The early news on Microsofts upcoming Windows OneCare for consumers and Microsoft Client Protection for businesses sounds like yet another security suite straight out of central casting. Its a little early to tell, I guess, but thats all were hearing.
Im sure Microsoft has already noticed, but its a pretty crowded market out there, filled with vendors who actually have more experience than Microsoft. Some of these companies are big enough to defend themselves against Microsoft.
This was all obvious back in 2003 when Microsoft bought Romanias GeCAD Software for its anti-virus technology.
The truth is, Microsofts name and reputation are anything but a selling point in this market, in spite of the fact, obvious as I see it, that the company really does take security seriously now.
Its not just the banal attempts at humor contrasting Microsoft and security, serious a marketing problem as that may be for them.
Theres something perhaps illogical, and certainly ironic, about choosing the same company to provide the security protection for the product being protected. If they know how to protect it, why dont they just build that protection right in?
Of course, they cant do that anymore, and not for technical reasons. Nowadays established categories of software are protected from inclusion by Microsoft in Windows under the authority of the antitrust settlement.
However stupid this may be in some cases, its obvious that anti-virus fits right into the system: Microsoft has to provide a way for OEMs to leave Microsoft security software out and include third-party products with no conflict, and to include some mechanism such as the Set Program Access and Defaults dialog box to switch among them.
There have already been reports that Symantec has complained to European regulators about the possibility of Microsoft including OneCare with Windows. I assume market share in Europe is different; could it have the nerve to make such a complaint in the United States to protect its own monopoly market share? (Sorry for the rhetorical question, of course it would.)
Even if we assume that Microsoft has written first-rate client security software, easy but powerful in the consumer version, comprehensive and manageable in the enterprise space, it hasnt done enough.
Its true that after a couple years its possible that objective testing could establish Microsofts solutions to be high-quality, but I think the mountain the company has to climb is too high.
In the enterprise it has to contend with the fact that in nearly all cases it has to boot out an established vendor, probably Symantec, McAfee or Trend Micro, and just about any security officer will feel nervous about trusting security to a Microsoft product, especially Version 1.
In the consumer or SMB space things could be different—we already see some OEMs offering a choice, for example, of McAfee or Norton Antivirus—and I can easily see Windows OneCare being an option here. But even among naive consumers I imagine the Norton name has better security connotations than Microsofts does.
This market is a lost opportunity for Microsoft, assuming it was ever available. Any security improvements the company makes will either have to be integral improvements to Windows, and uncontroversially so, or new and revolutionary categories that clearly leapfrog the existing product set.
The company is clearly taking the second approach, starting with Windows Server 2003 and Windows XP SP2, and moving much further with Windows Vista.
The first approach will take some luck, although Microsoft can afford to keep a bunch of PhDs on the payroll to look for it.
Yes, its tough to count Microsoft out of a contest before its entered. Once it wins a market it never lets go, but it doesnt always win, and this is one of those battles it goes into at a disadvantage. Itll need to be very un-Microsoft to do well.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at email@example.com.