Microsoft took yet another step into the security market last month with the move to general beta testing of its OneCare Live antivirus and firewall product. The new offering, which is currently aimed at consumers, is an application and subscription service that provides AV scanning with automatic updates, firewall protection and storage backup for PCs.
OneCare Live comes on the heels of a series of other Microsoft moves in the security arena, including recent acquisitions of antivirus software maker GeCad Software, security software vendors Pelicon Security and Sybari Software, and GIANT Company's anti-spyware technology.
Over the past year or two, Microsoft also began beta-testing its desktop antispyware software and released an enterprise firewall and Web cache server, the Internet Security and Acceleration (ISA) Server. These and other signs suggest that the software giant wants in on the lucrative enterprise security and software services market, and OneCare may be the latest step in that quest.
But will consumers and organizations with a need for desktop security software flock to a Microsoft solution, given Microsoft's problems with security holes and constant patches for its flagship Windows operating system?
Some IT managers aren't so sure.
"If Windows is so exploitable, then just as someone can find loopholes in it, they're probably going to find a loophole in Microsoft's security product," said Bradley Dinerman, vice president of information
Microsoft's business strategy manager Samantha McManus noted that while all software products contain vulnerabilities, the vendor has committed significant human and financial resources to addressing security issues.
Many would agree that Microsoft gets a somewhat unfair rap for security problems simply because it has many high-profile products.
"I don't believe Windows is really any more or less secure than other operating systems, said Joshua Lutz, senior network analyst for a large Boston law firm. "Microsoft gets hit from the operating system side, from the Web server side, applications, and e-mail."
But, added Lutz, that doesn't mean he'd buy a Microsoft security product. "We hope to mitigate attacks by having multiple vendors. So, being a Windows shop on the back end, we get piece of mind from having non-Microsoft [security] products on the front line."
Dinerman agreed. "When it comes to security, I want a separation of powers," he said. "Windows provides all the functionality we need, but I want a separate party to conduct the audit of my security."
There's also the issue of migration in organizations that may have dozens, hundreds, or thousands of desktops running AV software. As Tom Kroll, network systems and security administrator for Hinshaw & Culbertson LLP, a Chicago law firm, notes,
"Any antivirus change would involve uninstalling our current vendor. I'd have to have a compelling reason to subject myself to that," Kroll said. "In addition, our user community knows our current antivirus software. If I make a change, I have to educate almost 1,000 people."
Microsoft is currently pushing OneCare Live at consumers, not the corporate market. That's good, say experts, as home users tend to automatically buy whatever Microsoft has to offer, while businesses often prefer best-of-breed, especially with security software.
Richi Jennings, analyst at Ferris Research, a San Francisco-based messaging and antivirus research firm, predicts home users will gravitate toward OneCare Live, to the detriment of vendors like Symantec and McAfee, which also sell to consumers.
"Right now OneCare is a separate product, but if they bundle it with Vista [Microsoft's next version of Windows], they could destroy that market like it did for disc fragmentation and PC faxing, by adding them to the operating system," says Jennings.
But, at least for the short term, Microsoft is not likely to steal any thunder from competitors selling security software to businesses. "Business people will be pretty circumspect about buying a Microsoft-branded security solution," notes Jennings. "They're not going to want to buy a security product from a company that has not been a security vendor."
Sue Hildreth is a Boston-based freelance writer specializing in enterprise software. She can be reached at Sue.Hildreth@comcast.net.