Microsoft looks for 'protection' money

Microsoft has spent billions of dollars in recent years to secure its software. Now it's payback time.

Until recently, security was just something that the software company got hammered on--a perennial headache, with no upside. But now, four years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft is starting to see security as a potential selling point.

Last month, Windows chief Jim Allchin pointed to enhanced security as the top reason customers should move to Vista, the update to the operating system due this year. The software maker estimates that a third of its engineering time for the new Windows was spent on protective measures.

Alongside this, Microsoft has begun to sell its own brand of security products, including a $50-a-year OneCare consumer antivirus service and its upcoming Microsoft Client Protection software for businesses.

"There is a shift that we are seeing," said Mike Nash, the executive who heads Microsoft's security business. "As we're still making progress and still being scrutinized, we're also hearing that companies want more from us."

Though challenges remain, the opportunity for Microsoft is huge. The Yankee Group in January pegged the unsecured PC market--computers without antivirus software or that have lapsed antivirus subscriptions--as worth $15 billion. Enterprise customers already spend $3 billion a year on security, the analyst firm noted.

"What's driving Microsoft's investments? Money, of course," Yankee analysts said in their report. "These markets are collectively too large for Microsoft to ignore any longer."

Any revenue would help boost the return that Microsoft is getting on its investment in security, a push that Pescatore said costs the software maker hundreds of millions of dollars per year. The company has also been on a shopping spree that began with its 2003 purchase of Romania's GeCad and includes at least four other security software makers.

Gaps in security
A few years back, security was nothing but a headache for Microsoft and all customers wanted from the Redmond, Wash., company was software with fewer holes.

Microsoft still faces plenty of challenges in this arena. A recent public exploit for a flaw in how Windows handles some images was a reminder that hackers will make the most of unplugged holes.

And not everyone is keen on the idea of paying Microsoft to help secure the products it created. Businesses, in particular, are questioning the move, Gartner analyst John Pescatore said.

"'Wait a minute--Microsoft's software is causing the problem, and now they want me to pay extra to fix the problem?'" Pescatore said, summing up the reaction of some corporations to Microsoft's move toward selling security software.

While businesses may still be somewhat loath to pay Microsoft for security, Pescatore said that the company's reputation has improved from the days when the SQL Slammer and MSBlast worms dented it.

"They have spent three or four years taking security seriously," he said. "They have basically removed it as a liability compared to the Linuxes and Solarises."

Pescatore contrasts Microsoft's efforts with those of Oracle. While Microsoft has been improving its reputation, Oracle, he said, has largely been standing still and is losing its once-sterling reputation for security.

Even John Thompson, CEO of Symantec, has had to praise Microsoft's efforts. In a speech at last week's RSA Conference, Thompson noted that there were 100 attacks that posed a medium or high risk between 2002 and 2004, but only six such attacks last year.

"The broad adoption of firewalls and antivirus and intrusion detection software, and the progress quite frankly made by Microsoft in securing their operating platform, has made this possible," Symantec CEO John Thompson said last week. "Yes, I did say that," he added, to laughter from the crowd.

[Earl Benser]

It's everyone's reaction....

"'Wait a minute--Microsoft's software is causing the problem, and
now they want me to pay extra to fix the problem?'" Pescatore said,
summing up the reaction of some corporations to Microsoft's move
toward selling security software.

[David Arbogast]

Not Everyone

No... not everyone... just all the anti Microsoft folks here at News.com.

The bottom line is that security costs money.
No matter what system you implement, you will either invest:

A) Your Time/Money to secure the system(s)
B) Your money and somebody else's time

If there is no money to be made in security, then NOBODY will have a (more) secure system unless they do it themselves. Its just that simple.

Now, if you want to pay Symmantec or some other AV company to secure your Mac or Windows box... that is an option.

You could also pay a bazillion dollars to have IBM send a security expert out to help make your system(s) safer.

Some could easily argue that Microsoft is perhaps the most intimately knowledgable of security issues in Windows.

ALL operating systems have security issues. This is not an arguable point, and I intentionally did not say security "flaws." It costs money to redesign or rebuild components that need to be secured against continually maturing threats. To date, OS companies have provided security updates free of charge, and I don't see this changing.

However, as we all know... no matter what OS you use or how often updates are made available, if you HONESTLY care about security, you have implemented additional security measures... at your own expense.

Because this is a profitable market and will continue to be so no matter how much emphasis is placed on securing operating systems, it only makes sense for a business to recover its costs by offering a security product.

The alternative, is to let the expense of developing patches grow until it becomes a major headache for Apple, Microsoft, and yes... OSS.

[Maccess]

New! Great! Security at last!

After creating the world's most security lacking operating systems, they now sound as if they invented the term.

Hey, Everyone! Security is in just about every other operating system except Windows.

Fool me once, shame on you, fool me twice, shame on me! And now Microsoft once more money to fix the security problems of their operating systems?

There ought to be a law....

[Blito]

Point of no return

I can't stand these safety and security commercials. It's importent but I would rather have a good tool then someeone else 'ensuring' my security. It sounds like all the sci-fi novels. Choice is most importent especially with security software as I don't really want an OS manufacturer trying to do that alone. AdWare was actually prety nice but invasive on my system as Linux offers more subtle tools.

[rcrusoe]

security was nothing but a headache for Microsoft

and it is still a headache for Microsoft's customers. MS selling one product to protect against flaws in another of their products is just wrong.

Once AV becomes another cash cow, where will be the incentive for them to fix Windows?

IMO, Windows is busted, and with this move by MS, it is likely to remain so forever.

Sell defective products than charge to fix them

Great gig! Sell defective products, wipe out the competition, then rob customers to fix the product.

Legal robbery without a gun. Great!!!!

Much better than doing it right.

[Tanjore]

You still have a choice to buy other products

Personally I would not buy microsoft security products. I would like symantec or mcafee to provide me the security software for my machine.

I will look at Microsoft security products, if they provide better value for the money and Symantec and Mcafee suck.

To Microsoft's credit, they are spending ton of money to make their OS better and secure. Hardly these days we see 'Blue Screen Of Death' or major virus attacks. I have not had any issues after installing windows xp service pack 2.

[Pascoli]

They don't charge you for flaw fix

MS software is not the problem, malware writers are. Patches for flaws are and always been free. Also you don't need any flaw to have a virus infect you. They don't have to take advantage of any flaw at all. There is much a os maker can do to prevent you to run an executable that you donwload or get in an email or bring on your own floppy. That's what computers are design to do, run executables. The av look at it and determines it's up to no good and prevent you from runing it. That's not something you can do with the os, cause you cannot know before hands the the malware that'll written in the future. So it's really disingenious to say that they sell you a deffective product and make you pay o fix it.

[EdShaffer]

Microsoft, The Wal-Mart of computer software

Prior to the development of PC's and Microsoft, Operating systems were required to provide security. Microsoft has fooled the world by coming up with a basice OS and then charges for the things that it should be including anyway. When you total the OS cost, support cost and additional programs for security, spam and other protections, is the Microsoft and less expensive or has it used the Wal-Mart philosophy.

[mxrss]

When were the Old Systems Ever Secure

Thats laughable, security as a function was never really important till the network age and the age of the internet while they might of provided minor security i doubt the provided any security of what is considered today "secured!" Microsoft has had many problems as it relates to security but apple was no-where near as secure as lets say a UNIX distrobution at that time. Hell i dont even think encryption became important (except for maybe mainframes) in personal computers until the internet age.

And i doubt a large number of people will buy into this service. I wont i like to incorporate many vendors, platforms and tools. No point in being a 100% microsoft shop.

Also wal-mart is preadatory to the industry at large forcing bussiness that they work with to sell the product at the price they want, killing small bussiness under the guise "The lowest price", if your a software developer its bull if you are not creating stuff because of microsoft. People create stuff all the time in spite of larger corporations. This is called competition there is a global marketplace and while microsoft may create a clone of your software its just competition, Real monoplies are compaines that can not compete because they do not have a fair chance in the market because some one can delegate who can do what. Microsoft can not in fact it would be debiliatating to thier core market which is to sell a consumer friendly OS. Linux exists, Solaris Exists insert your favorite OS here exists. They have as much competition as you can think, and many have to force microsoft to look and see that they do not have control over the market anymore. Linux is a good example, what is it going to take to get you off linux, or to not make you go to linux is how they view the product. Microsoft also makes product that interoperate with other operating systems, for example Sevices for Unix can talk to linux/Unix boxes and send direcrory information back and forth. They give away most of these style tools for free. Linux combats this with offering FOSS, thats great but sometime FOSS products are not up to par with propritary products AD intergration is a good example.

- Mike

[ordaj]

Conflict of interest. They CANNOT sell

a solution to a problem that they created in the first place. This is morally and ethically wrong. It should be legally wrong, too.

They will have LESS incentive to fix things to begin with or have quality secure code in the first place.

Bah!

[Stan Johnson]

CONFLICT OF INTEREST --- Microsoft created the security issue.

CONFLICT OF INTEREST --- Microsoft created the security issue.

Now they want you to pay for the security issues they created. THIS IS A TOTAL RIP-OFF SCAM!

Why trust this?

[Goose]

Agree

most of the time, they fix issues in the next release for which you
have to pay.
And in the new release, they introduce new issues, and the circle
closes.

M$ is introducing new things so they can be on top, sacrificing
quality and security. I don't need flashy things that do 1000 things
I will never use, I need something solid, like Quark 4.11

[bobby_brady]

The fox guarding the hen house here?

yeah, agree with conflict of interest.

[dland51]

"Protection"

Sounds like the old protection racket, just made to look prettier! Pay me for protection or else who knows what will happen to you!? If ever there was a time for a split of Microsoft this is a clear indication of it! They are now going to charge for what should have been a quality OS to begin with!!

[i_made_this]

It's not worth $50...

...at least the beta hasn't been. The anti-spyware catches far less than the free Spybot or even AdAware, and remains very glitchy. The anti-virus is of relatively better quality although still not quite up to the free product offerred by AVG. The firewall seems relatively competitive with the free products available, but firewalls are the easiest to program of the basic three componants. I just don't forecast the huge tonnage of savvy consumers throwing tons of dough at Microsoft for their security suite that Microsoft does, is all. Where Microsoft may gain some momentum before selling a $50 security suite is by locking down such core programs to their operating systems as their browser - and by trialling their beta IE#7, this doesn't seem to be in the offing anytime soon. I figure they best lock their operating system core programs down tight before they have any reasonable chance of motivating a large number of folks to spend $50 on a security suite.

[brian.lee]

Fix this first than work on Security...

Ironically enough I found this today....
http://www.theinquirer.net/?article=29832
Related to the link above
http://www.networkworld.com/community/?q=node/4630

[Terry Murphy]

Laughing all the way to the bank.

"They have spent three or four years taking security seriously,"
he said. "They have basically removed it as a liability compared
to the Linuxes and Solarises."

Now let's get back to the real world. Windows to this very day is
the undisputed champion of hosting malware of any size, shape
and form, be it viruses, trojans, spyware, key-loggers, you name
it, Windows has it in spades. More so than any other platform,
period. And that's putting it mildly. MS cannot escape this
essential factoid.

Sure, maybe they have taken the last four years taking security
"seriously" which, coincidentally, happens to be just about MS's
gestation period for correcting security lapses in it's software
and getting it into users hands. When did MS finally ship
Windows with all ports closed by default? Why, it wasn't until
Window's XP SP2! Given that Windows XP (which was essentially
Windows 2000 in a new suit) first appeared on the market
around 2001, that's about, oh, 4 years or so of "taking security
seriously."

And of course there is IE 6, a security travesty rotting away on
every single Windows box for those who haven't had the good
sense to install Firefox. MS's answer to that problem is the
forthcoming IE 7, which is apparently still in development. IE 7
touts major improvements to security, well, we'll see. But how
long has it been since the release of the last version of IE 6 and
IE 7? Well, the clock is still ticking on that one, but if it meets it's
current approximate schedule for release, it will be about
another half-decade of "taking security seriously."

The fact is, the only time MS takes security seriously is when
their users scream about it. Even then, MS will not initially
respond with the goods. Their users must continue to scream in
agony about the same damn issue for YEARS before MS
effectively gets around to it...err, I mean "takes security
seriously."

So is it of any surprise at all that the security software industry is
now a billion dollar industry?

[technewsjunkie]

Conflict of interest!

Why improve Windoze security when they're selling the security software?

It should be part of the OS - oh no, that's bundling which got them in trouble before.

Leave it to Gates to turn a liability into cash.

[heystoopid]

As Nelson would say!

Ha! Ha! gotch ya again!

[Lolo Gecko]

billions to protect your computer; but, ...

nothing to protect your IP rights. Hmmmmm.

[booboo1243]

MS security products are security problems in themselves

i.e. MS anti-spyware product was quick to introduce problems, if I remember correctly it had an issue where spyware could use the antispyware service to infect a PC via a backdoor or something. Or how about MS buying a purveyor of spyware, Gator (Claria) and suddenly MS's antispyware no longer detects and removes Claria spyware products?

Who in his/her right mind would trust Microsoft to do anything other than ram it to ya?

[theoscnet]

That's AWESOME!!!

Microsoft creates the problems and asks you to pay even more to fix them!!! CLASSIC!!!

That one's goin' in the scrapbook!

[open-mind]

Windows PC Owners Should Relax

Bill doesn't have enough of your money yet.

How do you expect him to be the world's biggest philanthropist
without it?

[t8]

Yes dollars for M$

But this move will ultimately make Linux look cheaper. Of course they won't tell you that in "Get the crap" campaign.