How Much Security Will Microsoft Be Allowed?

Opinion: Times have changed. A few years ago would Microsoft have been allowed to destroy a whole category of software, even for a good reason?

Microsofts announcements today at the RSA conference are good news for Windows users, but one has to wonder if theyll really go through unchallenged.

Much of what Bill Gates said is ambiguous, probably reflecting a certain amount of uncertainty about what they actually plan to deliver. But I definitely get the impression that they plan to offer both their AntiSpyware software and updates to it for free to (Genuine) Windows users. They will also sell a managed version of the product for larger networks.

I sure wouldnt want to be an independent anti-spyware company now. If they dont get bought out soon theyll be out of a job before they know it. It really makes you wonder what was going through the heads of the people who gave all that money to Webroot.

/zimages/3/28571.gifMcAfee this week updated its McAfee Anti-Spyware Enterprise. Click here to read more.

Obviously theres a good reason for Microsoft to do this. Spyware is a plague on Windows users, and naive users can be easily tricked into installing malicious programs. Some sort of active protection is essential and expecting users to obtain it from third parties guarantees that many will go unprotected.

This is not the only change announced today that will strike some as anticompetitive. Consider Microsoft Update, the new version of Windows Update that will also detect and update other Microsoft products, such as Office. Is Windows Update a Windows feature, and does updating Office with it unfairly leverage Windows to the benefit of Office? Things would have been different five years ago.

Please dont get me wrong; I never thought much of the whole antitrust issue before, so Im sure not going to think much of it now. Ive already said I think bundling anti-spyware is a good thing for users, and Microsoft Update is undeniably a good thing for users. In fact, its several years late. Microsoft has had a separate Office Update system for years, but how many people know about it? Theres no Automatic Updates facility for it and no big fat obvious link on the Start Menu. Office installations should be much safer as a result of this.

If Im right and the result is a very large percentage of Windows users protected by Microsoft AntiSpyware then we have another case of "monoculture" problem. Its not hard to imagine spyware authors beginning to focus on MS AntiSpyware, looking for ways to trick it and to trick users into trusting attacks and ignoring warnings. Such a situation could increase demand for third-party solutions, but theyd have to be really good to get enough people to pay for them.

Before this is all over I expect someone, probably one of the anti-spyware companies, to fight it legally. Maybe theyll even get some ambitious state attorney general to join in. But Microsoft probably senses what I sense, that times have changed and that its much harder to criticize them for making Windows more secure out of the box than it is for adding a browser. Well all be better off, and worse off, as a result.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

More from Larry Seltzer