This article can also be found in the Premium Editorial Download "Information Security magazine: What are botnets and how can you prepare for them?."
Download it now to read this article plus other related content.
When you're rolling out this month's critical updates, muttering all sorts of nasties about Bill Gates, remember one thing: You owe your livelihood to Microsoft. Without Microsoft's historical indifference to security, there'd be a lot less need for patching and layer upon layer of content filtering and network segmentation. And less need for IT security specialists, too.
Since the advent of Trustworthy Computing three years ago, Microsoft has focused on building better security in its operating systems and applications. Along the way, it released a basic desktop firewall and an automated patch distribution system, both free, as well as a network firewall, ISA Server. They also acquired a Romanian anti-virus company, GeCAD software. Now we learn that Microsoft is diving deeper into the antivirus and antispyware market with the acquisitions of Sybari Software and Giant Software, respectively.
As you might expect, Symantec, McAfee and the other AV and antispyware companies immediately downplayed the prospect of going toe-to-toe with the industry's 800-pound gorilla, arguing that consumers and businesses will choose superior technical quality and service over price and convenience. The AV stalwarts are trying to put a good face on it, but history tells us they're facing an uphill battle.
Consider the lesson of Wal-Mart. Like Microsoft, Wal-Mart has long been accused
The similarities don't end there. Notice how closely the following business strategies apply to both Microsoft and Wal-Mart:
- Locate yourself on the outskirts of town. Keep costs down by maximizing pre-existing distribution channels. Move sector by sector, creating demand by offering name-brands at low prices. Microsoft has always been on the fringe of security, but it has a far-deeper footprint in general purpose computing and a far-superior distribution model than pureplay security vendors. Most consumers (and many small businesses) value convenience over robustness. If your new Wintel machine comes bundled with Microsoft's own antivirus, antispyware and firewall--none of which requires annual license fees--you'll have little incentive to pay for and/or download anything else.
- Convenience and efficiency wins. Wal-Mart understands that having a product that everyone uses is more important than having the best product. Wal-Mart doesn't sell $100 Calvin Klein jeans, but it has a wide variety of $25 Levi's. Microsoft, by the same token, doesn't need the "best" security software to win; it simply has to ship a higher volume of "good enough" software. Need proof this strategy works? The Windows Antispyware beta already has 5 million downloads.
- Offer the lowest prices possible. Operating efficiencies enable you to offer products at a loss until you gain market share. As competition is removed, you create pricing power. Some say "free" is worth what it costs. But most consumers still look at security as insurance, and who wants to pay for insurance? You'll notice I keep referring to the consumer security market, where, initially, it will be far easier for Microsoft to make a dent. Enterprises will continue to value and pay for innovation and support. But as security becomes a commoditized feature of the core network, expect Gates & Co. to launch into the enterprise space with similar aggressiveness. In that way, ISA Server, Network Access Protection (NAP) and its identity management products may be a sign of things to come.
This was first published in March 2005