Microsoft Corp.'s announcement Tuesday that it will acquire the antivirus engine and virus signatures developed by Romanian antivirus vendor GeCAD Software Srl. throws a long-anticipated wrinkle into the antivirus market, a Forrester Research analyst said.
Granted, antivirus technology is approaching commodity status, but there is still significant money to be made selling licenses, services and support to large enterprises, said Cambridge, Mass.-based Forrester Research Inc. analyst Jan Sundgren. Microsoft's leap into this space was long considered inevitable.
"Long term, this only attacks one part of the market," Sundgren said. "The competition is diversifying anyway into much broader security suites. Antivirus is a market that is slowly disappearing, though there is still a fair amount of money in it."
Jonathan Perera, a manager in Microsoft's security business unit, said that Microsoft would not continue to develop GeCAD software, currently sold as RAV AntiVirus. Instead Microsoft would add GeCAD's engineers to its development team and they will work to enhance security in all of its Windows products as part of its Trustworthy Computing initiative. In addition, Microsoft will re-brand the antivirus technology as a fee-based add-on to future Windows platforms. "This won't be given away for free," he said.
The deal is subject to regulatory approval.
Sundgren said competitors like Network Associates Inc., Symantec Corp., Trend Micro Inc. and Sophos Inc. have to be concerned about Microsoft's leap into the antivirus market, in particular if the GeCAD technology becomes featured in Longhorn, the next version of the Windows operating system. Microsoft, however, said it would not stop customers from using antivirus protection from other vendors and added that it would continue partnerships with other vendors.
"Vendors don't like to have to justify themselves as a third party to customers," Sundgren said. "Microsoft will get its market share, and this may be attractive to customers. If the technology is good enough, they may try it first with Windows before moving to a third-party vendor."
Network Associates president Gene Hodges said that his company offers the management, support and services that Microsoft would need to establish before becoming proficient in this space. Microsoft, Network Associates and Trend Micro recently formed the Virus Information Alliance, an information-sharing group that will exchange data on new viruses in order to disseminate information and protection to customers in a timely fashion.
"The big issue is the guy writing the type of virus or worm attack that we can't stop that's going to hit a customer quickly, and we don't have the technology to fix it," Hodges said. "That's where we lose."
Hodges said that NAI, which offers McAfee antivirus protection to enterprises and home users, is developing intrusion-prevention technology -- acquired in April from Entercept Security Technologies Inc. -- which blocks inappropriate application and system behavior. This, he said, is the next generation of protection against rapid threats like the Slammer worm, which in January blew open holes in Microsoft SQL Server and spread across the Internet in a matter of minutes.
"You have to have the management software to pull all of this together, along with the support and services to protect customers within 30 minutes," Hodges said. "If you can't do the job for customers, they're going to look elsewhere in a hurry."
U.K.-based Sophos raised some concerns about the level of protection to be eventually offered by Microsoft.
"Providing a viable antivirus solution to the market requires far more resources and commitment than most people realize," said Chris Belthoff, Sophos senior security analyst. "In addition, what happens to GeCAD's current customers? I'm thinking particularly of those that use GeCAD's antivirus solutions for competing operating systems such as Linux. Will Microsoft continue to support them as well?"
Pete Lindstrom, research director with Spire Security, in Malvern, Pa., said that Microsoft's Next-Generation Secure Computing Base (formerly Palladium) may make all of this a moot point. NGSCB, a policy-based architecture that allows certain defined behaviors and denies others, could reduce the need for antivirus technology, Lindstrom said.
Microsoft's Perera said the acquisition would eventually help secure those customers not using NGSCB.
FOR MORE INFORMATION:
FEEDBACK: Will this acquisition be a positive for the security market?
Send your feedback to the SearchSecurity.com news team.