Alex Eckelberry, president of Clearwater, Fla.-based security vendor Sunbelt Software, says that's exactly what the software giant is doing, and offered numbers to back his claim in the Sunbelt blog.
He said it's bad enough Microsoft is getting into all aspects of security. But now, he said, they are going to "kill their competition through predatory pricing." He cited Wikipedia's definition of predatory pricing, where "a dominant firm sells a product at a loss in order to drive some or all competitors out of the market, or create a barrier to entry into the market for potential new competitors."
In the case of its security pricing, Eckelberry said, Microsoft is endangering the entire security ecosystem with ruthless, "Standard Oil-style pricing."
His first example is Microsoft's Windows Live OneCare product, which rolls antivirus, antispyware and firewall capabilities into a single tool.
With OneCare, he said, it costs $49.95 for three PCs, an average of $16.65 per machine. By comparison, he said, McAfee's and Symantec's three-user antivirus offerings are priced at $69.99 and $89.99, respectively. "Incredibly," Eckelberry said, "Microsoft has priced themselves almost 50% below the market leader, and no one has said a peep."
With Microsoft Antigen, he said, the software giant has priced themselves in excess of 60% less than Symantec, an "astonishing" difference in price. "Microsoft has effectively low-balled the entire antivirus industry in one fell swoop," he added.
What's disturbing about all this, Eckelberry said, is that Microsoft could end up owning a majority of the market share in the client-based security market. This will stifle innovation, he said, and venture capitalists will be less eager to invest in the next great security idea or product. Entrepreneurs will be less willing to start a new company in the security space, he added, given the risks of competing with Microsoft.
"It's one thing that Microsoft has destroyed competition in browsers, languages, word processors, spreadsheets, presentation packages, and all the rest," he said. "But it's another thing to kill competition in the security space, because the security landscape has changed."
He said there's now a tremendous incentive to hack Windows, because there's just so much money to be made by the bad guys.
What should the security industry do about all this? Eckelberry said Microsoft's march toward world domination must be stopped for Microsoft's own good. "I won't suggest what I think should be done," he said, "But something does need to happen."
In response, a Microsoft spokesperson said that while its top priority is the safety and protection of its customers, the market is full of opportunity for all security vendors to play a role in customer security.
"We believe that the Windows Live OneCare and Microsoft Antigen products provide a good value to customers and that all firms should compete to provide good value," the spokesperson said. "Our customers have made it clear that malicious software and other Internet threats represent a major problem and they want Microsoft to deliver effective solutions. Microsoft believes that customers want the freedom to choose the security solutions that work best for them and we're committed to seeing the sector stay competitive, with a large, thriving ecosystem of innovative companies."
This isn't the first time someone has warned of dire consequences in a world dominated by Microsoft. Nearly three years ago, security luminary Daniel Geer was fired as CTO of security firm @Stake for publishing a controversial paper warning that Microsoft's market dominance threatens U.S. securityAt the time, speculation abounded that @Stake fired Geer because it had an extensive partnership with Microsoft. Geer went on to become vice president and chief scientist with security vendor Verdasys Inc.
In his blog entry, Eckelberry went out of his way to point out that he has close friends at Microsoft and that Sunbelt is also in business with the software giant.
"My beef is with a number of strategic decisions that have been made by the company that should scare a lot of people," Eckelberry said. "So please, to my friends at Microsoft, don't take this personally. This stuff just needs to be said."
Excel zero-day flaws spark concern
While Eckelberry voiced his concerns about Microsoft's pricing practices, other security bloggers were focusing on more immediate Microsoft matters, like the zero-day flaws in its Excel spreadsheet program.
"For those of you that are still using the operating system from Redmond (insert Mac sigh), be aware that there is another Excel zero-day exploit in circulation," the Liquidmatrix blog warned after a second exploit surfaced Tuesday. "Be sure to take due care until this is patched."
Gary Longsine, founder of Missoula, MT.-based Intrinsic Security Inc., lamented in his Antiworm blog that the standard advice for mitigating the Excel threat -- being very careful opening unsolicited attachments -- is no longer effective because the bad guys have gotten good at making messages look as though they are from trusted, solicited sources.
He said he interviewed a few victims of a recent worm that propagated via instant message programs, some of whom were trained IT professionals who had spent a lot of time during the course of the year explaining to users that they shouldn't click unexpected attachments. "Well, the virus in question was somewhat clever," he said. "It nearly always appeared to be from someone you know. It sent an attachment which appeared to be a spreadsheet (it was instead an executable virus). It used cleverly mundane subject lines."
Nearly all of the victims had received a virus pretending to be a spreadsheet that appeared to be from someone they regularly receive spreadsheets from by email, he said.
"I've given this advice [to beware of unsolicited attachments] myself many times, trying to carefully explain how to tell good from bad emails, and good from bad free downloads," he said. "I think in general the advice hasn't been helpful to most people most of the time. High levels of ongoing infestation from adware and spyware, widespread damage from instant message "worms" and rampant identity theft all tell us that the advice isn't working."