Microsoft moves into antivirus realm

The software giant purchases antivirus technology from a Romanian company and plans to offer a paid-subscription service to protect Windows computers against the latest threats.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
4 min read

Antivirus software makers aim to protect users against Internet threats, but now have to face a new threat of their own: Microsoft.

The software titan ventured nearly to the Black Sea to get the venture under way. On Tuesday, it announced plans to purchase the technology and intellectual property of Bucharest, Romania-based antivirus firm GeCad and hire some of the company's employees.

Microsoft positioned the acquisition as the next step in its Trustworthy Computing initiative, a move aimed at securing what the company estimates as the nearly two-thirds of Windows users who don't have up-to-date antivirus software on their computers. While the software giant hasn't finalized how it will use the technology, the intent is to provide a paid-subscription service to Windows users, said Mike Nash, vice president of Microsoft's Security Business Unit.

"If they want to use antivirus software from Microsoft, that option will be available," he said. "I can't predict where customers are going to go, but I can tell you that our absolute goal is to get more customers protected."

While the Redmond, Wash., company charges consumers monthly fees for its MSN Internet service and for some online games, Windows Update--its security patch service for consumers--remains free. Nash said there are no plans to change that.

Microsoft can't predict how much revenue such a service could generate, Nash said, because the company doesn't know the final form the service will take.

The announcement had some antivirus software vendors worried. In some ways, the move into the antivirus market resembles Microsoft's attack on the browser market in the 1990s, an assault that left it with the vast majority of that market and the former leader, Netscape, as a footnote in Internet history. Wall Street, at least, seemed to see the similarities: The stock prices of antivirus software leaders Symantec and Network Associates dropped modestly in trading on Tuesday.

Special report
Damage control
"Slammer" attacks may become
a way of life for the Internet.

Gene Hodges, president of security software maker Network Associates, which commands a significant share of the antivirus software and services market with its McAfee products, waved off the comparison, however, saying that browsers are simpler than security software.

"I think there is a big difference," Hodges said. "Browsers didn't take down your network if you didn't have a vendor that could respond to the threat quickly. I think someone who is just going to offer (antivirus) signature technology is not going to be a big player."

Most antivirus software uses signature-based and heuristic-based algorithms to recognize threats. Signatures are short code snippets or patterns found in a virus or Trojan horse that are unique to the program. Antivirus software can use such identifiers to weed out bad programs from the good. Heuristics-based recognition tends to focus on behavior; for example, a program the sends itself out to a large number of e-mail addresses is likely a virus.

Hodges compared the potential inclusion of antivirus software in the Windows operating system to the incorporation of a personal firewall in Windows XP: The software improved the security of the operating system, but third-party personal firewall software still sells well.

Analyst Peter Lindstrom with Spire Security agreed with that assessment. "Some people are saying that the antivirus market is going to die because of this," he said. "That's hogwash."

Several antivirus firms, including security company Symantec, decided to wait for more information before commenting on the issue. Other companies that depend less on antivirus services for revenue, such as Computer Associates International, seemed less concerned.

Building trustworthy software
However, Microsoft left little doubt that the company planned to integrate antivirus protection into future operating systems.

"We see this as an important part of the platform," Microsoft's Nash said. "In our mind, it is consistent with our overall strategy of making the platform more trustworthy."

GeCad's antivirus engine, known as RAV, has performed comparably

Microsoft's antivirus inoculation
The software giant's purchase of
antivirus unknown GeCad spells
long-term trouble for Network
Associates and Symantec.

on tests to wares from other major antivirus companies, according to studies by the University of Hamburg. The company, little known until now, will still operate as a consultancy, Microsoft said.

Over the past year and a half, Microsoft has focused on improving security and making its product more trustworthy. With its reputation suffering from well-known virus and worm incidents such as Code Red, Nimda and now Slammer, the company retrained thousands of developers, revamped its development process, delayed shipping Windows Server 2003, and has released security guides for administrators.

The company has vowed to incorporate better support for antivirus software into its operating system, and created a virus information alliance to work with security firms on fighting the digital pests.

While the software giant could use its new technology to garner subscription revenue from the consumer market, antivirus companies predict the company will have a much harder time breaking into the enterprise market.

"Large companies want to choose best-of-breed (software) for better efficiency," said Chris Belthoff, senior security analyst with antivirus software maker Sophos. "All vendors have high (virus) recognition rates--what really matters is responsiveness."

Belthoff believes that the expertise of his company and others will set it apart.

"Microsoft has become one of several vendors now," he said. "I don't think they have a major advantage."