Comment: Damned if you do and damned if you don’t

6 Apr 2005

Microsoft can’t win. After getting kicked from pillar to post because of security flaws in its software over the years, it tries to redress the balance and what happens? More pitfalls in prospect.

Amid a welter of recent announcements, the world’s largest software company revealed plans for an accelerated launch of Internet Explorer 7.0 that will have additional built-in security features. Most interesting of all is the likelihood that Microsoft will debut its own-brand antivirus software due later this year, competing head to head with the players that have dominated this space over the years.

No sooner had the company made its various pronouncements than experts weighed in with the view that some of this activity could run contrary to competition law. Never mind antivirus, try antitrust instead.

Depending on how closely it ties its antivirus software to the operating system (OS), Microsoft could in theory kill off much of its competitors in this space — the rival security software makers. It’s a fight that may have several fronts: price could be another battleground, if Microsoft decides to aggressively chase customers and undercut rivals in the process. “Aggressive entry into the established antivirus market, especially to the extent Microsoft bundles its solution into the OS, is almost certain to draw regulatory scrutiny, especially in the EU,” warns Charles di Bona, an analyst with Sanford C Bernstein & Co.

Add to that some disquiet from the analyst community about recent developments. Neil MacDonald of Gartner Research claims these announcements “do not add up to a strategy for protecting Microsoft’s products and customers”. He calls its efforts a missed opportunity and says it would be better for Microsoft to eliminate the need for antivirus and anti-spyware tools, instead of simply supplying “lookalike products at lower prices”.

Low price may even mean free: few details have emerged so far about how much Microsoft’s antivirus software is likely to cost. The company has committed to supplying an anti-spyware tool for Windows customers by the end of the year and this will be free of charge to consumers, although it seems that business customers will have to pay.

You can make a case for two points of view in this debate: on the one hand, Microsoft deserves credit for having made such an extensive commitment to security and many of its global efforts have percolated down to local level, with seminars and events for raising awareness of the issue.

But in case we think that Microsoft’s moves in the security arena are purely charitable, let’s remember how much of the antivirus and firewall industry now operates. A lot of security software is distributed in the form of constant updates, for which organisations pay an ongoing fee. To put it another way, this means recurring revenue for the provider — the holy grail for any software supplier.

While we’re on the subject of money, Microsoft itself now commits some US$2bn of its estimated US$6bn research and development budget directly to security, with much of the rest of the fund feeding into that effort directly or indirectly.

But given the outcry over IT security, did the company really have an alternative? Sit back and do nothing? For Microsoft that was hardly an option. MacDonald concedes that all this activity does fill in some pieces in Microsoft’s security strategy. He also sounds a warning for others in the sector, as if they needed telling. “This move will challenge antivirus vendors that depend heavily on revenue from consumers, such as Symantec, and vendors that derive substantial revenue from upselling enterprises to antivirus product suites that include desktops and servers, such as McAfee and Computer Associates International.”

Microsoft responded by saying that the recent announcements were only part of the plan. “IT security is such a complex area that no one company has all the answers,” says Mike Hughes, security and platform strategy manager with Microsoft Ireland. That being said, its arrival in this industry unquestionably changes the game. It may not be the time to choose sides just yet, but the pre-match build up will be worth following.

By Gordon Smith