In a world where those of us in IT are expected to provide bullet-proof client security solutions in order to make basic Internet activities like financial transactions and sharing of personal information safe, one of the more critical layers of Internet security is the client security software suite. An announcement made Monday has the potential to shake things up in this critical technology space -- as it raises questions about what the future of safe Internet client security will be.
Microsoft Corp. (Nasdaq: MSFT) said it will stop selling its OneCare suite in mid-2009 and, about the same time, will start offering a new security suite for its "client" operating systems (Windows XP/Vista/7) to the masses -- for free. It's code named "Morro" (for now, anyhow), and you'll be able to download it once it’s available.
At least publicly, Microsoft has switched gears quite suddenly here. Its OneCare for Servers and other offerings will likely have to be chopped as a result. But I have to say I like what's happening for its industry-shakeup potential.
Understand that this represents a substantial move in the client security space: This big company has just changed the rules of the game substantially. The client security software market is huge, and while there are a few smaller companies that provide free versions of their anti-virus software, the biggest players sell theirs -- and make a lot of money in the process.
It will be interesting to see how well Microsoft's new offering addresses the market's needs, and what impact the move to free software will have on the other companies competing in the space. I imagine there will always be a market for selling "more capable, better featured" software, but you still have to wonder whether antitrust questions will arise.
Something needs to change in the client security software market, and perhaps this will be the impetus. The fact is that the anti-virus and anti-malware software tools on the market do a pretty poor job of protecting computers from the newest and most malicious software. There's a substantial amount of badware out there infecting computers every day that the current tools simply can't recognize, so it passes right on through the security checks, unblocked and unchallenged. In other words, you can have the latest and greatest AV/AM software installed and running, and still get infected.
What the marketplace really needs is a whole new approach, a proactive one that can recognize malware in its various and polymorphic packages. Some security "protection" packages actually rely on letting the malware install and run, and watching to see if it does anything bad. That doesn't do much good in a world where I need to stop the infection in the first place. The technology exists out there to accurately recognize packed and morph-packaged malware practically every single time without having to let the malware install or run. I know, I've seen it. Feel free to call or email me if you're a security company that wants to know more.
At any rate, it will be quite interesting to see where Microsoft goes with this. Certainly a big market player like Microsoft has the ability to provide new security capabilities to the software products we use in huge volume all across the Internet, and it can potentially have an important and positive impact on the security landscape. Microsoft is one of the few companies that has the capability to create one strong solution, allowing all of us to benefit from that work. Identity and information theft via malicious software, along with distributed crime enabled by bot networks and the like, are problems that must be solved if we are to make the Internet and networked computers safer and ensure better protection for online information. And that fact needs to be top of mind when deciding what to do, as well as how and where to do it.
Fingers crossed for this client software giveaway.
— Greg Hughes, independent IT security consultant and blogger
This blog is part of Internet Evolution’s Security Clan, which looks at the present and future threats to Internet security and the methods being used to defend and protect users and organizations. Register here to join the Security Clan, and you might become eligible to win some cool stuff.