Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/8/2006
05:00 PM
Commentary
Commentary
Commentary
50%
50%

Microsoft: About To Be KO'd In Security?

It's been a while since the industry has seen a good David-and-Goliath fight, but you might want to line up for a ringside seat at this one. Microsoft is taking on Symantec and others in the security realm, but the interesting thing is it's not clear who the giant is in this fight--nor is it a necessarily a given which will win.

It's been a while since the industry has seen a good David-and-Goliath fight, but you might want to line up for a ringside seat at this one. Microsoft is taking on Symantec and others in the security realm, but the interesting thing is it's not clear who the giant is in this fight--nor is it a necessarily a given which will win.Contrast this situation to the industry of ten years ago. Microsoft was everywhere, so much so that it was being taken to task by governments around the world for monopolistic practices. When Microsoft aimed at any given niche, the existing vendors in that market were pretty quickly goners. The integration into Windows of a Web browser, media player, and other elements that had previously been separate software packages left the vendors in those markets, if not completely dead, then at the very least gasping for air and looking for other ways to make money.

This is certainly not the case today. Microsoft has failed to make serious inroads in the enterprise applications space, for one, despite numerous attempts to do so. Its online offering, MSN, is a distant competitor to Google and others, and it's still battling antitrust issues in Europe, Korea, and here at home.

Still, a giant's gotta eat, and so here Microsoft goes into the security area. I don't think we're going to see a complete rout of existing players the way we likely would have a decade ago. In fact, Microsoft stands a good chance of being knocked into the ropes in this fight.

In the consumer space, Microsoft arguably has some momentum through name recognition by consumers and deals with resellers. (Symantec's certainly got a few of those deals, too, so I'm not willing to put any money on this one.) It also doesn't hurt that Microsoft's OneCare Live subscription service allows users to protect up to three home computers for one flat annual fee of $49.95. Perhaps Symantec will see the wisdom in changing its licensing policies to compete more aggressively on this front.

Also, Microsoft's OneCare Live does more than just protect the PC, it helps with system optimization and backup tasks, too. It's a nice little package for not a lot of money, our reviewer said a while ago.

Symantec is certainly battling back, with its own consumer security service due to launch in September, a couple of months after Microsoft's. Details of Symantec's offering haven't been announced.

Nor has Microsoft let on much about what it's doing in the enterprise security area, although it's planning something, initially in the antivirus space. Here, though, I think Symantec and McAfee are going to give Microsoft a good run for its money. Security pros know and trust these long-time vendors and the products work. Making an ROI case for replacing a core enterprise software package 'just because' is not a good way of endearing oneself to the boss.

Most important, perhaps, is that these third-party apps are agnostic. They run across multiple operating environments and hardware platforms, and they work with other vendors of related ecosystems. Microsoft has been notorious for its stubbornness to play nicely outside its own servers and software, one reason why most shops of any size can't seriously consider Windows to, say, run their data centers. It's a multivendor world, a fact Microsoft has long refused to consider, and that's why enterprise systems management and, yes, security, remain an enigma to Microsoft.

"Live," also known as hosted, software isn't going to help here, either. Too many large enterprises run their own software and it will require a huge change in their IT model, and it will be many years before that happens. I don't think it will, not with IT playing the central and core role it does in many large firms. Hosted software also doesn't address the integration and multivendor issues.

What do you think? Does Microsoft stand a chance in the security market? Drop us a line below and share your thoughts.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7029
PUBLISHED: 2020-08-11
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged ...
CVE-2020-17489
PUBLISHED: 2020-08-11
An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible f...
CVE-2020-17495
PUBLISHED: 2020-08-11
django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.
CVE-2020-0260
PUBLISHED: 2020-08-11
There is a possible out of bounds read due to an incorrect bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-152225183
CVE-2020-16170
PUBLISHED: 2020-08-11
The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded credentials.