One year after it surprised rivals and partners by jumping into the anti-virus market, Microsoft Corp. still has no clear AV strategy, and users are still hanging on to the promise of integrated Windows protection.
The company’s sluggish AV development is a far cry from the plans Microsoft trumpeted when it acquired the Romanian company GeCAD Software Srl. last June. At the time, officials in Redmond, Wash., said they planned to use GeCAD’s technology to develop new products and enhance the security protections in Windows.
The news enticed some users but worried others. And it was especially disturbing to anti-virus vendors such as Computer Associates International Inc., Symantec Corp. and Network Associates Inc. The vendors, all major Microsoft partners, along with some enterprise security managers, were concerned that building AV into Windows would force users to accept the company’s solution and abandon third-party tools.
Until recently, Microsoft officials had said there were no immediate plans to build AV into Windows. They even promised to build a better API to make it easier for third-party AV products to work with Windows.
But now, 12 months later, Microsoft has done little to clear up the uncertainty surrounding its intentions for the GeCAD technology. Although Mike Nash, vice president of the Security Business and Technology Unit at Microsoft, reiterated last week in a widely publicized meeting with reporters in Seattle that the company is on track to offer its own AV solution, there has been no decision made about what form that solution might take.
“There’s no definite product plan. We do plan to release a solution, and it will be a for-fee product, but the delivery vehicle isn’t firm yet,” said Amy Carroll, director of product management in Microsoft’s SBTU and who reports to Nash. “It’s a big undertaking, and we want to make sure we get it right.”
Next Page: Will AV be integrated into Windows?
While Microsoft officials stressed that the AV solution will initially be a stand-alone product, separate from Windows, security industry observers speculated that the company will eventually integrate AV protection into Windows. In fact, they said this most likely will happen in the next release of the Windows client, code-named Longhorn, which isn’t expected until 2006 and is already scheduled to include a wide range of security upgrades.
Such a move would leave Microsoft time to decide how best to refine the technology to suit its needs.
“We would evaluate Microsoft’s solution, but I would be hesitant to use their built-in AV software exclusively. I would be more comfortable with the approach of using a non-Microsoft vendor for virus-scanning engines and virus definitions,” said James Jones, LAN administrator with a large health care system on the East Coast. “Better integration with Microsoft’s OS is a definite plus. I guess the question comes down to trust. Microsoft is headed in the right direction with their security, but the industry isn’t convinced yet, and it will be some time before we will be.”
Executives at big AV vendors, meanwhile, said they see no immediate reason to alter their strategies, despite Microsoft’s history of partnering with other vendors, only to compete against them.
“Traditional vendors who rely upon selling primarily individual point products or hawking cures for the latest Internet scare will find the security market cold and unresponsive,” said Sam Curry, vice president of eTrust Security Management at CA, in Islandia, N.Y.
Security specialists say that if and when that happens, customers would likelyat least in the short termbe able to stay with their current AV vendor.
Check out eWEEK.com’s Security Center at http://security.eweek.com for the latest security news, reviews and analysis.
Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page