Monday, May 16, 2005

microsoft antivirus: the next generation

by now you've probably heard that microsoft plans to get into the anti-virus industry (again) and has already entered the anti-spyware industry... they apparently are planning to release a complete security package for a fee (see Techdirt)...

now, Techdirt makes an interesting argument for why giving away the security package might be problematic for microsoft - that they might get accused of anti-trust violations with regard to the desktop security industry...

so it would seem that they can't not charge money for their product - but here's a different angle... a big part of the problem that their product will be addressing is the insecurity of their other products... the argument has been made that anti-virus companies are the ones behind the viruses and it's an easy argument to debunk (the industry is very competitive and the companies would use that information against their competitors if it were true), but when it comes to security exploits microsoft IS behind many of the vulnerabilities being exploited... they're basically charging you to protect you from the threats posed by their other software - which sounds an aweful lot like a protection racket to me...

worse still, however, is that with their complete security package they would have less motivation to actually fix the security problems in their other software... they could say that the threat posed by vulnerability X is mitigated by Microsoft Security Suite (tm), so the severity of the problem is less than critical so fixing it will be a lesser priority... they've been trying to address security for years now and so far it's been an abject failure - we have no greater confidence in the security of their software now than we did when they started... this could mark the end of their efforts to write more secure code - it could be the sign that they're giving up... writing software to protect people from exploits when you should be fixing the vulnerabilities certainly sounds like a cop-out to me...

so really, there doesn't seem to be any moral highground for microsoft in this venture - either they kill the desktop security software industry by giving their own product away for free (like they did to netscape), or they can charge money for their product and at best admit defeat at writing secure code or at worst be guilty of protection racketeering...

maybe they should just stay out of the security industry entirely... they've tried their hand at it before (msav) and that was an abject failure too...