Feeds

Microsoft Anti-Virus?

Sign of many things to come

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Comment Microsoft's announcement that it will enter the AV market next year, with initial trials starting next week, could be a sign of many things to come, says SecurityFocus's Kelly Martin.

There's an old Canadian saying about a salesman who is so good at sales and marketing that he can "sell ice to an Eskimo" - and although Eskimo is an outdated term, it doesn't sound the same to replace the text with our respected native Canadian Indians. The joy in such a saying is simply with the idea that one can be convinced to buy something he really doesn't need, provided he is persuaded enough that the product's benefits are real and outweigh the cost - not an easy task. Note that it doesn't matter if the benefits are actually real or not, a consumer just has to believe they are.

We knew it was coming. Microsoft's entry into the anti-virus market is slated for next year, according to a Microsoft announcement yesterday and an article published today in the New York Times. The focus seems to be on a subscription service, one that will include updates for both spyware and viruses. Will this really shake up the security industry, as Microsoft spokespeople have begun to suggest?

I wrote about Microsoft's entry into the anti-spyware market once before. Since the $2bn spyware cottage industry is exclusively a Microsoft problem, I still find it appalling that they would market new software to patch their own product's weaknesses. It seems an awful lot simpler to just fix the problems in IE. But IE is free, and there's not a lot of incentive to do so except to the extent that the lack of security results in lost customers. People who use Firefox don't have spyware issues, for example (although there are a few noted exceptions).

That being said, I have to admit after months of use that even in Beta 1, Microsoft's Anti-Spyware application it's a good product - and that there's a certain amount of comfort in cleaning a typically infested Microsoft computer with Microsoft's own branded technology. That's in addition to using one or two other free anti-spyware products, of course. It has an excellent interface and nightly updates configured by default. I hate to say it, but the other anti-spyware apps could learn a little bit from Microsoft UI design.

With Microsoft entering the anti-virus market, we now have to ask ourselves basic questions around the issues of trust, honesty and integrity from a company known to have predatory marketing practices, where the fine line of walking along a legal tight rope takes precedent over any ethical or moral higher ground. Can you really trust Microsoft exclusively to protect your computer from security threats? What is their track record thus far in addressing security concerns in a timely manner?

There are also many technical questions surrounding their forthcoming entry into the AV market as well, but since SecurityFocus is owned by Symantec Corp I'll sidestep the issue altogether. Here at SecurityFocus we do everything we can to keep it as an independent news and information site, which includes publishing Symantec criticism and product vulnerabilities, but our critics would love to see a typical Symantec AV rant. Our readers deserve more than that. Instead, I'm going to try to peer into the future and predict how Microsoft's big move into AV might play out to their own advantage in their licensing models, and how they'll continue to dominate their markets, down the road.

At first glance, Microsoft's move to a subscription based AV model appears to just play catch-up to everyone else, whether it's McAfee, Trend, Sophos, CA, Kaspersky, or Symantec. I believe there's much more at play, however. A consumer based subscription model for the Windows operating system itself may very well be in the works -- one that would offer advantages on several fronts: security, thwarting piracy, forcing users to upgrade, and providing a more predicable revenue stream for the company. Instead of buying Windows and then subscribing to an anti-virus service, you subscribe to both at the same time and get all software and security updates that are available.

One could argue that Microsoft's licensing is already subscription based for some of its largest customers, and I wouldn't disagree. Enterprise Agreements are already commonplace, and despite the high costs, they provide great flexibility to large corporations involved with long term planning and lifecycle management. Adding in a new product to a given licensing agreement, whether it's SMS or Microsoft Office or soon, Microsoft AV, becomes merely another line item on the spreadsheet.

This licensing approach has never made it down to the consumer level, however, where a significant revenue stream of several billion dollars exists today - and all the major AV companies compete for a slice of this. It would be a small step for a consumer to go ahead and license Windows XP Secure Edition on an annual basis: a piece of software providing not just anti-virus and anti-spyware updates, but also security updates, new product features and software upgrades to Windows itself. Waiting five years for an upgrade to Windows on the desktop might become a thing of the past; consumers could enjoy new Microsoft features as they trickle out.

Imagine upgrading your entire operating system to a new version using Windows Update automatically. You get new anti-virus features, a more secure operating system, better spyware protection, and support for USB 3.0 as well as other features. It's convenient, easy, and simple. It addresses the security issues of a typical user in one fell swoop. Basically, you buy your new computer, take it home, and your subscription to Microsoft Windows Secure Edition starts that very day.

Having worked in enterprise software licensing myself, I've always seen subscription based licensing as the holy grail of licensing models. Microsoft has been extremely successful with their volume and enterprise licensing agreements, but they have little to no experience with subscription based licensing at the consumer level. My prediction: watch for their forthcoming AV product to signal a major shift in the licensing of Windows itself, in several variants, at the consumer level - because it's so easy for them to take that small, extra step. After all, there are a few more billion dollars at stake.

How this plays out from a monopoly prospective, however, is anyone's guess. Remember that legal tight rope, the recent EU ruling, the DOJ, and a little company called Netscape? You can bet every AV company is now watching Microsoft's moves very, very closely.

Copyright © 2005, SecurityFocus logo

Kelly Martin has been working with networks and security for 18 years, from VAX to XML, and is currently the content editor for Symantec's independent online magazine, SecurityFocus.

Related stories

MS punts all-in-one security and backup service
Firefox loses its shine
Trend Micro boosts anti-spyware defences with Intermute buy
IE7 details leak onto web
MS and security: good effort but no cigar
Microsoft compensates blocked Dutch web firm
Gates: security concerns propel IE7 launch
Banking Trojan disables MS Anti-Spyware

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.