Beware the Microsoft 'monoculture'

Symantec CEO John Thompson discusses Microsoft's entry into the security space, the Veritas merger and Symantec's future.

Without diversity in security software for Windows, computers running the Microsoft operating system will be sitting ducks, Symantec CEO John Thompson warns.

Ever since Microsoft in 2003 announced it would offer antivirus products, Thompson has been asked how Symantec will respond. Microsoft is going after consumers with its Windows Live OneCare security package, slated for U.S. release next month, and is targeting businesses with its Microsoft Client Protection suite, expected by year's end.

Symantec will beat Microsoft by building better products and taking advantage of its security reputation, Thompson has said repeatedly. On Wednesday, while speaking at a Gartner event, he added that mass adoption of Microsoft's security tools could have an adverse affect on security.

"If all of a sudden the whole world uses the monoculture of Microsoft and the monoculture of Microsoft security capability, I am not sure we would create a more secure world," Thompson said. "Diversity in the security platforms supplied on top (of Windows), we think is of great value in protecting that infrastructure."

After his talk at the Gartner event, Thompson sat down with CNET to discuss Microsoft, Symantec's integration of Veritas Software and move to a more enterprise-focused vendor, as well as the future of Symantec and Thompson's own role at the company.

Q: You've said that Microsoft should make its products more secure, but that it would be dangerous if the world relied on Microsoft's upcoming security software. Would it become a major target?
Thompson: Look at what's happened in the Windows world. Hackers have decided that there is a very large, target-rich environment here. If all of a sudden now the infrastructure that is being attacked also becomes the common infrastructure for securing the environment and the attackers decide to attack that too, what does that say for computer users around the world who have embraced this monoculture?

I would argue the world is safer when you have diversity, not when you have a monoculture that is common that when one exploit is delivered, it can literally wipe out millions of machines around the world. Hence, we believe the world is safer with us and other security vendors adding capability on top of the Windows platform.

Microsoft should do more to protect Windows. They can and should protect the kernel of Windows, make it less vulnerable, and respond more quickly to vulnerabilities. They are doing a better job, but to suggest to the world that they are going to deliver all the security, we don't think that?s appropriate.

John Thompson videos

Video: Why Symantec will prevail
CEO John Thompson speaks about software and more with CNET

People always ask how you will counter Microsoft's upcoming entry into the security space. You've said that you'll beat them with your reputation and innovation. How are you going to out-innovate a company that has over $6 billion in R&D spending, more than your annual revenue?
Thompson: Microsoft spends its $6 billion on a wide array of things. They have a large R&D budget; it is spread very thin across a lot of initiatives. I would be willing to bet that the amount of money they spend on security is not nearly as significant as what we spend, because we're much more focused.

Another part of Microsoft's muscle, besides its R&D budget, is its marketing engine. It has got a big marketing budget and is going to go out there and market its new security offerings. How are you going to respond to that?
Thompson: When Microsoft does enter the market and has their aggressive marketing campaign, the whole world will benefit from that. It will start to create a level of awareness that, quite frankly, must occur.

We protect more people from more online threats than anyone else in the world, bar none. So there is a reputation value that we will certainly trade on as we think about our marketing activities and marketing campaigns over the course of the next year or so.

You don't take a company like Symantec through such a significant transformation without there being some challenges or pains.

Do you feel you have to ramp up your marketing?
Thompson: Certainly, there is no question about that. You can't have Microsoft essentially take all of the oxygen out of the air with their marketing campaign. So we have to have our own point of view that we bring to the market that stresses the history and longevity of Symantec in this space and leverages the more than 50 million users of our security products, leverages the fact that we have shipped more than 200 million copies of our antivirus product around the world.

There are wonderful statements that we can make about not only our pre-existing results in the marketplace, but the future of what we will deliver as the networked world continues to evolve.

Featured Video