry Seltzer  |  Posted 2005-10-10 Print this article Print

Opinion: Microsoft can't exactly stand out in the crowded security suite market based on its sterling reputation in that field. It needs to do more.

The irony is bitter all around. So many people like to blame Microsoft for the deluge of malware on Windows, and the it does deserve some of the blame. It was inevitable that the company would get lip for trying to address the situation. The early news on Microsofts upcoming Windows OneCare for consumers and Microsoft Client Protection for businesses sounds like yet another security suite straight out of central casting. Its a little early to tell, I guess, but thats all were hearing. Im sure Microsoft has already noticed, but its a pretty crowded market out there, filled with vendors who actually have more experience than Microsoft. Some of these companies are big enough to defend themselves against Microsoft.
This was all obvious back in 2003 when Microsoft bought Romanias GeCAD Software for its anti-virus technology.
The truth is, Microsofts name and reputation are anything but a selling point in this market, in spite of the fact, obvious as I see it, that the company really does take security seriously now. For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. Its not just the banal attempts at humor contrasting Microsoft and security, serious a marketing problem as that may be for them. Theres something perhaps illogical, and certainly ironic, about choosing the same company to provide the security protection for the product being protected. If they know how to protect it, why dont they just build that protection right in? Of course, they cant do that anymore, and not for technical reasons. Nowadays established categories of software are protected from inclusion by Microsoft in Windows under the authority of the antitrust settlement. However stupid this may be in some cases, its obvious that anti-virus fits right into the system: Microsoft has to provide a way for OEMs to leave Microsoft security software out and include third-party products with no conflict, and to include some mechanism such as the Set Program Access and Defaults dialog box to switch among them. Will Microsoft bundle its security offerings? Will EU regulators crack down? Click here to read more. There have already been reports that Symantec has complained to European regulators about the possibility of Microsoft including OneCare with Windows. I assume market share in Europe is different; could it have the nerve to make such a complaint in the United States to protect its own monopoly market share? (Sorry for the rhetorical question, of course it would.) Even if we assume that Microsoft has written first-rate client security software, easy but powerful in the consumer version, comprehensive and manageable in the enterprise space, it hasnt done enough. Its true that after a couple years its possible that objective testing could establish Microsofts solutions to be high-quality, but I think the mountain the company has to climb is too high. In the enterprise it has to contend with the fact that in nearly all cases it has to boot out an established vendor, probably Symantec, McAfee or Trend Micro, and just about any security officer will feel nervous about trusting security to a Microsoft product, especially Version 1. In the consumer or SMB space things could be different—we already see some OEMs offering a choice, for example, of McAfee or Norton Antivirus—and I can easily see Windows OneCare being an option here. But even among naive consumers I imagine the Norton name has better security connotations than Microsofts does. This market is a lost opportunity for Microsoft, assuming it was ever available. Any security improvements the company makes will either have to be integral improvements to Windows, and uncontroversially so, or new and revolutionary categories that clearly leapfrog the existing product set. The company is clearly taking the second approach, starting with Windows Server 2003 and Windows XP SP2, and moving much further with Windows Vista. The first approach will take some luck, although Microsoft can afford to keep a bunch of PhDs on the payroll to look for it. Yes, its tough to count Microsoft out of a contest before its entered. Once it wins a market it never lets go, but it doesnt always win, and this is one of those battles it goes into at a disadvantage. Itll need to be very un-Microsoft to do well. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel