It has happened so many times before and now the question is whether it will happen again. In the past, when Microsoft has decided to provide the same utility around which a cottage industry has formed, the cottage industry subsequently vanished. Such was the case with memory managers. Such was the case with disk drive compression. Microsoft officially enters the subscription-based anti-malware business when it roles out its OneCare service at the end of this year. What impact -- if any -- will the move have on vendors like Zone Labs, Symantec, McAfee, Webroot, Tenebril and others -- all of which are in that same business of protecting PCs from malware by regularly issuing the sort of information that PCs need in order to spot malicious software?
Comments on the news by ZDNet's audience members appear to be zeroing in on at least two major themes. First, given Microsoft's track record when it comes to securing Windows, users are asking whether or not the company can succeed in such categories as anti-spyware and anti-malware. Second, readers are complaining of the gall that any software company has in selling an insecure product, and then charging for the solution that might secure it.
But there's another point of view on these issues. For example, if Microsoft gave away OneCare for free, or if it takes advantage of its dominance in desktop and notebook computers to promote the service in ways that other anti-malware cannot, the entire desktop security software sector might go running to the trustbusters. By charging for the service, Microsoft keeps itself on an equal playing field with the rest of the solution providers and is therefore playing fair. The same could be said of the fact that the service isn't built into the operating system. At least not yet. It remains to be seen how or if the service will appear in Longhorn (the next version of Windows) when it ships.
Gregor Freund, for one, isn't worried. In my interview with the CEO of anti-malware solution provider Zone Labs (available as an MP3 that can be downloaded or, if you’re already subscribed to ZDNet’s IT Matters series of audio podcasts, it will show up on your system or MP3 player automatically. See ZDNet’s podcasts: How to tune in), Freund talks about why Microsoft will never be able to secure Windows as effectively as can a developer that's dedicated to security. Freund also takes issue with my assertion (see The missing glue in the fight against malware) that no single vendor can successfully build a whitelist of applications that should be given a hall pass with the anti-malware products. He says Zone Labs has done just that, and goes on to say that, compared to the infrastructure Zone has in place, companies like Symantec simply can't scale or compete.
But, in the same breath, Freund says that if the various vendors want to form a consortium for building the ultimate database of legitimate applications and what they're expected behaviors are, he's all for it. I think this is the way to go. Not only does a single database make it easier on vendors who, in order to get the necessary "hall passes," would have no choice but to submit the details on their software (component names, expected behaviors, etc.), it can also include the expected behaviors of Web pages. For example, now that Web sites are getting hacked, if a certain Web page tries to redirect your browser to a place it shouldn't be going and that redirection doesn't match the expected behavior (according to the Web site publisher), then the redirection wouldn't be permitted.
Should we demand more cooperation amongst security solution providers? Will Microsoft's OneCare snuff the lights out of Zone, Webroot, Tenebril, and the rest? Listen to the interview and Talkback below.