Microsoft shakes up security fray

Microsoft's long-awaited entry into the market for all-in-one PC care is shaking up the consumer security field.

A number of companies, including perhaps unexpected ones such as AOL, are readying security and maintenance packages for home computers, following Microsoft's launch last week of Windows Live OneCare.

It's hard to pick an outright winner, but one thing is clear: Health care for your Windows-based PC is getting easier, cheaper and more comprehensive.

"Microsoft's official entry into the consumer security protection market will dampen prices," Gartner analyst Arabella Hallawell said. The Redmond, Wash.-based software giant is poised to take a big chunk of that niche, she said. "Existing vendors must converge their offerings to warrant premium pricing and survive."

The introduction of OneCare is the starting gun for heightened competition for consumers' security dollars, with Microsoft taking on incumbents Symantec and McAfee. There's a lot at stake. Last year, the worldwide market for consumer antivirus software reached $1.95 billion, up 17 percent year-over-year, according to research from Gartner. Symantec dominated the space, taking a 70 percent piece of the pie.

Microsoft isn't just a newcomer to consumer security; it's also taking a different tack. The OneCare software and service package aims to be comprehensive, whereas Symantec and McAfee have traditionally charged for additional features. OneCare includes the security basics--antivirus, anti-spyware and firewall--found in the products sold by its rivals, but adds backup features and tune-up tools for Windows systems. It's being touted by Microsoft as "a pit crew for your PC."

"We believe we're creating a new category," Dennis Bonsall, Microsoft's director of product management for OneCare, said in an interview last week. "It is not about security anymore, but it is about holistic PC care."

Symantec and McAfee have both announced that they are preparing integrated packages to go up against OneCare. The planned releases will incorporate components of their current security, PC optimization and backup products, the companies have said. So far, however, they have shown only product plans, not actual software.

This summer, McAfee plans to ship four products based on its integrated security technology, code-named "Falcon." Symantec's Norton 360, previously known by the code name "Genesis," is set for release by the end of March next year, having originally had a September due date.

The lack of a rival product on the market, or even available in a test version, doesn't bode well for the traditional security players. "Microsoft has the first-mover advantage by having a managed consumer security service ready to go first," Hallawell said.

There are some limitations to OneCare in early comparisons of features. For example, Symantec promises to deliver online backup capabilities in Norton 360, which will let people store their critical data on a Symantec server. Right now, Microsoft does not offer that feature in OneCare, where people can only back up to external hard drives, CDs or DVDs.

Additionally, OneCare lacks spam-filtering capabilities and doesn't offer protection against information-stealing Web sites used in phishing scams. Those features will be part of Symantec and McAfee's PC care suites, the companies have said. Microsoft, meanwhile, offers a phishing shield in its toolbars in Windows Live and in the MSN Search Web browser.

"Symantec will likely have a managed service with more bells and whistles," Hallawell suggested.

But the incumbents will have to cut their prices, as they face off with Microsoft and one another, analysts said. Symantec and McAfee have not announced pricing for their new products yet, but Microsoft will undercut them, no matter what, Forrester Research analyst Natalie Lambert said.

"Microsoft is going to win on price," she said. And with consumers being very cost-conscious, that's going to be half the battle, Lambert said.

OneCare costs $49.95 per year for use on up to three PCs that run Windows XP with Service Pack 2. That's less than Symantec and McAfee charge for three-user editions of their existing security suites--$119.99 and $129.99, respectively. However, those are full prices for the packages, which don't have as wide a range of tools as the upcoming products and which are often heavily rebated.

[rick7069]

WOW!!!

Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.

[Ted Miller]

Well if at first you can't succeed ...

PATCH, PATCH again!

[fjellt]

Umm....

Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.

[rick7069]

WOW!!!

Microsoft is (with vista ultimate) going to sell me a piece of software for LOTS of cash that is full of holes and then charge me to protect those holes from attacks? Sounds no different than a common protection racket that would be locked up for criminal activity.

I guess I will never be as rich or powerful as a company like Microsoft, I simply could never treat customers the way that they do.

[Ted Miller]

Well if at first you can't succeed ...

PATCH, PATCH again!

[fjellt]

Umm....

Colonel Sanders, will you baby-sit my chickens?

The manufacturer of flawed software makes a security suite to help protect said software? I have to sit down, my brain is starting to hurt.

[aabcdefghij987654321]

Microsoft products cause security problems, not fix them!

I really hope the majority of people "get it" and tell MS where they can out this product, thanking them for the need for it to begin with.

Give this Linux a try if you truly are looking for a more secure system. http://www.ubuntu.com/

[Ted Miller]

Goverment request

Home Land Security demands to look at all thet secure data backed up on Symantec's servers. Ahm you know... just in case there are terriosts there

[jabbotts]

There's One! ...

There's one, there, behind that diod.. Watch it! He's got a byte in his hand, oh if we lose that byte we're all screwed

[john55440]

Symantec Needs A Good Shaking

Perhaps Symantec will get off of it's rear, and create better products.

[P. Jackson]

Symantec customer service

... is a joke. They don't just need better products. They need a new attitude towards their non-business customers.

[tobyp--2008]

Defensive "news"

"The real winners could be consumers, who will likely see
simpler, cheaper and more comprehensive products, analysts
say."

You know, I read this article twice and didn't see any quote that
even resembled this "high impact" summary

I hate to be cynical, but the obvious response from Symantec
and McAfee (and others) will imply that this may be another
anti-trust (bundling) violation. Microsoft's position would be to
argue that entering the market INCREASES competition and
BENEFITS the consumer, and thus this is not an anti-trust issue.

How funny then, Joris, that you would provide Microsoft's
defense in your "summary" -- it's hard to believe you didn't get
some "motivation" from MS to do - especially given your
summary comes out of nowhere considering the very text of
your article.

Hopefully, this isn't the case.

[irish_iiii]

Build a software market based on a faulty product

Quite a racket. Maybe the gaming industry should pay attention.

[irish_iiii]

Build a software market based on a faulty product

Quite a racket. Maybe the gaming industry should pay attention.

[rcrusoe]

I wish Microsoft would really shake up the market

I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?

[imacpwr]

Mac is better.. it's just that simple

I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!

[nesretep]

Are you so sure...?

Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.

[Fireweaver]

Security by Obscurity

You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...

[rcrusoe]

I wish Microsoft would really shake up the market

I wish Microsoft would shake up the security market by developing
a secure OS. Then we wouldn't have to spend so much time and
money trying to protect our Windows boxes like new born babies.

Imagine a world if Windows was even half as secure as OS X. It
would be Symantec who? McAfee software? Never heard of them.

What's spyware?

[Fireweaver]

Security by Obscurity

You're calling OS X secure? Ever wonder why your Mac is running OS updates every week?
It's likely that OS X isn't half as secure as you think it is. OS 9 was far more secure- There's no lack of holes to exploit in OS X, but if you're someone looking to steal passwords or infect computers are you going to write an exploit for 90% of the market or less than 10%?

Secure by obscurity isn't really secure. In some cases it's less so because the user's smugness causes temerity. On the other hand Mac doesn't seem to be doing anything in marketshare so maybe your smugness is justified...

[imacpwr]

Mac is better.. it's just that simple

I used Windows 10 years, bought a 5yr, old G4 Mac from work and
put OS X on it. Less than 1 month later I knew I wasted 10yrs on
the M$ wholywear. Now I'm the proud owner of a "solid and secure"
(Intel) iMac..!!
I'll NEVER go back to Microcrapware..!!!!!!!

[nesretep]

Are you so sure...?

Keep in mind that part of the reason that Macs appear to be so secure is their lack of numbers when it comes to market share. They have finally made a little noise in the market and what was the first thing that happened? Exploits had to be patched in the Safari browser and the OS X operating system itself. Don't get me wrong, I am no microsoft fanboy. I probably won't get OneCare. However, many of the comments here are from Apple fanboys that think that Macs are a cure-all for the ills that befall computers. If the situation were reversed and Apple and held nearly all of the marketshare for this long they would likely be the one criticized for a lack of security because of the greater intensity with which they would have people looking for exploits.

[Techno Guy]

This is Good News for Consumers and the Internet

I view Microsoft's entry into the PC security sphere as good news where everyone wins. In addition to the fairly obvious increase in competition and resulting reduction in prices, it will also likely press the existing security makers to improve their products. Additionally, as security products become more affordable and more commonplace, more people are likely to use them and keep them up-to-date, reducing the effectiveness of Internet-based attacks. All of this benefits everyone, regardless of your attitude toward Microsoft and its products.

[Zymurgist]

I'm not sure about that...

After all, Microsoft is selling for additional
cost a product that aims to implement stop-gap
measures to reduce the impact of flaws in their
product.

There's an obvious conflict of interest there.
If they are competent enough to implement the
measures in an effective manner, then how come
they have not fixed the inherent flaws in their
OS product? Either they are not competent, in
which case the security product would be
expected to be of lesser quality, OR they are
competent, and are intentionally releasing a
flawed product with the intent of selling you
additional products to avoid those flaws.
Neither bodes well for the market or consumer.

I suppose it need not be pointed out too that MS
has a distinct advantage over their competitors
in that their tools can be granted privileged
access to OS resources and features unavailable
to their competitors. Theire products, by
design, can do things the competitors products
never can.

[RayGentry]

IMHO

i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.

[Zymurgist]

Security as an afterthought.

I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.

[ikenna4u]

IMNHO, I disagree

Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.

[jerrellt]

Ditto

It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.

[RayGentry]

IMHO

i think that microsoft's security suite should come standard, free with every copy of windows. now, maybe without the spam filter or whatever, since that's an email problem not an OS problem, but i don't think microsoft should be allowed to make money off making thier PC's more secure like this. MS recommends everyone connected to the internet have extra security precautions built in, which means that they realize there are extra threats. i should be able to boot my PC up and not be recommended to go buy extra products to do what it was made to do. if MS has created a product that allows people to use thier computers how anyone would expect to in a safer way, it should be included in windows.

[jerrellt]

Ditto

It makes no sense to make software, then have stuff wrong with it, then charge extra to fix it.

Windows should have as much security as possible straight out the box. But of course, that's in a perfect world.

[Zymurgist]

Security as an afterthought.

I think you are right. I would add that this
also bolsters the notion that Microsoft
considers the integrity of their systems as an
afterthought. Rather than focus on making a
stable and secure system, they build a capable
system and sell add-ons that claim to make their
systems secure.

Microsoft's competitors, of course, don't do
that. They perceive security to be part of the
core OS product, not a separate product in its
own right.

[ikenna4u]

IMNHO, I disagree

Microsoft offers security suite for free - and gets a rain of anti-trust charges, court injunctions etc etc. In a perfect world, they should. In todays legal system, impossible. Their competitors in the security arena will not stand, arms crossed, and watch their entire industry disappear you know.

[oldroughneck]

Marketing Spin

Shrewd marketing move on Microsoft's part: sell vunerable products at a high price, then charge for a service to monitor and repair the damage from the exploits of those vunerablities. The vunerablities won't necessarily be patched, just managed. Never ending revenue streams, Balmer's wild wet dream.

Operating systems don't "cause" security problems, the "cause" is the crackers who exploit the vunerablities. Anyone who claims that their OS is fundamentally secure doesn't understand the dynamic. It's statitiscally impossible to write error free code once you have a code body larger than a couple hunderd thousand lines. It just takes too long in human terms to prove the code is correct. Doesn't matter who writes the code, it will have errors, period.

Just because *nix and Mac OS don't get hit as often doesn't mean they're less vunerable, it just means the crackers haven't spent nearly as much time knocking them around to find where they break. Imagine the side of a barn with a door and a window. The barn represents all OS's. The big red side it the market space that Win OS occupies, the door is the market space that *nix OS occupies and the window the market space that Mac OS occupies. You start throwing rocks are the barn. Over time, you'll see that you hit more of the red space a lot more than hitting the door or the window. It's as simple as that, security attacks are going to hit the biggest target.

Microsoft isn't a security software company, they're an OS and productivity software company. They have talented people in the security area, no doubts about that, but it's not their strength as a company. Symantec and McAfee have been in this game a lot longer, but both companies have been "resting on their laurel" of late, they haven't been that innovative and they've tended to try to become the kitchen sink for security manangement; they try to everything, doing a fair job of everything but not an outstanding job on any particular aspect.

I don't buy into this "remotely managed security care", at least not yet. This opens a whole other attack vector and no one has of yet really mentioned how much impact this will have on bandwdth consumption or machine resource consumption. Given what I've seen already, it's an interesting idea but won't take the place of a well researched, designed and implemented set of ecurity policies and procedures. The cheap price alone is not enough, and will undoubtedly come around to bite you later.

[kurt mclaren]

Exploiting their shoddy work

I dunno, but is it just me?...Why are they trying to sell something
that offers protection for a faulty product, that just happens to
be their product. Its like selling a house or a car with no
windows or doors then turning around and trying to sell a
security system instead of trying to put in the windows and the
doors before selling it. Even then ca manufacturers go to the
length to offer security systems free of cost (immobilizers etc)
because they recognize you can?t be to sure about things. I think
this is a travesty; they should try to fix the product in the first
place to ensure that little if any security is needed. Instead they
are trying to exploit their shoddy workmanship. Consumers
cannot benefit from this, Microsoft will. They should include this
free, to aid helpless droves of microsoft product users who have
had years of crap and problems. So what is to stop them from
offering a faulty product and provide a certain and definite fix
for a premium? A double whammy if you ask me, so they will be
able to make money two ways...What?s next? They aren't gonna
offer security updates? Just tell you to get their 'one care'
product? Or better yet charge for security updates? This is so
underhand and should not happen.

[technewsjunkie]

Consumers are SHORT TERM beneficiaries!

I find the headline "OneCare has kicked off a software race--and consumers are the likely winners." misleading and sympathetic to Microsoft.

Has the result of the Browser wars been good for consumers(?!) - the vast majority use IE! And MS has let it languish until it was FORCED, by COMPETITION to update it!!

Wake up!

[technewsjunkie]

In theory, MS would seem to have an inside advantage

Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)

[technewsjunkie]

In theory, MS would seem to have an inside advantage

Since it's THIER OS! One might think they know where the weak spots are (NOT!). Will MS now be as "forthcoming" in providing Windows code to it's new competitors? Hmmm.

Seems like an unfair advantage to me (except that MS is incompetent in securing it's products)

[Nkully86]

Is this enough though?

Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
http://www.essentialsecurity.com/products.htm


Nkully

[Nkully86]

Is this enough though?

Here Microsoft has addressed the common issues relating to online security, but what they still haven't focused on is email security. Most viruses that come via browsers have been taken care of through knowledge and antiviruses and most of the time these programs work great in protecting a PC, but the amount of viruses that come via email has readily increased.

There are few programs and opportunities for consumers to protect themselves from email worms, so we need to expand the knowledge and hopefully force hackers to find other ways into our computers.
http://www.essentialsecurity.com/products.htm


Nkully