Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

11/14/2006
07:40 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

800-Pound Gorilla Sits on AV

Incumbent antivirus vendors try to sound nonchalant with Microsoft's Forefront Client in beta and Vista just a couple weeks away

This is the third in a series of articles on the impact of Microsoft's entry into the security space.

As Microsoft today released the public beta version of its long-awaited software, the Big Three antivirus vendors continued to busily regroup and reinvent themselves before the other shoe -- Vista -- drops at the end of the month.

And at least publicly, Symantec, McAfee, and Trend Micro say they aren't losing sleep over Microsoft joining the party, but their actions speak differently. (See Microsoft Releases Forefront, The Vista-Forefront Security Two-Step, and Microsoft Beckons to Early Adopters.)

The writing is on the wall where consolidation is concerned. Microsoft is likely to own the antivirus and anti-spyware sector, first on the consumer side with OneCare Live, then possibly on the business side, too, with Forefront, industry experts say. "Microsoft is poised to make a huge dent in the $2.5 billion AV market," says Thomas Ptacek, a researcher with Matasano Security.

"The hot topic on everyone's mind is whether what Microsoft is doing is going to severely impact Symantec and McAfee, and it absolutely is," Ptacek says. "AV companies are worried that Microsoft is going to destroy the AV industry. That's definitely a reasonable concern."

Gone will be the days of a security vendor capturing 60 percent of the market, says Randy Abrams, formerly Microsoft's operations manager for its Global Infrastructure Alliance for Internet Safety, and now director of technical education for AV company Eset. Abrams says Microsoft's arrival will level the playing field for smaller companies like his, Sophos, Kaspersky Lab, Panda Software, and BitDefender, which can also more nimbly adjust to changes in the market. "There will be fewer mega-companies in the security space," he says, and more mergers and consolidation. (See AV Vendors Need Not Fear Microsoft.)

Meanwhile, this was a busy day for Microsoft. In addition to releasing five critical patches and one labeled as "important" for the monthly Patch Tuesday cycle, and releasing Forefront Client Security in beta, Microsoft also said today that it will begin shipping its Forefront Security for Exchange and Forefront Security for SharePoint -- both of which have been in public beta -- in December. It also added new application optimization features for its Intelligent Application Gateway, a combination SSL-based application access, Web application firewall, and endpoint security management product.

AV leaders Symantec, McAfee, and Trend Micro are banking on Microsoft's fashionably late and bare-bones version of the Forefront AV client to buy them a little time before they can get out of the way.

Other third-party security companies are doing all they can to distance themselves from AV and tout their differences and functions that go beyond what Microsoft can do at the desktop.

"Microsoft is going to commoditize malware," says Ross Brown, CEO of host-based intrusion detection vendor eEye Digital Security. "At the end of the day, you go wide: The problem is Microsoft is an 800-pound defensive tackle wearing rock-solid body armor, and if you go at them head to head, you're going to break your neck."

Brown says eEye's Blink product line is immune to Microsoft's PatchGuard restrictions in the Vista kernel, which have Symantec and McAfee up in arms. "We integrate at different layers. None of Blink relies deeply on kernel-hooking," he says of PatchGuard, which critics say limits the features AV vendors can offer atop Vista.

McAfee, for instance, says without sufficient access to the kernel, it won't be able to offer all the features in its IPS' heuristical behavioral detection, says George Heron, McAfee's chief scientist.

McAfee, Symantec, and Trend Micro meanwhile have been gradually broadening their security offerings for some time now in anticipation of Microsoft's arrival, but AV sales still represent most of their revenues, says Richard Stiennon, president of IT-Harvest. But they still hold a comfortable lead. "Their research and effectiveness will be better than Microsoft's for several years. They have plenty of time to stay ahead."

The big opportunities for major security vendors lie in premiere offerings for highly secure environments, he says, as well as hardware-based solutions and solutions that work across multiple platforms.

The multi-platform strategy is at the heart of Symantec's renaissance. The company plans to provide infrastructure security management across multiple vendor platforms, says Rowan Trollop, vice president of consumer engineering for Symantec. Trollop says Symantec's Security 2.0 initiative for enterprise security is to "remake sections of our company" in the next two years.

"You will see Symantec more woven into the fabric of the network." And that includes mobile devices, Trollop says. Its security software will be integrated with other vendors' devices as well as with ISP services, he says.

Symantec dismisses Microsoft's Forefront as late to the party. "We're not worried about [Microsoft]. The hackers will continue to move the stake, and we will continue to follow them," Trollop says." Microsoft's approach of a subpar [product] is not going to cut it."

"Their coming out with antivirus 10 or 15 years after the first viruses hit is almost laughable -- that's [viruses] a problem that's almost resolved," he says. "Symantec is moving on."

Trend Micro, meanwhile, which has traditionally been an enterprise AV vendor, may have a little more breathing room than Symantec or McAfee, which have a big chunk of the consumer space.

Lane Bess, global general manager of consumer products and services for Trend Micro, says Microsoft's security entry won't affect the company in the short term. But, he says, Trend has already shifted its attention to other areas: In 2007, for instance, Trend Micro won't be spending as much of its R&D dollars on AV, anti-spyware, and antispam. Its focus instead will be on Web-based threats.

"In the past, our R&D spending was 60 percent traditional antivirus, anti-spyware, and antispam. Now we've flipped that to two thirds on Web threats," he says.

And Trend, like Symantec and other security firms, is embracing the security-as-a-service model, a sector where Microsoft is no threat. "We will focus on Web threats... We see the market expanding into the cloud," Bess says. "This is where Microsoft hasn't been focusing."

And the reality is Microsoft really needs competitors in the desktop market, Bess says. "People will find vulnerabilities in the Vista platform and Microsoft does not want be out there all alone to respond," he says. "Microsoft benefits greatly by still having close partners and competition with security software vendors."

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • eEye Digital Security
  • ESET
  • IT-Harvest Inc.
  • Matasano Security LLC
  • McAfee Inc. (NYSE: MFE)
  • Microsoft Corp. (Nasdaq: MSFT)
  • Symantec Corp. (Nasdaq: SYMC)
  • Trend Micro Inc. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    State of SMB Insecurity by the Numbers
    Ericka Chickowski, Contributing Writer,  10/17/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-16404
    PUBLISHED: 2019-10-21
    Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
    CVE-2019-17400
    PUBLISHED: 2019-10-21
    The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
    CVE-2019-17498
    PUBLISHED: 2019-10-21
    In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
    CVE-2019-16969
    PUBLISHED: 2019-10-21
    In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.
    CVE-2019-16974
    PUBLISHED: 2019-10-21
    In FusionPBX up to 4.5.7, the file app\contacts\contact_times.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.