Analyst Opinion - Microsoft just announced it will be discontinuing OneCare and roll out out a free antivirus product soon. I believe the company made a huge mistake by not owning all aspects of primary security for Windows from the start. I applaud this move, because it corrects a problem Microsoft created itself. Apple should learn from Microsoft's lead here, because if Microsoft is successful, virus writers and Bots Masters may shift to Mac OS X. Some are already reporting that this shift has begun.
There are a lot of things about the PC market that are unique. One of the things unique to Windows is that third party security software has become prevalent and created a significant market problem for Microsoft. Before the PC, platform security was typically owned by the platform vendor. This became a unique problem for Microsoft because, to sell a security product, any security product, the security vendor has to market the threat the product is designed to address.
Basically, they promote viruses and work to identify exploits to showcase weaknesses to sell a product. This would be like having a home alarm vendor that constantly told people how to break into your house while trying to sell you tools to stop the break ins. Nothing is 100% secure.
I've personally thought the ethics of this industry were under siege because of the inherent conflict of needing to aggressively find and promote security exposures in order to sell a product in large volumes that mitigates them. Too often it seemed as if this was a protection racket where if you didn't pay your money the security firm itself would play some part in you being hit by a virus or other malware.
There have been a couple of instances over the last decade where firms, largely out of Eastern Europe, brought forth free AV offerings that did cross this line by actually doing damage that was only fixed in exchange for extra money. Back in 2006 it was estimated that about 80% of new malware easily defeated antivirus products suggesting things had really gotten out of hand and that AV products weren't particularly useful.
Nasty security circle
It is a nasty circle and which has created a lot of animosity between the security industry and Microsoft, which has created significant problems for the firm. In the past, there have been mini-wars over how to aggregate the security solutions under a single management console, over whether or not security vendors should be allowed to install protective root kits (root kits are a bad idea in general), and over which software firewall should take precedence. This has actually resulted in some folks recommending not buying antivirus software in the first place. But that isn't a great idea as botnets are taking over our lives and PCs and security products remain one of the best defenses against having your beloved PC turn into a zombie.
Of course, the other problem is that you can put AV software you can find on your own systems, but if someone on your network doesn’t, they can do a lot of damage including unintentionally tricking you into infecting your own PC.
One issue we don't talk about much is that antimalware software typically won't run on anything but the platform it was designed for. This is not only kind of annoying when you buy a new computer or software upgrade, it makes using beta products much riskier than most folks realize. This is because new operating systems typically have compatibility requirements that assure old applications, and this may include old malware, to run on them. The effect: Microsoft tries to convince lots of people to pound on a new product to get the initial bugs, but often they won't run it since they fear they could be endangering their networks.
Fixing the problem: Will Microsoft lead and Apple follow?
To fix the problem, Microsoft has to take ownership of it, but bundling antivirus software into Windows (which was the number one request on one of the surveys done a few years back from consumers) can't be done for two reasons. One is that it would likely result in a successful antitrust challenge and the other is that antivirus software has a half life that is typically measured in hours: It simply would be past its expiration date the moment a user fired up a PC.
To solve both problems, Microsoft is rolling out a free antivirus offering and is discontinuing its OneCare bundle.
I think this will take Microsoft down a path that should result in higher customer satisfaction, fewer botnets and fewer successful viruses over time, because, let's be honest, there are way too many folks who don't buy or update their AV products at the moment. “Free” generally results in better penetration. This will make us all a bit safer regardless of whether we use the product or not.
The lesson here is that you should never allow a third party to own something that is critical to the satisfaction of your own offering. Hopefully, Microsoft won't forget this again.
It is interesting to note that Apple, who typically is very aggressive about owning the customer experience, hasn't been that interested in owning the AV responsibility for its offerings. Given Apple is now losing market share again, the company may want to shift focus from their Mac vs. Windows campaign and actually fix its own products. I say this without a hint of Irony, well maybe a hint.
Rob Enderle is one of the last Inquiry Analysts. Inquiry Analysts are paid to stay up to date on current events and identify trends and either explain the trends or make suggestions, tactical and strategic, on how to best take advantage of them. Currently he provides his services to most of the major technology and media companies.