IT Life

Microsoft Details Antivirus And Anti-Spyware Timetable

But it must build credibility to compete with established security-tool players
Microsoft is stepping up efforts to become part of the solution to businesses' computer-security woes and overcome a reputation for being part of the problem.

The company will begin offering a test version of a new anti-spyware product to businesses by the end of the year and will test new antivirus and anti-spam software next year, CEO Steve Ballmer said at a news conference in Munich, Germany, last week. Ballmer appeared at the event in the technology-heavy German city with corporate VP Mike Nash, who heads Microsoft's security unit.

The software vendor is developing what it calls Client Protection technology that can guard desktops, laptops, and file servers against spyware, malware, and tools used by hackers to break into operating systems and applications. It's testing an anti-spyware product for home PC users, but Client Protection, which includes technology it acquired from GeCAD Software Srl. and Giant Company Software Inc., will offer management features for IT departments and integration with Windows Active Directory. Microsoft is working out details such as pricing and whether it will make the software available via the Web or CD.

The new antivirus and anti-spam security software, called Antigen, will run on messaging and collaboration servers, including Microsoft Exchange. Antigen is based on technology from Sybari Software Inc., which Microsoft acquired in June. Microsoft also plans to form an industry group called the Secure IT Alliance with Symantec, Trend Micro, VeriSign, and other companies. The group will build a development lab to design computer-security technology, according to Microsoft.

Michael Cherry, an analyst at technology consulting company Directions on Microsoft, says that Microsoft has an incentive to help its business customers avoid computer-security problems since they deplete resources that could otherwise go toward new technology. "IT departments have fixed budgets," Cherry says. "If, out of the blue, they have to spend three unbudgeted weeks fixing security problems, that's 1,000 man-hours lost from other projects. That has to be paid for with real money."

Security-tool testing will start this year, CEO Ballmer says.

Security-tool testing will start this year, CEO Ballmer says.
Microsoft has faced criticism in the past over the number of bugs in its software that cause rampant security problems for its customers. Nearly four years ago, in an effort to overhaul its development processes, the company halted development on Windows and other products to give its programmers remedial training on writing secure code. It also has established policies to close off avenues of attack in subsequent products.

But Microsoft must build its credibility in security products before it can challenge established players McAfee Inc. and Symantec for big business clients, says John Pescatore, Gartner's VP for Internet security. The Client Protection anti-spyware software is likely to have a more immediate impact on small and midsize businesses, particularly those that haven't yet invested in this type of security, he says.

Still, Microsoft's announced entry into the market for antivirus and anti-spyware software already is having an impact on competitors. Symantec has been diversifying its business and last week completed its acquisition of anti-phishing software maker WholeSecurity Inc. "A big giant is throwing a rock in the pond and creating innovation and pricing pressure," Pescatore says. "For years, the laws of competition and pricing didn't apply to the antivirus market; the companies were getting fat and slow."

Just don't expect customers to jump on the first version of Client Protection or Antigen. Says Pescatore, "Most enterprises will wait 18 months at least after Microsoft announces a product so they can judge the quality."