Microsoft Sweeps Into Security

Redmond claims its OneCare software offers PC owners all the protection they need, but it may be tough to dislodge Symantec and McAfee

About 18 months after promising a consumer-security product -- and striking fear in the hearts of rivals' shareholders -- Microsoft's OneCare has finally hit the market. The aim is to provide a low-cost, easy-to-use product that gives consumers antivirus, anti-spyware, and firewall protection. "The consumer experience is going to be a lot easier," predicts Gina Narkunas, lead product manager for OneCare at Microsoft. "OneCare is like a pit crew [taking care of your car] for your computer."

Given Microsoft's (MSFT) dominance of consumer desktops, the new software will likely have a healthy number of buyers, even with its price tag of close to $50. And that may end up being a good thing for the larger computer-security landscape. Despite the best efforts of Symantec (SYMC), McAfee (MFE), and other security software makers, between 50% and 70% of U.S. computer owners still lack even basic security software. Those unprotected machines are prime pickings for criminal groups looking for "zombies," or computers they can take over to do their nefarious bidding.

But how panicked should McAfee, Symantec, and their investors be? The security landscape has changed pretty dramatically since Microsoft first threatened to shake things up. And Microsoft has a lot of proving left to do. Here are five of the biggest questions it will need to answer:

1. How Secure Can Microsoft Be? Figuring out what vendor offers the best protection and the most comprehensive package is hard, even for seasoned analysts. For a harried consumer who simply wants to feel safe, it can be nearly impossible. That's where a trusted brand comes in, especially now that consumer confidence in the Internet is waning. According to a recent survey of 10,000 households by the Conference Board, 41% are purchasing less online than a year ago.

While Microsoft certainly has a dominant consumer brand, its software has also been riddled with weaknesses, thanks to aggressive hackers and the company's own missteps. According to Yankee Research, consumers and businesses spend some $3.6 billion a year protecting themselves from Microsoft's vulnerabilities.

And who do they turn to? Mostly Symantec's Norton line of products, which has a 64% market share in antivirus software, according to IDC. Those customers may not be willing to trust a company that isn't 100% focused on security, especially since the security stakes have ben rising. Threats have become increasingly stealthy, and are now often designed to steal sensitive financial information, not just crash a computer.

2. Can Microsoft Innovate? Microsoft is packaging an easy-to-use version of software that has been around for years. Its selling point is that it's a one-stop-shop, not necessarily that it stands up to threats better than competitors. And every day, hackers are coming up with new ways to thwart security defenses. As the threat landscape evolves, Microsoft will have to prove it can come up with new answers to new threats, the way Symantec and McAfee have with phishing and spyware.

So far, Microsoft has largely bought its way into the market, with acquisitions of such players in the field as GeCAD in 2003, Giant Company Software in 2004, and Sybari Software in 2005 (see BW Online, 2/9/05, "Microsoft's Bulging Security Portfolio").

3. Is Microsoft Swift Enough? Redmond won't only have to prove it can innovate but also that it can innovate quickly. And it isn't really known for being quick on its feet. Its new operating system, Vista, has been delayed numerous times and Gartner Research said recently it expects yet another postponement (see BW Online, 3/21/06, "Microsoft's Receding Vista"). And OneCare itself is coming to market a full year and a half after it was announced. Microsoft will have to move faster to stop the bad guys, and maybe it will. "Microsoft has a history of getting it right over time," says Andrew Jaquith, analyst at Yankee Group.

Meanwhile, Symantec isn't slowing down. Enrique Salem, head of Symantec's consumer business, announced the company's intention to introduce a test version of Norton 360, previously code-named Genesis, in July. The product is a departure from Symantec's retail, shrink-wrapped software roots since it's delivered over the Web for a monthly fee, with constant real-time updates as security threats evolve (see BW Online 2/16/06, "Symantec's New Target: Consumers").

Both Symantec and McAfee have teams of researchers who scour the Internet for new threats as they emerge and quickly push out patches. Microsoft may have a hard time matching that focus, even with its massive resources. As Symantec CEO John Thompson quipped back in 2005 when Microsoft first launched its threat, "We aren't distracted by computer games or a host of other things not related to helping you secure your infrastructure."

4. Where's the Spam Block? For something that bills itself as a one-stop shop, OneCare is already being faulted for lacking spam filters. That might not initially seem like such a big deal, but it's the top way phishing attacks are being launched today.

The most common of them work like this: The user gets a note from a bank or Web site saying asking that they reset a password. They're linked to a dummy site, where their information is relayed to hackers who in turn use it for fraudulent purposes. In 2005, that kind of identity theft cost consumers $680 million.

"The emerging threats are more focused around online scams -- fraudulent Web sites, identity theft, e-mail scams, etc.," says Nilofer Merchant, CEO of Rubicon Consulting, which specializes in crafting defense strategies against big names like Microsoft. "You're kind of trying to protect the whole Web, rather than just a user's PC." Symantec's new Norton 360 product has a focus on threats sent not only through e-mail, but through Voice-over-IP and instant messages as well.

5. Can Microsoft Beat the ISP Connections? When Microsoft first announced its security push in January, 2005, the big fear was that the world's largest software company would undercut pricing and commoditize the market. As it turned out, McAfee may have beat its bigger rival to the punch.

The second-largest security-software company rolled out a new game plan last year: aggressive deals with Internet service providers. Now, subscribers to Comcast (CMCSA), America Online (TWX), EarthLink (ELNK), and others get McAfee firewall, antispam, and antivirus protection either for free or at a very reduced cost. Even Microsoft may not be able to compete with that.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE