The Lion and the Mice

By James Rapoza  |  Posted 2006-10-03

One of the most interesting parts of Microsoft watching is the relationship that Microsoft has with all the third-party software vendors that make products for the Windows platform. It pretty much always reminds me of the fable of the lion and the mouse.

Microsoft needs all the little mice around to remove thorns and generally take care of tasks that the lion can't take care of itself. And the mice get to live off the food that the lion gets.

For the most part, the relationship works, except that the mice constantly live in fear that the lion will eat them or, in Microsoft's case, go into the software vendor's market and take it away from them.

But of all the Microsoft-vendor relationships, none is more interesting than the dysfunctional family that is Microsoft and security vendors. It must be a little galling to Microsoft that there is a whole category of very successful and profitable companies that basically exist to clean up after Microsoft's screw-ups. But Microsoft is also a little afraid to make these security vendors too angry, as no one is in a better position to make Microsoft software look bad than security vendors.

And these vendors live in constant fear that Microsoft will either get its security act together or, more likely, decide to release its own security products. All of this leads to a strange kind of Cold-War-like battle where the two sides fight, but in a way that's designed to not make the other side too angry.

This has recently been playing out in the fight that has been brewing over the security console in Vista. Large security vendors such as Symantec are concerned that Microsoft will lock them out of the security console, essentially making their security products much less visible to users. These vendors have been campaigning to get Microsoft to open up the security console to third-party security tools.

But this whole campaign has had a very careful approach to it. One good example has been some recent releases from Symantec.

On the one hand, you have Symantec and McAfee taking out very critical high-profile ads arguing that by locking out security vendors, Vista will be less secure.

But you also have Symantec putting out a security bulletin highlighting that Internet Explorer had fewer vulnerabilities than Mozilla browsers.

Some people might think this is just a coincidence, but to me it looks like a classic carrot-and-stick approach. The security report reminds Microsoft what good friends big security companies can be. And, as I noted in another article, it probably won't escape Microsoft's notice that the Symantec report could have easily highlighted the fact that Microsoft took an average of nine days to fix IE vulnerabilities, while Mozilla browsers were fixed in an average of one day.

All of this will be fascinating to watch as we wind down to the release of Vista. My guess is that some form of détente will be reached between Microsoft and the security vendors over the Vista security console.

Because if they don't, Microsoft may get a serious case of indigestion from eating these particular mice.

Labs Director Jim Rapoza can be reached at

Rocket Fuel