Microsoft looks for 'protection' money

(continued from previous page)

Of course, Symantec is likely less thrilled with Microsoft's decision to move beyond hardening its own products, onto Symantec's turf of antivirus software. Analysts have pointed to that company as the one with the most to lose if Microsoft grabs share in the security market.

"As this company dominates the consumer antivirus market, it obviously has the most to lose," Morgan Stanley analyst Peter Kuper and Brian Essex said in a January 2005 report. "Symantec will likely be successful in softening the initial blow, but the prevailing winds should eventually impede growth, in our view."

At that time, the Morgan Stanley analysts argued that Microsoft would enter the consumer antivirus market "because it has no other choice." The analysts pointed to the millions of unprotected home Windows PCs as the largest security threat on the Internet.

Security milestones

A timeline of acquisitions and products to track Microsoft's move into the business of protection.

OneCare

February 2006

Consumers will pay about $50 a year for antivirus service

Microsoft Client Protection

October 2005

Launches security software package aimed at protecting businesses from attacks

FrontBridge Technologies

July 2005

Buys provider of hosted e-mail and messaging security and compliance services, which will be offered with Exchange

Finjan Software

July 2005

Picks up maker of appliances for behavior-based protection against unknown security threats

Sybari Software

February 2005

Acquires producer of software to filter viruses and spam on e-mail networks and for collaboration

AntiSpyware

February 2005

Bill Gates outlines plans for anti-spyware application, launched in beta form a month earlier

Giant Company Software

December 2004

Acquires maker of technology to combat spyware, pop-ups and spam, which now forms the basis for Vista's anti-spyware protection

Windows XP SP2

August 2004

Security-themed Service Pack 2 update makes it out the door

GeCad

June 2003

Buys maker of antivirus technology, used in Windows Malicious Software Removal Tool and OneCare consumer security product

In the report, Kuper and Essex made the point that security should be something that is part of a computer and not a separate application. "This may be a controversial comment, but in our view, security is more often a feature of a product or service rather than a separate product," the pair wrote.

They likened the products to car alarms, which were once only available as a standalone addition to an auto, but are now standard on many cars.

Perchance to lead
Pescatore said that when Microsoft got into the security business with its 2003 purchase of GeCad, it was largely a defensive move.

"Back then, it was more a reaction to all these worms and viruses that would hit Windows, and Microsoft would get yelled at," he said. But the software maker also clearly saw opportunity. "Symantec's stock price would go up every time there was a virus," Pescatore said.

Now, he added, the company has turned a liability into a chance to show leadership.

On the consumer front, Pescatore said that Microsoft is already in a good position, bringing a well-established and largely trusted brand into the market.

"If Microsoft's security products are easier to use, we think consumers will be very happy to buy from Microsoft," Pescatore said.

An open question, though, is whether Microsoft could end up a victim of its own success. If it succeeds in nabbing dollars from rivals like Symantec and McAfee, those companies could have less profit and therefore less money to invest in securing Windows.

Microsoft's Nash said that as long as other security companies innovate, there will be plenty of dollars to go around.

"As we address a set of issues, they'll be opportunities for them to build products that compete with the issues we are addressing, but also opportunities to go build more advanced things than we can do," Nash said. "We can't do it alone."

Another challenge for Microsoft is balancing the promotion of its OneCare antivirus service without unfairly tying it to the Windows operating system. Today, for example, Windows points to a Web site that offers various security products for customers who don't have antivirus installed. Nash said that site will continue to use objective criteria in determining the order sites get listed.

"We're certainly going to promote Microsoft OneCare off Microsoft.com. You should expect us to do that," Nash said. "When it comes to things that are a part of Windows, we will be fair."

Microsoft, meanwhile, is not content with just addressing security on the PC. The company is also starting to look at other opportunities, including helping businesses shore up mobile devices, said Amy Roberts, a director of product management in Microsoft's security technology unit.

"We need to stay vigilant to stay ahead of the potential security threats that mobile devices pose, both in terms of data security and as avenues for virus or worm activity," Roberts said.

CNET News.com's Joris Evers contributed to this report.

[Earl Benser]

It's everyone's reaction....

"'Wait a minute--Microsoft's software is causing the problem, and
now they want me to pay extra to fix the problem?'" Pescatore said,
summing up the reaction of some corporations to Microsoft's move
toward selling security software.

[David Arbogast]

Not Everyone

No... not everyone... just all the anti Microsoft folks here at News.com.

The bottom line is that security costs money.
No matter what system you implement, you will either invest:

A) Your Time/Money to secure the system(s)
B) Your money and somebody else's time

If there is no money to be made in security, then NOBODY will have a (more) secure system unless they do it themselves. Its just that simple.

Now, if you want to pay Symmantec or some other AV company to secure your Mac or Windows box... that is an option.

You could also pay a bazillion dollars to have IBM send a security expert out to help make your system(s) safer.

Some could easily argue that Microsoft is perhaps the most intimately knowledgable of security issues in Windows.

ALL operating systems have security issues. This is not an arguable point, and I intentionally did not say security "flaws." It costs money to redesign or rebuild components that need to be secured against continually maturing threats. To date, OS companies have provided security updates free of charge, and I don't see this changing.

However, as we all know... no matter what OS you use or how often updates are made available, if you HONESTLY care about security, you have implemented additional security measures... at your own expense.

Because this is a profitable market and will continue to be so no matter how much emphasis is placed on securing operating systems, it only makes sense for a business to recover its costs by offering a security product.

The alternative, is to let the expense of developing patches grow until it becomes a major headache for Apple, Microsoft, and yes... OSS.

[Maccess]

New! Great! Security at last!

After creating the world's most security lacking operating systems, they now sound as if they invented the term.

Hey, Everyone! Security is in just about every other operating system except Windows.

Fool me once, shame on you, fool me twice, shame on me! And now Microsoft once more money to fix the security problems of their operating systems?

There ought to be a law....

[Blito]

Point of no return

I can't stand these safety and security commercials. It's importent but I would rather have a good tool then someeone else 'ensuring' my security. It sounds like all the sci-fi novels. Choice is most importent especially with security software as I don't really want an OS manufacturer trying to do that alone. AdWare was actually prety nice but invasive on my system as Linux offers more subtle tools.

[rcrusoe]

security was nothing but a headache for Microsoft

and it is still a headache for Microsoft's customers. MS selling one product to protect against flaws in another of their products is just wrong.

Once AV becomes another cash cow, where will be the incentive for them to fix Windows?

IMO, Windows is busted, and with this move by MS, it is likely to remain so forever.

Sell defective products than charge to fix them

Great gig! Sell defective products, wipe out the competition, then rob customers to fix the product.

Legal robbery without a gun. Great!!!!

Much better than doing it right.

[Tanjore]

You still have a choice to buy other products

Personally I would not buy microsoft security products. I would like symantec or mcafee to provide me the security software for my machine.

I will look at Microsoft security products, if they provide better value for the money and Symantec and Mcafee suck.

To Microsoft's credit, they are spending ton of money to make their OS better and secure. Hardly these days we see 'Blue Screen Of Death' or major virus attacks. I have not had any issues after installing windows xp service pack 2.

[Pascoli]

They don't charge you for flaw fix

MS software is not the problem, malware writers are. Patches for flaws are and always been free. Also you don't need any flaw to have a virus infect you. They don't have to take advantage of any flaw at all. There is much a os maker can do to prevent you to run an executable that you donwload or get in an email or bring on your own floppy. That's what computers are design to do, run executables. The av look at it and determines it's up to no good and prevent you from runing it. That's not something you can do with the os, cause you cannot know before hands the the malware that'll written in the future. So it's really disingenious to say that they sell you a deffective product and make you pay o fix it.

[EdShaffer]

Microsoft, The Wal-Mart of computer software

Prior to the development of PC's and Microsoft, Operating systems were required to provide security. Microsoft has fooled the world by coming up with a basice OS and then charges for the things that it should be including anyway. When you total the OS cost, support cost and additional programs for security, spam and other protections, is the Microsoft and less expensive or has it used the Wal-Mart philosophy.

[mxrss]

When were the Old Systems Ever Secure

Thats laughable, security as a function was never really important till the network age and the age of the internet while they might of provided minor security i doubt the provided any security of what is considered today "secured!" Microsoft has had many problems as it relates to security but apple was no-where near as secure as lets say a UNIX distrobution at that time. Hell i dont even think encryption became important (except for maybe mainframes) in personal computers until the internet age.

And i doubt a large number of people will buy into this service. I wont i like to incorporate many vendors, platforms and tools. No point in being a 100% microsoft shop.

Also wal-mart is preadatory to the industry at large forcing bussiness that they work with to sell the product at the price they want, killing small bussiness under the guise "The lowest price", if your a software developer its bull if you are not creating stuff because of microsoft. People create stuff all the time in spite of larger corporations. This is called competition there is a global marketplace and while microsoft may create a clone of your software its just competition, Real monoplies are compaines that can not compete because they do not have a fair chance in the market because some one can delegate who can do what. Microsoft can not in fact it would be debiliatating to thier core market which is to sell a consumer friendly OS. Linux exists, Solaris Exists insert your favorite OS here exists. They have as much competition as you can think, and many have to force microsoft to look and see that they do not have control over the market anymore. Linux is a good example, what is it going to take to get you off linux, or to not make you go to linux is how they view the product. Microsoft also makes product that interoperate with other operating systems, for example Sevices for Unix can talk to linux/Unix boxes and send direcrory information back and forth. They give away most of these style tools for free. Linux combats this with offering FOSS, thats great but sometime FOSS products are not up to par with propritary products AD intergration is a good example.

- Mike

[ordaj]

Conflict of interest. They CANNOT sell

a solution to a problem that they created in the first place. This is morally and ethically wrong. It should be legally wrong, too.

They will have LESS incentive to fix things to begin with or have quality secure code in the first place.

Bah!

[Stan Johnson]

CONFLICT OF INTEREST --- Microsoft created the security issue.

CONFLICT OF INTEREST --- Microsoft created the security issue.

Now they want you to pay for the security issues they created. THIS IS A TOTAL RIP-OFF SCAM!

Why trust this?

[Goose]

Agree

most of the time, they fix issues in the next release for which you
have to pay.
And in the new release, they introduce new issues, and the circle
closes.

M$ is introducing new things so they can be on top, sacrificing
quality and security. I don't need flashy things that do 1000 things
I will never use, I need something solid, like Quark 4.11

[bobby_brady]

The fox guarding the hen house here?

yeah, agree with conflict of interest.

[dland51]

"Protection"

Sounds like the old protection racket, just made to look prettier! Pay me for protection or else who knows what will happen to you!? If ever there was a time for a split of Microsoft this is a clear indication of it! They are now going to charge for what should have been a quality OS to begin with!!

[i_made_this]

It's not worth $50...

...at least the beta hasn't been. The anti-spyware catches far less than the free Spybot or even AdAware, and remains very glitchy. The anti-virus is of relatively better quality although still not quite up to the free product offerred by AVG. The firewall seems relatively competitive with the free products available, but firewalls are the easiest to program of the basic three componants. I just don't forecast the huge tonnage of savvy consumers throwing tons of dough at Microsoft for their security suite that Microsoft does, is all. Where Microsoft may gain some momentum before selling a $50 security suite is by locking down such core programs to their operating systems as their browser - and by trialling their beta IE#7, this doesn't seem to be in the offing anytime soon. I figure they best lock their operating system core programs down tight before they have any reasonable chance of motivating a large number of folks to spend $50 on a security suite.

[brian.lee]

Fix this first than work on Security...

Ironically enough I found this today....
http://www.theinquirer.net/?article=29832
Related to the link above
http://www.networkworld.com/community/?q=node/4630

[Terry Murphy]

Laughing all the way to the bank.

"They have spent three or four years taking security seriously,"
he said. "They have basically removed it as a liability compared
to the Linuxes and Solarises."

Now let's get back to the real world. Windows to this very day is
the undisputed champion of hosting malware of any size, shape
and form, be it viruses, trojans, spyware, key-loggers, you name
it, Windows has it in spades. More so than any other platform,
period. And that's putting it mildly. MS cannot escape this
essential factoid.

Sure, maybe they have taken the last four years taking security
"seriously" which, coincidentally, happens to be just about MS's
gestation period for correcting security lapses in it's software
and getting it into users hands. When did MS finally ship
Windows with all ports closed by default? Why, it wasn't until
Window's XP SP2! Given that Windows XP (which was essentially
Windows 2000 in a new suit) first appeared on the market
around 2001, that's about, oh, 4 years or so of "taking security
seriously."

And of course there is IE 6, a security travesty rotting away on
every single Windows box for those who haven't had the good
sense to install Firefox. MS's answer to that problem is the
forthcoming IE 7, which is apparently still in development. IE 7
touts major improvements to security, well, we'll see. But how
long has it been since the release of the last version of IE 6 and
IE 7? Well, the clock is still ticking on that one, but if it meets it's
current approximate schedule for release, it will be about
another half-decade of "taking security seriously."

The fact is, the only time MS takes security seriously is when
their users scream about it. Even then, MS will not initially
respond with the goods. Their users must continue to scream in
agony about the same damn issue for YEARS before MS
effectively gets around to it...err, I mean "takes security
seriously."

So is it of any surprise at all that the security software industry is
now a billion dollar industry?

[technewsjunkie]

Conflict of interest!

Why improve Windoze security when they're selling the security software?

It should be part of the OS - oh no, that's bundling which got them in trouble before.

Leave it to Gates to turn a liability into cash.

[heystoopid]

As Nelson would say!

Ha! Ha! gotch ya again!

[Lolo Gecko]

billions to protect your computer; but, ...

nothing to protect your IP rights. Hmmmmm.

[booboo1243]

MS security products are security problems in themselves

i.e. MS anti-spyware product was quick to introduce problems, if I remember correctly it had an issue where spyware could use the antispyware service to infect a PC via a backdoor or something. Or how about MS buying a purveyor of spyware, Gator (Claria) and suddenly MS's antispyware no longer detects and removes Claria spyware products?

Who in his/her right mind would trust Microsoft to do anything other than ram it to ya?

[theoscnet]

That's AWESOME!!!

Microsoft creates the problems and asks you to pay even more to fix them!!! CLASSIC!!!

That one's goin' in the scrapbook!

[open-mind]

Windows PC Owners Should Relax

Bill doesn't have enough of your money yet.

How do you expect him to be the world's biggest philanthropist
without it?

[t8]

Yes dollars for M$

But this move will ultimately make Linux look cheaper. Of course they won't tell you that in "Get the crap" campaign.