One year after it surprised rivals and partners by jumping into the anti-virus market, Microsoft Corp. still has no clear AV strategy, and users are still hanging on to the promise of integrated Windows protection.
The companys sluggish AV development is a far cry from the plans Microsoft trumpeted when it acquired the Romanian company GeCAD Software Srl. last June. At the time, officials in Redmond, Wash., said they planned to use GeCADs technology to develop new products and enhance the security protections in Windows.
The news enticed some users but worried others. And it was especially disturbing to anti-virus vendors such as Computer Associates International Inc., Symantec Corp. and Network Associates Inc. The vendors, all major Microsoft partners, along with some enterprise security managers, were concerned that building AV into Windows would force users to accept the companys solution and abandon third-party tools.
Until recently, Microsoft officials had said there were no immediate plans to build AV into Windows. They even promised to build a better API to make it easier for third-party AV products to work with Windows.
But now, 12 months later, Microsoft has done little to clear up the uncertainty surrounding its intentions for the GeCAD technology. Although Mike Nash, vice president of the Security Business and Technology Unit at Microsoft, reiterated last week in a widely publicized meeting with reporters in Seattle that the company is on track to offer its own AV solution, there has been no decision made about what form that solution might take.
“Theres no definite product plan. We do plan to release a solution, and it will be a for-fee product, but the delivery vehicle isnt firm yet,” said Amy Carroll, director of product management in Microsofts SBTU and who reports to Nash. “Its a big undertaking, and we want to make sure we get it right.”
While Microsoft officials stressed that the AV solution will initially be a stand-alone product, separate from Windows, security industry observers speculated that the company will eventually integrate AV protection into Windows. In fact, they said this most likely will happen in the next release of the Windows client, code-named Longhorn, which isnt expected until 2006 and is already scheduled to include a wide range of security upgrades.
Such a move would leave Microsoft time to decide how best to refine the technology to suit its needs.
“We would evaluate Microsofts solution, but I would be hesitant to use their built-in AV software exclusively. I would be more comfortable with the approach of using a non-Microsoft vendor for virus-scanning engines and virus definitions,” said James Jones, LAN administrator with a large health care system on the East Coast. “Better integration with Microsofts OS is a definite plus. I guess the question comes down to trust. Microsoft is headed in the right direction with their security, but the industry isnt convinced yet, and it will be some time before we will be.”
Executives at big AV vendors, meanwhile, said they see no immediate reason to alter their strategies, despite Microsofts history of partnering with other vendors, only to compete against them.
“Traditional vendors who rely upon selling primarily individual point products or hawking cures for the latest Internet scare will find the security market cold and unresponsive,” said Sam Curry, vice president of eTrust Security Management at CA, in Islandia, N.Y.
Security specialists say that if and when that happens, customers would likely—at least in the short term—be able to stay with their current AV vendor.