June 17, 2004

Not news - AV producers slip as Microsoft "competes"

Sometimes you see a business pattern like this: A company or government doesn't do its job. So up springs a service sector to fill the gap. After a while, everyone starts to think that's the natural state of affairs, but the canny business types know that these service providers are very vulnerable.

Such is the case here [1]. When Microsoft started talking about providing its own anti-virus product, shares in Symantec and presumably other anti-virus (AV) producers started sliding.

Hey ho, where's the news? Microsoft delivers a product that is weak on the security side, and strong on the user side. Now they've started working on security, and the turnaround has been painful and noisy, if not exactly measurable in progress terms.

Any investor in Symantec and any similar anti-virus producer must have been able to connect the dots in Bill Gates famous memo from security to viruses. Of course the mission would include reducing the vulnerabilty to viruses, and of course there would be some serious thought to two possibilities: writing the code such that viruses aren't a threat (why do we need to say this?) and creating an in-house AV product so the synergies could be exploited.

The latter is a stop-gap measure. But so is Symantec's anti-virus division: it's only there because Microsoft don't write good code. The day they stop this egregious practice is the day that we no longer need Symantec to take $100 out of our pocket for Microsoft's laziness.

Of course, the state of understanding in the security industry is woefully underscored by the claim that Microsoft needs to sell it separately rather than bundle it. Since when is it anti-trust to deliver a secure product? And, who in Microsoft legal hasn't worked out that if they sell on the one hand a broken product, and on the other a fix for the same, the class action attornies are going to skip breakfast to get that one filed?

[1] http://www.thestreet.com/tech/ronnaabramson/10166284.html
Symantec Wobbled by Microsoft Threat

Symantec Wobbled by Microsoft Threat

By Ronna Abramson TheStreet.com Staff Reporter 6/16/2004 2:47 PM EDT

Shares of Symantec (SYMC:Nasdaq - news - research) continued their recent slide Wednesday amid more definitive news that Microsoft (MSFT:Nasdaq - news - research) plans to enter its thriving antivirus software market.

Shares of security titan Symantec were recently down $1.60, or 3.8%, to $40.82. The stock has shed about 7% since Friday's close, while the Nasdaq Composite has inched down less-than 0.5% during the same period.

Shares of security rival Network Associates (NET:NYSE - news - research), another beneficiary of virus outbreaks, have declined 2.6% since Friday. Shares were recently down 20 cents, or 1.2%, at $16.72. Microsoft stock was recently off 17 cents, or 0.6%, to $27.24.

Thanks to the anti-virus market, Symantec defied the economic downturn as other tech names were struggling. In April, the company's stock hit an all-time intraday high of $50.88.

But Symantec shares began to tumble Monday after wire services wrote that Mike Nash, chief of Microsoft's security business unit, said at a dinner with reporters that the world's largest software maker is developing its own anti-virus products that will compete against Symantec and Network Associates.

"We're still planning to offer our own [antivirus] product," Reuters quoted Nash as saying.

Those comments came just two weeks after another Microsoft executive, Rich Kaplan, corporate vice president of security business and technology marketing, said the company was still undecided about what it would do with antivirus technology acquired last year from a Romanian security firm.

Kaplan was not available for comment Wednesday. Instead, Amy Carroll, director of Microsoft's security business and technology unit, confirmed Nash's comments and Microsoft's intentions to enter the antivirus space in a telephone interview Wednesday.

"What Mike said is not new," Carroll said. "Our plan is to offer an AV [antivirus] solution." The company has not yet announced a timeline for when the antivirus product will debut or details on exactly what shape it will take.

Microsoft plans to offer an antivirus product or service for a fee, but will not bundle it with its ubiquitous Windows operating system, she added.

Analysts have suggested that such bundling would undoubtedly raise antitrust eyebrows, given that Microsoft has been the subject of suits both in the U.S. and Europe, where regulators are still fighting the software behemoth over the bundling of its media player with Windows.

Observers have offered plenty of reasons why they believed Microsoft would not enter the field. Chris Bonavico, a portfolio manager with Transamerica Investment Management, has suggested one reason Microsoft will not jump into the space is because security is a services business that requires around-the-clock responses to new attacks, and Microsoft isn't a services company.

But Carroll said Wednesday that Microsoft already has a team called the Microsoft Security Response Center that monitors potential security threats to customers 24 hours a day, seven days a week.

Meanwhile, other have suggested consumers and enterprises will stick with third-party antivirus vendors even if Microsoft launches its own competing product, especially given Microsoft's spotty security record to date.

"In the consumer market, they [customers] may not be as savvy," said Tony Ursillo, an analyst with Loomis, Sayles & Co., which holds Symantec shares. But "I don't know if at least corporate customers will want to buy a product that patches the holes of another product sold by the same company."

"I think it will be tricky" for Microsoft, Ursillo added.

Posted by iang at June 17, 2004 02:58 AM | TrackBack

Shipping an A/V product is not selling a secure product.

The "secure product" would be to ship their operating systems and applications in a way that would make add-on applications superfluous.

The mechanisms of designing for security are well-understood. Why MS doesn't do it is a matter open for speculation.

Posted by: Axel at June 17, 2004 09:50 AM

>> That article also mentions that 5-20% of these emails work - the victim
>> clicks through using that nice browser-email feature and enters their
>> hot details into the bogus password harvesting site.

Damn, that's a high yield, no wonder it's booming. No wonder that we keep seeing those "e-gold maintenance urge" emails either.

Perhaps not just me, but the rest of the world should use Mutt for their mail reading. If not because it simply won't follow the links then toprotect the really stupid users from ever using email...


Posted by: Rick at June 17, 2004 08:02 PM

Norton Antivirus is a piece of crap. I tried to installed it and the installation failed. After hours of bullshit, installing a Win2000 service pack, bloating up my registry with at least 1000 obscure, new entries, 100 megs on the hard disk, going thru screens and steps all over their website and my computer (a connection I didn't even want in the first place) it still would not run. It bogged myPC down to a crawl, and I ended up reinstalling Windows 2000. So fuck those god damned bastards. They can keep my $70. it is a lesson well learned. I am just staying on bare Win2000 and taking my chances. I should have known, never to install any Symantec *crap*. They are just an out-sourced department of Microsoft to do things Microsoft would get in trouble for doing. They are kind of like those private military companies Rumsfeld hires to "do things" in Iraq.

Posted by: Todd at June 17, 2004 08:05 PM


There may be more to it than just the above. According to rumour (above link) Network Associates is gearing up to sell out to Microsoft.

Posted by: Iang at June 22, 2004 11:03 AM