Original URL: https://www.theregister.com/2006/10/09/av_market_analysis/

Microsoft enters the anti-virus bear-pit

Plus ça change

By John Leyden

Posted in Channel, 9th October 2006 18:16 GMT

Analysis Microsoft is setting the cat among the pigeons at this year's Virus Bulletin conference, the big chinwag for the security software industry.

Ordinarily, blame for the lamentable state of awareness of internet security has fallen on Redmond, alongside clueless end-users and over-sensationalist journalists. Lately, though, Microsoft has tried to shake off the fall-guy role, and reinvent itself as security industry participant. In May it launched its own security product, Windows Live OneCare.

Virus Bulletin kicks off in Montreal on Wednesday and speakers include Microsoft techies Matthew Braverman and Jeff Williams. They will deliver two presentations I know what you did last logon: keystroke logging, spyware and privacy and Behavioral modeling of social engineering based malicious software.

In previous years, Microsoft's main representative was Randy Abrams, former release anti-virus specialist at Microsoft. Abrams, whose main job used to be ensuring that software shipped by Redmond was free of malware infestation, will speak at the conference on behalf of his new employer, antivirus firm Eset.

Volver

Abrams's presentation will remind us that Windows Live OneCare represents a belated return by Microsoft as a suppler of anti-virus software rather than its first foray into a mature industry the security shortcomings of its software (along with the relative ease of tricking users into running untrusted code or visiting dodgy websites) have been instrumental in creating.

Microsoft's first AV effort was in 1993, with the inclusion of Microsoft Anti-Virus within Dos 6.0. Abrams describes this as a "re-branded and ill-conceived entry into the anti-virus industry". Thereafter, Microsoft pointed Windows users looking for security protection to third-party developers.

It waited almost 10 years before deciding to return to the consumer security sector. In 2003, it bought Romanian AV firm GeCAD Software, and in December 2004 it bought Giant, an anti-spyware maker. Between these acquisitions, Microsoft released enterprise security software, in the shape of its Internet Security and Acceleration Server. But its decision to buy into the consumer security market again caused waves, which continue to reverberate around the industry.

Blunt razor-blades

Initially, it seemed that Microsoft's offering might challenge the much-criticised business model of anti-virus vendors. Critics, such as Rob Rosenberger, argue that the anti-virus scanner model championed by mainstream vendors involving selling "blunt razor blades". Signature updates could never hope to keep up with fast-spreading internet worms still less the current breed of targeted Trojan attacks, the argument runs. But anti-virus vendors have no real financial incentive for moving beyond the scanner approach because each high-profile outbreak boosted their sales (and share prices).

At the time Microsoft said it would use GeCAD's expertise and technology to "enhance the Windows platform" and extend support for third-party antivirus vendors. Microsoft's first move when it acquired GeCAD Software was to drop its line of anti-virus products for Linux servers (a process it repeated when it bought enterprise anti-virus Sybari specialist two years later).

That much might have been expected and we still harboured hopes that Microsoft's entry into the market will give the sector a much-needed shake up.

The anti-virus market is famously conservative (desktop-focused vendors spent years rubbishing more innovative firms like MessageLabs, for example). And the fruits of the GeCAD acquisition didn't arrive in public at least until Microsoft debuted what became Windows Live OneCare.

For $50 a year, US users got a software product that offered an antivirus program, firewall, backup utility, tune-up utility. Back-up features were arguably something of an innovation among consumer security suites but Redmond is essentially offering something similar to the security suites of partners turned rivals Symantec, McAfee, CA et al.

Redmond is offering Windows Defender (the fruits of the Giant anti-spyware acquisition) as a component of Vista or as a download at no additional cost. So, long-suffering Windows users have access to anti-spyware protection if not something more comprehensive that might change the business drivers that have long operated within the consumer anti-virus industry, although Microsoft's entry might reduce the cost of anti-virus protection.

The price is right

Worldwide anti-virus software revenues hit $4bn last year, 13.6 per cent up on sales from 2004. According to the latest figures from analyst firm Gartner, the market is almost evenly split between enterprise and consumer sales, with shares of 51.5 per cent and 48.5 per cent respectively.

Gartner, like most observers, reckons Microsoft's entry will create stronger price competition among the commoditised consumer market for anti-virus software. A bigger change, only partly stimulated by Microsoft, is the move towards all-in-one security suites, which offer firewall and anti-spyware features as well as defences against computer viruses and Trojans.

Vendors such as Symantec and McAfee are giving greater emphasis to end-point security suites as part of their annual product updates, which tend to come out at this time of the year. Smaller vendors are also getting in on the act, albeit with product that aims more at small business than consumers.

For example Czech firm, GRISOFT, best known for its AVG anti-virus package that is free (at least in its basic form) for consumers, last week took the wraps off an integrated security product. AVG Internet Security 7.5 includes anti-virus, anti-spyware, anti-spam and firewall technologies.

Oi, Microsoft, get off our turf!

Security suppliers argue that their years of experience in the industry puts them ahead of security offerings from Microsoft. Some also feel that Redmond is being somewhat cheeky by trying to make money from the security shortcomings of its own software. But what really gets the goats of many are security enhancements planned for Windows Vista.

Some security vendors complain that Microsoft has "shut off" independent access to the Windows Vista kernel. McAfee, for example, went public with this criticism through an open letter from chief executive George Samenuk, published in the Financial Times last week.

His comments follow complaints from Symantec that Microsoft had withheld information about APIs for the Windows Defender anti-spyware product. On the other hand, Russian anti-virus Kaspersky Labs has defended Microsoft by saying Vista kernel protection doesn't impede the work of security developers.

All this controversy will doubtless make Virus Bulletin an interesting show. And this year, Microsoft will be entering the bearpit with more personnel than the affable Abrams, its former worker who now sits on the other side of the fence. ®