Microsoft Anti-Virus?

Sign of many things to come

For Sale sign detail

Comment Microsoft's announcement that it will enter the AV market next year, with initial trials starting next week, could be a sign of many things to come, says SecurityFocus's Kelly Martin.

There's an old Canadian saying about a salesman who is so good at sales and marketing that he can "sell ice to an Eskimo" - and although Eskimo is an outdated term, it doesn't sound the same to replace the text with our respected native Canadian Indians. The joy in such a saying is simply with the idea that one can be convinced to buy something he really doesn't need, provided he is persuaded enough that the product's benefits are real and outweigh the cost - not an easy task. Note that it doesn't matter if the benefits are actually real or not, a consumer just has to believe they are.

We knew it was coming. Microsoft's entry into the anti-virus market is slated for next year, according to a Microsoft announcement yesterday and an article published today in the New York Times. The focus seems to be on a subscription service, one that will include updates for both spyware and viruses. Will this really shake up the security industry, as Microsoft spokespeople have begun to suggest?

I wrote about Microsoft's entry into the anti-spyware market once before. Since the $2bn spyware cottage industry is exclusively a Microsoft problem, I still find it appalling that they would market new software to patch their own product's weaknesses. It seems an awful lot simpler to just fix the problems in IE. But IE is free, and there's not a lot of incentive to do so except to the extent that the lack of security results in lost customers. People who use Firefox don't have spyware issues, for example (although there are a few noted exceptions).

That being said, I have to admit after months of use that even in Beta 1, Microsoft's Anti-Spyware application it's a good product - and that there's a certain amount of comfort in cleaning a typically infested Microsoft computer with Microsoft's own branded technology. That's in addition to using one or two other free anti-spyware products, of course. It has an excellent interface and nightly updates configured by default. I hate to say it, but the other anti-spyware apps could learn a little bit from Microsoft UI design.

With Microsoft entering the anti-virus market, we now have to ask ourselves basic questions around the issues of trust, honesty and integrity from a company known to have predatory marketing practices, where the fine line of walking along a legal tight rope takes precedent over any ethical or moral higher ground. Can you really trust Microsoft exclusively to protect your computer from security threats? What is their track record thus far in addressing security concerns in a timely manner?

There are also many technical questions surrounding their forthcoming entry into the AV market as well, but since SecurityFocus is owned by Symantec Corp I'll sidestep the issue altogether. Here at SecurityFocus we do everything we can to keep it as an independent news and information site, which includes publishing Symantec criticism and product vulnerabilities, but our critics would love to see a typical Symantec AV rant. Our readers deserve more than that. Instead, I'm going to try to peer into the future and predict how Microsoft's big move into AV might play out to their own advantage in their licensing models, and how they'll continue to dominate their markets, down the road.

At first glance, Microsoft's move to a subscription based AV model appears to just play catch-up to everyone else, whether it's McAfee, Trend, Sophos, CA, Kaspersky, or Symantec. I believe there's much more at play, however. A consumer based subscription model for the Windows operating system itself may very well be in the works -- one that would offer advantages on several fronts: security, thwarting piracy, forcing users to upgrade, and providing a more predicable revenue stream for the company. Instead of buying Windows and then subscribing to an anti-virus service, you subscribe to both at the same time and get all software and security updates that are available.

One could argue that Microsoft's licensing is already subscription based for some of its largest customers, and I wouldn't disagree. Enterprise Agreements are already commonplace, and despite the high costs, they provide great flexibility to large corporations involved with long term planning and lifecycle management. Adding in a new product to a given licensing agreement, whether it's SMS or Microsoft Office or soon, Microsoft AV, becomes merely another line item on the spreadsheet.

This licensing approach has never made it down to the consumer level, however, where a significant revenue stream of several billion dollars exists today - and all the major AV companies compete for a slice of this. It would be a small step for a consumer to go ahead and license Windows XP Secure Edition on an annual basis: a piece of software providing not just anti-virus and anti-spyware updates, but also security updates, new product features and software upgrades to Windows itself. Waiting five years for an upgrade to Windows on the desktop might become a thing of the past; consumers could enjoy new Microsoft features as they trickle out.

Imagine upgrading your entire operating system to a new version using Windows Update automatically. You get new anti-virus features, a more secure operating system, better spyware protection, and support for USB 3.0 as well as other features. It's convenient, easy, and simple. It addresses the security issues of a typical user in one fell swoop. Basically, you buy your new computer, take it home, and your subscription to Microsoft Windows Secure Edition starts that very day.

Having worked in enterprise software licensing myself, I've always seen subscription based licensing as the holy grail of licensing models. Microsoft has been extremely successful with their volume and enterprise licensing agreements, but they have little to no experience with subscription based licensing at the consumer level. My prediction: watch for their forthcoming AV product to signal a major shift in the licensing of Windows itself, in several variants, at the consumer level - because it's so easy for them to take that small, extra step. After all, there are a few more billion dollars at stake.

How this plays out from a monopoly prospective, however, is anyone's guess. Remember that legal tight rope, the recent EU ruling, the DOJ, and a little company called Netscape? You can bet every AV company is now watching Microsoft's moves very, very closely.

Copyright © 2005, SecurityFocus logo

Kelly Martin has been working with networks and security for 18 years, from VAX to XML, and is currently the content editor for Symantec's independent online magazine, SecurityFocus.

Related stories

MS punts all-in-one security and backup service
Firefox loses its shine
Trend Micro boosts anti-spyware defences with Intermute buy
IE7 details leak onto web
MS and security: good effort but no cigar
Microsoft compensates blocked Dutch web firm
Gates: security concerns propel IE7 launch
Banking Trojan disables MS Anti-Spyware

Sponsored: 10 ways wire data helps conquer IT complexity