Security from A to Z: Microsoft

The software giant has created a hole that many software companies are gladly stepping in to fill.

Microsoft's role in unwittingly creating a hole for the security industry to fill cannot be underestimated.

By producing an operating system that was ubiquitous and yet, when coupled with the rise of the Internet, all too vulnerable to attack, the software behemoth generated a need that other businesses gladly stepped in to service.

For many years an embarrassed Microsoft struggled to up its security credentials--spending money to train its programmers to write more secure software, and launching its so-called , which focused on improving the security and reliability of its products. This effort even included including conducting "security audits" of software prior to release to nail down as many bugs as possible.

The release of Windows Server 2003 was delayed three times, due in part to efforts by Redmond to improve its security and reliability.

The company also developed working relationships with some big names in security--encouraging Windows users to deploy third-party firewalls and other "shields" to stop hackers from reaching potentially vulnerable PCs.

But in summer 2003 there was a subtle shift in Microsoft's security agenda. The acquisition of an antivirus company called GeCAD signalled a new intention--namely, that it was planning to cut its own slice of this lucrative market. The unleashing of the MSBlast worm shortly afterwards--which exploited a massive vulnerability in Windows to infect millions of home PCs and taunted Microsoft with the message: "billy gates why do you make this possible? Stop making money and fix your software!!"--clearly added to the sense of urgency in Redmond.

Since then, Microsoft's momentum in the security space has seen it gaining ground significantly. In 2004 it bought Giant Software--a maker of antispyware, anti-pop-up and antispam tools, announcing soon after that this software would be free to all licensed Windows users. It also bought Sybari Software to bolster its corporate security offering.

This summer Microsoft launched Windows Live OneCare, a consumer security package that includes antivirus, antispyware and firewall software. And it has made security a focus of the refresh of its Web browser: Internet Explorer 7 has built-in antiphishing features. It has also been snaffling up smaller players in niche areas such as VPN security, helping to broaden its offering so it can grab an even bigger piece of the pie.

The incarnation of "Microsoft the security vendor" has inevitably led to increased rivalry with the rest of the security industry--which for years dined out on the insecurity of Redmond's wares.

This rivalry has been heating up of late as Microsoft has talked up the security credentials of Windows Vista. Security vendors complained of being locked out of the kernel of the next-generation OS. Vista has even drawn unwanted attention from the European Commission, which expressed anti-competition concerns over its built-in security features.

Natasha Lomas reported for in London.