Microsoft’s new security subscription service, released in consumer beta, could shake up the anti-virus and anti-spyware market – if consumers buy the idea of MS as a security vendor.
To many people, the words “Microsoft” and “security” go together like McDonald’s and health food.
With the consumer beta release last week of Microsoft’s new PC-based security service, OneCare, the software giant hopes to change that image.
Microsoft’s OneCare is a subscription service that includes anti-virus and anti-spyware tools, regularly and automatically updated online, plus a two-way firewall. The service also helps subscribers back up their data more easily, and offers tools to help them clean up unnecessary files cluttering a hard disk.
Microsoft announced plans for the service in mid-May, when employees began testing it. Then, in late July, the company went into a “managed external beta,” meaning it will select several thousand consumers to try out the service. Company officials would not comment on when they plan to launch OneCare to the general public, or how it will be priced.
It’s no secret that Microsoft has been making more of a play in computer security lately, typified by Chairman Bill Gates’ keynote address at the RSA Security Conference in San Francisco in February. And in June the company acquired Sybari, a Long Island, NY-based security software developer. Unlike Sybari, which makes products largely for the corporate server market and is being kept separate for now, Microsoft OneCare is intended for any and all PC users.
Indeed, OneCare is intended for computer users who lack the knowledge or inclination to do regular tune-ups on their own systems, yet who are increasingly concerned about the threat of viruses and annoyed with slow hard drives and lost data.
“The dynamic nature of the Internet and technology can make the protection, maintenance, and optimal performance of PCs a challenge for consumers,” says Samantha McManus, a business strategy manager for Microsoft. She also takes aim at the existing software security industry: “Consumers need a simpler, more comprehensive solution to keep their PCs ‘healthy’ and running well compared to what the traditional security marketplace has been able to provide to date.”
Despite the onslaught of computer viruses and spyware – which can spread so insidiously that many users are unaware of their existence on their systems – “the vast majority of consumers today are using PCs without basic protection technologies, such as anti-virus, anti-spyware or a firewall,” says McManus, “or if they have these protections, [they] are not keeping them up to date.”
Furthermore, by not performing routine maintenance tasks, like disk defragmentation, many PC users also risk losing important files or images, or, at the least, having to cope with underperforming systems.
Of course, if Microsoft can reach these less security-savvy PC users, the payoff could be worthwhile for Microsoft as well. Quite worthwhile. Andrew Jaquith, a senior analyst on the security solutions and services team at Yankee Group, a Boston, MA-based IT research outfit, estimates that the market for downloadable anti-virus subscription services in 2005 will amount to only about $400 million – which means plenty of growth potential.
With a compelling offering, Jaquith believes Microsoft could establish itself in the consumer security market. This would generate a continuing revenue stream – something the company does not have with most of its existing products. “Microsoft has made all these feverish attempts to extract revenue on a regular basis, and nothing’s stuck,” says Jaquith. He points to the lackluster response to its MSN online service as one of its failed attempts to create continuing revenue.
Not surprisingly, though, other industry observers – especially those at established security companies – are alternately critical and skeptical of Microsoft’s new-found role as a protector – given its oft-publicized problems with security holes and other vulnerabilities.
“I personally think it’s unconscionable for [Microsoft] to enter this market for a profit,” says Gregor Freund, founder of Zone Labs, a security solutions provider, and chief technology officer of Check Point Systems, which owns Zone Labs. “It’s like a protection racket I don’t think Microsoft has the moral right to profit from its shortcomings.”
What’s more, Freund believes that Microsoft’s role as the leading maker of operating systems would conflict with its role as a security services provider. “It will be a constant struggle for them to achieve two very different goals,” Freund says.
McManus at Microsoft counters that “all software contains vulnerabilities,” adding that the Redmond, WA-based company is “committed to keeping the number of security vulnerabilities in our products to a minimum – this is evidenced by measurable improvements in the security of our software.”
McManus’ claim seems to have some credibility. According to research by the Yankee Group, the number of vulnerabilities in anti-virus and security applications has recently begun to outpace the number of those discovered in Microsoft products. From January through May 2005, the researchers tracked 23 flaws in security products, a significant increase over 2004. Meanwhile, they found only 22 vulnerabilities in Microsoft software.
Jaquith believes this improvement is the result of two factors. First, Microsoft is responding to “furious customers” who have been demanding more solid products, and doing a better job in its research and development, design reviews, and tracking its own flaws. Secondly, Jaquith says that hackers are “increasingly less interested in poking holes in desktop operating systems,” and instead are finding the flaws in the security products aimed at keeping them at bay.
“It’s very clear that the security vendors haven’t faced the same kind of scrutiny about their development practices as Microsoft,” Jaquith says.
Assuming Microsoft does shake off its poor image in security, the question arises: How will OneCare affect the rest of the PC security market? Not as drastically as one might expect, it appears – at least that’s what some industry players claim.
Freund of Zone/Check Point is confident that his company is well-entrenched enough to ward off this new rival.
“We don’t think it’s going to be a big threat for the major existing vendors,” says Freund. But he does believe that Microsoft’s entry could inhibit the growth of smaller security firms, which he points out are often the leaders in innovation.
Others claim that Microsoft’s interest in providing more simplified security products confirms that such services are needed, and that it will attract more customers for everyone in the industry.
Risto Siilasmaa, president and CEO of Helsinki, Finland security firm F-Secure, put out a release right after Microsoft’s initial May announcement of OneCare, proclaiming that it was “good news” for them.
“They support the approach we have pioneered through the last five years in providing security as a live service,” Siilasmaa said in the release. “The additional exposure for the service approach will create new pull for such solutions.”
Even Freund admits that “Microsoft could do a good job of creating awareness” as it throws its considerable marketing power behind promoting OneCare. All this, he says, could help security firms in general reach the biggest open market in security: people who have no PC protection or support at all.
Jaquith at the Yankee Group is a bit less optimistic about the future of diversity in the security market, suggesting that Microsoft’s arrival could strike the death knell for “some of the less well capitalized anti-virus vendors,” and force others to work through original equipment manufacturers to stay alive. Despite Microsoft’s dominant desktop real estate, though, he doesn’t think they will crowd out all competitors.
“There’s room enough for everybody to play,” Jaquith says.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today