Somethings not quite as it seems with Microsofts acquisition last week of the intellectual property of GeCAD Software, a Romanian antivirus supplier. In one sense, the reasons are obvious: As the press release announcing the purchase makes clear, Microsoft is on a mission, pursuant to the Trusted Computing initiative, to provide a more secure computing experience.
Of course, you may have already heard that third-party antivirus software is available—as of the 1980s I think. What can Microsoft really bring to the table? Short of hitting a grand slam in the early innings, I think its efforts wont amount to much for a while.
There have been reports that Microsoft would not bundle its antivirus product with Windows or any other product. I called Microsoft about it, and a company spokesperson told me Microsoft hasnt decided how it will distribute its products; to me, this means that maybe it will bundle it with Windows and other relevant products. But the real business of antivirus is not in charging for the utility but in charging for subscriptions to signature and program updates, and Microsoft says it will indeed charge for these.
Some have also noted that GeCAD offers products for operating systems other than Windows, including Linux and Netware. Reports are already out stating that Microsoft will kill the Linux version of GeCADs RAV Antivirus. Actually, the company tells me it plans to discontinue the entire RAV antivirus product line, take the basic antivirus guts and deliver its own products. The fact that these are unlikely to include support for Linux or Lotus Notes or Samba perhaps amounts to practically the same thing—but not exactly.
Imagine that Microsoft doesnt bundle the products with Windows or other Microsoft products. In that case, they will be standalone products on par with Symantecs or Network Associates or anyone elses antivirus protection. You have to wonder how successful they really can be under such conditions and how much the fact that Microsoft is offering antivirus protection adds to the Trustworthiness of Windows.
In short, I dont get this scenario. Mind you, Im not blind to the possibility that the company sees a profitable market and the potential to make some money, but I think its going to have a tough time making Microsoft-style profits with it. There are a lot of companies in this market with established reputations, and its not like users will exclaim, “Finally, a security product from a company I can trust!”
Continued on Next Page
Antivirus Market Shouldnt Fear
If, on the other hand, Microsoft were to bundle antivirus software with Windows, there would be an outcry throughout the land about how it was destroying a vibrant market of competitors; at least there would be a credible argument for it, however. If every Windows desktop had antivirus protection and definition updates were built into Automatic Updates, it would mark a serious improvement to the overall security of what Microsoft likes to call the “ecosystem,” even if the protection were all to come from one vendor. But since Microsoft plans to sell the update subscriptions, I still wonder how much of an impact it can have, especially in the corporate market.
Even though antivirus software isnt “middleware” under the absurd definition the government included in its consent decree with Microsoft, its hard to see how Microsoft could not treat it the same way—allowing OEMs to include, for instance, McAfee VirusScan instead of Microsofts product. Whether the company bundles or not, Microsoft is not going to succeed without making people want its product.
In fact, as just another competitor, Microsoft is at a disadvantage. It seems to me that there are advantages to getting your security software from a different vendor from your operating system software. There are advantages to getting them from the same vendor, too, but in conjunction with the reputation problem, I think this issue cuts against Microsoft. One day, through diligent work and aggressive marketing, Microsoft may overcome its only partially deserved reputation for being unconcerned with security—but were years away from that, no matter how good the company is in the interim.
The antivirus industry and many analysts have responded with concern, but I dont see a big threat to them. Even beyond the issues Ive cited above, the established vendors have opportunities to leapfrog Microsoft in security by integrating other types of protections, not to mention the fact that they offer support for platforms Microsoft avoids.
Heres a perfect example: Its silly that these spyware-removal utilities are a separate market from other types of threat protection, antivirus included. Normal consumers are baffled that they have to get two programs for both of them, and there are sufficient similarities that the same program should be doing the job. Bottom line: Look for some AV companies to buy some spyware-removal companies.
This is one way you can expect the other AV companies to respond, and many of them have been making generic “malware”-type definitions of threats for years anyway. Perhaps this takes a potential new market from them, but the distinction has always been artificial. In many ways spam is also similar, in that both antivirus and spam have to scan e-mail; why have two utilities scan separately? But spam is a big enough market opportunity that I dont expect vendors just to give it away.
Its never good news when a major company enters your market, but history has shown us that Microsoft cant take any old market it wants. From what we know now, it will have to come up with something really special if its going to be a big deal in antivirus.
Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983.