February 22, 2006 4:00 AM PST

Microsoft looks for 'protection' money

Microsoft has spent billions of dollars in recent years to secure its software. Now it's payback time.

Until recently, security was just something that the software company got hammered on--a perennial headache, with no upside. But now, four years after Chairman Bill Gates launched his Trustworthy Computing push, Microsoft is starting to see security as a potential selling point.

Last month, Windows chief Jim Allchin pointed to enhanced security as the top reason customers should move to Vista, the update to the operating system due this year. The software maker estimates that a third of its engineering time for the new Windows was spent on protective measures.

Alongside this, Microsoft has begun to sell its own brand of security products, including a $50-a-year OneCare consumer antivirus service and its upcoming Microsoft Client Protection software for businesses.

"There is a shift that we are seeing," said Mike Nash, the executive who heads Microsoft's security business. "As we're still making progress and still being scrutinized, we're also hearing that companies want more from us."

Though challenges remain, the opportunity for Microsoft is huge. The Yankee Group in January pegged the unsecured PC market--computers without antivirus software or that have lapsed antivirus subscriptions--as worth $15 billion. Enterprise customers already spend $3 billion a year on security, the analyst firm noted.

"What's driving Microsoft's investments? Money, of course," Yankee analysts said in their report. "These markets are collectively too large for Microsoft to ignore any longer."

Any revenue would help boost the return that Microsoft is getting on its investment in security, a push that Pescatore said costs the software maker hundreds of millions of dollars per year. The company has also been on a shopping spree that began with its 2003 purchase of Romania's GeCad and includes at least four other security software makers.

Gaps in security
A few years back, security was nothing but a headache for Microsoft and all customers wanted from the Redmond, Wash., company was software with fewer holes.

Microsoft still faces plenty of challenges in this arena. A recent public exploit for a flaw in how Windows handles some images was a reminder that hackers will make the most of unplugged holes.

And not everyone is keen on the idea of paying Microsoft to help secure the products it created. Businesses, in particular, are questioning the move, Gartner analyst John Pescatore said.

"'Wait a minute--Microsoft's software is causing the problem, and now they want me to pay extra to fix the problem?'" Pescatore said, summing up the reaction of some corporations to Microsoft's move toward selling security software.

While businesses may still be somewhat loath to pay Microsoft for security, Pescatore said that the company's reputation has improved from the days when the SQL Slammer and MSBlast worms dented it.

"They have spent three or four years taking security seriously," he said. "They have basically removed it as a liability compared to the Linuxes and Solarises."

Pescatore contrasts Microsoft's efforts with those of Oracle. While Microsoft has been improving its reputation, Oracle, he said, has largely been standing still and is losing its once-sterling reputation for security.

Even John Thompson, CEO of Symantec, has had to praise Microsoft's efforts. In a speech at last week's RSA Conference, Thompson noted that there were 100 attacks that posed a medium or high risk between 2002 and 2004, but only six such attacks last year.

"The broad adoption of firewalls and antivirus and intrusion detection software, and the progress quite frankly made by Microsoft in securing their operating platform, has made this possible," Symantec CEO John Thompson said last week. "Yes, I did say that," he added, to laughter from the crowd.

CONTINUED: What Symantec has to lose…
Page 1 | 2

See more CNET content tagged:
software company, reputation, security, Oracle Corp., Microsoft Corp.


Join the conversation!
Add your comment
It's everyone's reaction....
"'Wait a minute--Microsoft's software is causing the problem, and
now they want me to pay extra to fix the problem?'" Pescatore said,
summing up the reaction of some corporations to Microsoft's move
toward selling security software.
Posted by Earl Benser (4310 comments )
Reply Link Flag
Not Everyone
No... not everyone... just all the anti Microsoft folks here at News.com.

The bottom line is that security costs money.
No matter what system you implement, you will either invest:

A) Your Time/Money to secure the system(s)
B) Your money and somebody else's time

If there is no money to be made in security, then NOBODY will have a (more) secure system unless they do it themselves. Its just that simple.

Now, if you want to pay Symmantec or some other AV company to secure your Mac or Windows box... that is an option.

You could also pay a bazillion dollars to have IBM send a security expert out to help make your system(s) safer.

Some could easily argue that Microsoft is perhaps the most intimately knowledgable of security issues in Windows.

ALL operating systems have security issues. This is not an arguable point, and I intentionally did not say security "flaws." It costs money to redesign or rebuild components that need to be secured against continually maturing threats. To date, OS companies have provided security updates free of charge, and I don't see this changing.

However, as we all know... no matter what OS you use or how often updates are made available, if you HONESTLY care about security, you have implemented additional security measures... at your own expense.

Because this is a profitable market and will continue to be so no matter how much emphasis is placed on securing operating systems, it only makes sense for a business to recover its costs by offering a security product.

The alternative, is to let the expense of developing patches grow until it becomes a major headache for Apple, Microsoft, and yes... OSS.
Posted by David Arbogast (1709 comments )
Link Flag
New! Great! Security at last!
After creating the world's most security lacking operating systems, they now sound as if they invented the term.

Hey, Everyone! Security is in just about every other operating system except Windows.

Fool me once, shame on you, fool me twice, shame on me! And now Microsoft once more money to fix the security problems of their operating systems?

There ought to be a law....
Posted by Maccess (610 comments )
Reply Link Flag
Point of no return
I can't stand these safety and security commercials. It's importent but I would rather have a good tool then someeone else 'ensuring' my security. It sounds like all the sci-fi novels. Choice is most importent especially with security software as I don't really want an OS manufacturer trying to do that alone. AdWare was actually prety nice but invasive on my system as Linux offers more subtle tools.
Posted by Blito (436 comments )
Reply Link Flag
security was nothing but a headache for Microsoft
and it is still a headache for Microsoft's customers. MS selling one product to protect against flaws in another of their products is just wrong.

Once AV becomes another cash cow, where will be the incentive for them to fix Windows?

IMO, Windows is busted, and with this move by MS, it is likely to remain so forever.
Posted by rcrusoe (1305 comments )
Reply Link Flag
Sell defective products than charge to fix them
Great gig! Sell defective products, wipe out the competition, then rob customers to fix the product.

Legal robbery without a gun. Great!!!!

Much better than doing it right.
Posted by (31 comments )
Reply Link Flag
You still have a choice to buy other products
Personally I would not buy microsoft security products. I would like symantec or mcafee to provide me the security software for my machine.

I will look at Microsoft security products, if they provide better value for the money and Symantec and Mcafee suck.

To Microsoft's credit, they are spending ton of money to make their OS better and secure. Hardly these days we see 'Blue Screen Of Death' or major virus attacks. I have not had any issues after installing windows xp service pack 2.
Posted by Tanjore (322 comments )
Link Flag
They don't charge you for flaw fix
MS software is not the problem, malware writers are. Patches for flaws are and always been free. Also you don't need any flaw to have a virus infect you. They don't have to take advantage of any flaw at all. There is much a os maker can do to prevent you to run an executable that you donwload or get in an email or bring on your own floppy. That's what computers are design to do, run executables. The av look at it and determines it's up to no good and prevent you from runing it. That's not something you can do with the os, cause you cannot know before hands the the malware that'll written in the future. So it's really disingenious to say that they sell you a deffective product and make you pay o fix it.
Posted by Pascoli (74 comments )
Link Flag
Microsoft, The Wal-Mart of computer software
Prior to the development of PC's and Microsoft, Operating systems were required to provide security. Microsoft has fooled the world by coming up with a basice OS and then charges for the things that it should be including anyway. When you total the OS cost, support cost and additional programs for security, spam and other protections, is the Microsoft and less expensive or has it used the Wal-Mart philosophy.
Posted by EdShaffer (19 comments )
Reply Link Flag
When were the Old Systems Ever Secure
Thats laughable, security as a function was never really important till the network age and the age of the internet while they might of provided minor security i doubt the provided any security of what is considered today "secured!" Microsoft has had many problems as it relates to security but apple was no-where near as secure as lets say a UNIX distrobution at that time. Hell i dont even think encryption became important (except for maybe mainframes) in personal computers until the internet age.

And i doubt a large number of people will buy into this service. I wont i like to incorporate many vendors, platforms and tools. No point in being a 100% microsoft shop.

Also wal-mart is preadatory to the industry at large forcing bussiness that they work with to sell the product at the price they want, killing small bussiness under the guise "The lowest price", if your a software developer its bull if you are not creating stuff because of microsoft. People create stuff all the time in spite of larger corporations. This is called competition there is a global marketplace and while microsoft may create a clone of your software its just competition, Real monoplies are compaines that can not compete because they do not have a fair chance in the market because some one can delegate who can do what. Microsoft can not in fact it would be debiliatating to thier core market which is to sell a consumer friendly OS. Linux exists, Solaris Exists insert your favorite OS here exists. They have as much competition as you can think, and many have to force microsoft to look and see that they do not have control over the market anymore. Linux is a good example, what is it going to take to get you off linux, or to not make you go to linux is how they view the product. Microsoft also makes product that interoperate with other operating systems, for example Sevices for Unix can talk to linux/Unix boxes and send direcrory information back and forth. They give away most of these style tools for free. Linux combats this with offering FOSS, thats great but sometime FOSS products are not up to par with propritary products AD intergration is a good example.

- Mike
Posted by mxrss (35 comments )
Link Flag
Conflict of interest. They CANNOT sell
a solution to a problem that they created in the first place. This is morally and ethically wrong. It should be legally wrong, too.

They will have LESS incentive to fix things to begin with or have quality secure code in the first place.

Posted by ordaj (338 comments )
Reply Link Flag
CONFLICT OF INTEREST --- Microsoft created the security issue.
CONFLICT OF INTEREST --- Microsoft created the security issue.

Now they want you to pay for the security issues they created. THIS IS A TOTAL RIP-OFF SCAM!

Why trust this?
Posted by Stan Johnson (322 comments )
Reply Link Flag
most of the time, they fix issues in the next release for which you
have to pay.
And in the new release, they introduce new issues, and the circle

M$ is introducing new things so they can be on top, sacrificing
quality and security. I don't need flashy things that do 1000 things
I will never use, I need something solid, like Quark 4.11
Posted by Goose (93 comments )
Link Flag
The fox guarding the hen house here?
yeah, agree with conflict of interest.
Posted by bobby_brady (765 comments )
Reply Link Flag
Sounds like the old protection racket, just made to look prettier! Pay me for protection or else who knows what will happen to you!? If ever there was a time for a split of Microsoft this is a clear indication of it! They are now going to charge for what should have been a quality OS to begin with!!
Posted by dland51 (91 comments )
Reply Link Flag
It's not worth $50...
...at least the beta hasn't been. The anti-spyware catches far less than the free Spybot or even AdAware, and remains very glitchy. The anti-virus is of relatively better quality although still not quite up to the free product offerred by AVG. The firewall seems relatively competitive with the free products available, but firewalls are the easiest to program of the basic three componants. I just don't forecast the huge tonnage of savvy consumers throwing tons of dough at Microsoft for their security suite that Microsoft does, is all. Where Microsoft may gain some momentum before selling a $50 security suite is by locking down such core programs to their operating systems as their browser - and by trialling their beta IE#7, this doesn't seem to be in the offing anytime soon. I figure they best lock their operating system core programs down tight before they have any reasonable chance of motivating a large number of folks to spend $50 on a security suite.
Posted by i_made_this (302 comments )
Reply Link Flag
Fix this first than work on Security...
Ironically enough I found this today....
<a class="jive-link-external" href="http://www.theinquirer.net/?article=29832" target="_newWindow">http://www.theinquirer.net/?article=29832</a>
Related to the link above
<a class="jive-link-external" href="http://www.networkworld.com/community/?q=node/4630" target="_newWindow">http://www.networkworld.com/community/?q=node/4630</a>
Posted by brian.lee (548 comments )
Reply Link Flag
Laughing all the way to the bank.
"They have spent three or four years taking security seriously,"
he said. "They have basically removed it as a liability compared
to the Linuxes and Solarises."

Now let's get back to the real world. Windows to this very day is
the undisputed champion of hosting malware of any size, shape
and form, be it viruses, trojans, spyware, key-loggers, you name
it, Windows has it in spades. More so than any other platform,
period. And that's putting it mildly. MS cannot escape this
essential factoid.

Sure, maybe they have taken the last four years taking security
"seriously" which, coincidentally, happens to be just about MS's
gestation period for correcting security lapses in it's software
and getting it into users hands. When did MS finally ship
Windows with all ports closed by default? Why, it wasn't until
Window's XP SP2! Given that Windows XP (which was essentially
Windows 2000 in a new suit) first appeared on the market
around 2001, that's about, oh, 4 years or so of "taking security

And of course there is IE 6, a security travesty rotting away on
every single Windows box for those who haven't had the good
sense to install Firefox. MS's answer to that problem is the
forthcoming IE 7, which is apparently still in development. IE 7
touts major improvements to security, well, we'll see. But how
long has it been since the release of the last version of IE 6 and
IE 7? Well, the clock is still ticking on that one, but if it meets it's
current approximate schedule for release, it will be about
another half-decade of "taking security seriously."

The fact is, the only time MS takes security seriously is when
their users scream about it. Even then, MS will not initially
respond with the goods. Their users must continue to scream in
agony about the same damn issue for YEARS before MS
effectively gets around to it...err, I mean "takes security

So is it of any surprise at all that the security software industry is
now a billion dollar industry?
Posted by Terry Murphy (82 comments )
Reply Link Flag
Conflict of interest!
Why improve Windoze security when they're selling the security software?

It should be part of the OS - oh no, that's bundling which got them in trouble before.

Leave it to Gates to turn a liability into cash.
Posted by technewsjunkie (1265 comments )
Reply Link Flag
As Nelson would say!
Ha! Ha! gotch ya again!
Posted by heystoopid (691 comments )
Reply Link Flag
billions to protect your computer; but, ...
nothing to protect your IP rights. Hmmmmm.
Posted by Lolo Gecko (131 comments )
Reply Link Flag
MS security products are security problems in themselves
i.e. MS anti-spyware product was quick to introduce problems, if I remember correctly it had an issue where spyware could use the antispyware service to infect a PC via a backdoor or something. Or how about MS buying a purveyor of spyware, Gator (Claria) and suddenly MS's antispyware no longer detects and removes Claria spyware products?

Who in his/her right mind would trust Microsoft to do anything other than ram it to ya?
Posted by booboo1243 (328 comments )
Reply Link Flag
That's AWESOME!!!
Microsoft creates the problems and asks you to pay even more to fix them!!! CLASSIC!!!

That one's goin' in the scrapbook!
Posted by theoscnet (36 comments )
Reply Link Flag
Windows PC Owners Should Relax
Bill doesn't have enough of your money yet.

How do you expect him to be the world's biggest philanthropist
without it?
Posted by open-mind (1027 comments )
Reply Link Flag
Yes dollars for M$
But this move will ultimately make Linux look cheaper. Of course they won't tell you that in "Get the crap" campaign.
Posted by t8 (3716 comments )
Reply Link Flag
Microsoft should ban Microsoft...
Microsoft should ban Microsoft software if they are serious about security. That also includes banning their own antirus software.

It will certainly be embarring when the first viruses start exploiting their antivirus program :)
Posted by t8 (3716 comments )
Reply Link Flag
They're not the only ones...
Symantec, Mcafee, and even Trend Micro have had security issues with their software, and they are supposed to be the experts in the field. Just goes to show you that no software is completely fullproof.
Posted by Maelstorm (130 comments )
Link Flag
Microsoft should ban Microsoft...
Microsoft should ban Microsoft software if they are serious about security. That also includes banning their own antirus software.

It will certainly be embarring when the first viruses start exploiting their antivirus program ;)
Posted by t8 (3716 comments )
Reply Link Flag
Should've bought a Mac
Why does this surprise anyone? Buy a Mac and never have to worry about these issues again. I have no sympathy for people who can't seem to learn after being told time and time again. Wake up.
Posted by DHeckeler (1 comment )
Reply Link Flag
RE: Should Have Bought a Mac
Are you kidding?

You asume that all problems can be fixed with one opperating system. Ha, security in any OS will be wayward, MS, LINUX or Macintosh. Last i heard MAC's are now what MS was back in 1995. While mac is gaining adoption it will also suffer its bouts of security headaches. Besides why pay for the OS its built on BSD which is free and probably built more secure and stable.

Not to mention if you want to talk about unable to write software for look at the mac that is far more propriatary then microsoft, IBM and Novell combined. Have to buy a license to write and sell a piece of hardware.

Stop spreading FUD seriously your lack of fact in the arguement just shows that your a zealot.


- Mike
Posted by mxrss (35 comments )
Link Flag
run a linux -- get a threee button mouse!
Its neat you can scrool up and down and make menus anywere you want!
Posted by (10 comments )
Link Flag
Get a Mac -get a five button mouse ....
... two more than Linux.... and real software too!
Posted by Earl Benser (4310 comments )
Link Flag
Suppose This

your computer came secure from boot up to boot down great for you. Right, Its hard to be a general purpose OS because you got JOE dipstick who thinks running as administrator with no AV and no idea what deleteyourfiles.exe does. The problem does not only lie with windows, but also with computer users at large.

What is linux?

Linux is a geeks tool, while anybody can use it - it is for now a geeks tool. MS has to make a OS that people can use, because if they made it to secure dumb ***es would complain and so great i can not use it. MS has this Damned if you do, damned if you dont. And i think the secuirty features in Vista are good however i think joe sixpack is going to hate it. Remember not everyone is a geek, and when security comes in the way of usability the consumer at large losses. Besides if you know how to run any OS it is secure. But it takes knowlege, If you setup your computer right with any OS you do not have to worry about this problem. But as long as people run with root we will always have these problems, as long as system cracks who think thier admins we will always have these problems.

- Mike
Posted by mxrss (35 comments )
Reply Link Flag
Microsoft has this habit...
... of making their efforts self-funding if not potentially self-funding. For example:

1. Since it cost so much to keep Microsoft products documented, Microsoft introduced subscription options to own updated copies of the documentations.
2. Since it costs so much to defend against copyrights and patent claims filed against them, Microsoft start piling up their own patents which, to over-simplify my point, are valuable when used for license rights and royalty claims.
3. Since it costs so much to secure Windows, might as well add some value to the effort and sell security as a product.

Looks like a good (business) habit to me...

Posted by Mendz (519 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.