By Munir Kotadia, 21 February 2005 08:45
NEWS Microsoft should be concentrating on securing Windows so it no longer needs an antivirus product instead of trying to squeeze established AV vendors out of the market, according to Gartner.
Microsoft has bought two antivirus companies and an anti-spyware company - the latter acquisition has already produced an anti-spyware application for Windows - since Bill Gates launched the Trustworthy Computing Initiative, which changed coding practices to make security Microsoft's first priority.
However, Gartner analyst Neil MacDonald said in an advisory on Friday that Microsoft has "missed an opportunity" to clarify its position in the security market by not stating its intentions. He said the company needs to "articulate whether it plans to be a leader in consumer and enterprise security solutions across desktop, server and server gateway".
"Microsoft's overriding goal should be to eliminate the need for AV and AS products, not simply to enter the market with lookalike products at lower prices," said MacDonald.
In the advisory, MacDonald predicts that Microsoft will launch a combined antivirus and anti-spyware product mid-2005, which will directly compete with established products such as Norton Antivirus from Symantec.
"This move will challenge antivirus vendors that depend heavily on revenue from consumers, such as Symantec, and vendors that derive substantial revenue from upselling enterprises to antivirus product suites that include desktops and servers, such as McAfee and Computer Associates," said MacDonald.
However, James Turner, security analyst at Frost & Sullivan, told silicon.com's sister site ZDNet Australia that Microsoft's security strategy is a "commercially sensitive" area and the company is not obliged to reveal its strategy.
"The fact is that Microsoft have purchased a number of security oriented companies, anti-spyware and antivirus. You don't buy a number of companies for the fun of it. This is part of a long term strategy," said Turner.
Additionally, Turner said Microsoft's attitude to security has changed since the launch of its trustworthy computing initiative. He cites the company's response to the recent attack on MSN Messenger.
"You don't just judge a company by what they say, you also judge them by what they do. Microsoft's recent clampdown on MSN Messenger to repair the vulnerabilities there is a clear sign that Microsoft can mobilise very quickly when something is completely within its control. If Microsoft was ignoring security the market would punish it and so would the legal system," said Turner.
Gartner's MacDonald also attacked Microsoft's decision to only create an updated version of Internet Explorer (7.0) for Windows XP, hinting that the only reason behind the decision is to force enterprise to upgrade from Windows 2000.
"The decision to restrict IE 7.0 to the XP platform also suggests that Microsoft wants to force users of older platforms to upgrade if they want improved security. If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users."
"Furthermore, instead of making more evolutionary security improvements to IE, Microsoft should announce that it will fundamentally re-architect IE with security in mind," said MacDonald.
The Gartner advisory concludes with recommendations that are likely to cause some concern to traditional antivirus vendors.
According to Gartner, companies should demand that their antivirus provider offers an enterprise-class solution - including anti-spyware - at no cost by the end of this year. Gartner also advises companies to demand a "converged desktop security product with antivirus, anti-spyware, personal firewall and behaviour blocking at a total price no more than 20 percent higher than what you now pay for standalone AV."
Neither Microsoft or Symantec were available for comment.
Munir Kotadia writes for ZDNet Australia.
Comments
There are 5 comments. Join the discussion
1. Simon
Of course MS wants everyone to upgrade to XP or above. What company in their right minds want to support OSs that are over 5 years old?
MS has been and is still supporting Win 98 (just) although they usually only support a product for 5 years!
The only thing I would suggest is that MS cut their retail prices by a least 1/3 and then consumers are more likely to buy genuine products rather than reply on pirated versions.
XP pirated version causes so many problems and when I visit a house or company that has a pirated OS I simply say "Hard Luck", I will not support this OS.
2. anonymous
First off, what is wrong with Microsoft developing security products? It is unrealistic to expect any company to be able to produce software to the scale that Microsoft does (how many lines of code?) and not get some imperfections. I therefore applaud them for taking the issue into hand rather than relying purely on 3rd parties. Microsoft's focus is on creating a secure platform. If they do nothing they are slated and if they do anything they are slated.
On the issue of providing updates only for XP... Again, I see nothing wrong with this. Microsoft can not be expected to keep supporting every product. The whole point of developing a new product is to move forward (for any company, not just software). It is unrealistic to expect every feature that gets added to XP to also get added to every other platform. If a car manufacturer brings out a car that has 8 air bags you wouldn't expect to be able to take your older model in to have them fitted free of charge...
3. Rob
Please for the love of God Microsoft, stop supporting Win98. I'm all for forcing comapnies to upgrade their technologies, I'm sick of walking into a business who has requested IT support and find they are running something like Win98 with a NT4 Server.
It's too much of a headache, I'm getting to the point where I must just refuse and walk back out.
I have a Beta of their anti-spyware and I like it, better than Ad-aware at the moment (although bear in mind it's still beta).
4. anonymous
I have just spent a day trying to cleanly remove all the components of an all in one product offering AV, antispam etc...that had come bundled with a new laptop. It both slowed the machine down and conflicted with other software. What joy when I got rid of it. I hope that I will still be in a position to pick the best of breed products and not be forced to use a halfbaked all in one offering.
5. Simon Bazley
This is nonsense, Firstly The Microsoft Press released a book written by the product manager of Excel 4.0 called 'Writing Solid Code' which is a bible of how to do things properly with a lot of examples of how Excel didn't do this. Following all the things in this book makes code stable, adding relatively simple code that surrounds memory buffers with security breaks and really forcing buffers really can't over run, elliminates 99% of win32 based hacks.
The complete lack of any realistic level of process security before NT still taints most Windows Software. A complete rewrite with a more up-to-date security model in mind is the only solution.
The business of Virus scanners is not to solve the problem but to profit from it. If MS really wanted to solve the problem they could, but it would involve a sea change. I suspect they have become like every other bohemoth of a company, utterly incapable of a serious course change. Their only solution is to write new software, which will only happen if there is a chance of them loosing market share. Firefox has IE in its (distant) sights, so it's essential for them both to be robust.