When Microsoft made a tentative step into the anti-virus business, with the acquisition of Romanian anti-virus (AV) developer GeCAD Software in 2003, I warned that the security software industry would soon be screaming “anti-trust” and would form an orderly line around Washington’s Capitol Hill to complain to US legislators over the company’s anti-competitive plans to make Windows more secure.
I wasn’t entirely correct, with the timing anyway. It’s taken three years for the bigger AV vendors like MacAfee and Symantec to decide that being locked-out of a much toughened Windows ‘Vista’ kernel might be bad for business and the first scream was heard in print this week, with a MacAfee advertorial in this week’s Financial Times; accompanied by an indignant squeak from the direction of Brussels.
Ironically, it was at the time of the GeCAD acquisition that Microsoft, firmly pursuing its Trustworthy Computing Initiative, told me that it would much rather see security in its products being inclusive, free and invisible but that the size of the industry surrounding the Swiss Cheese-like nature of Windows made this impossible. After all, Microsoft, with only itself to blame, now competes in an environment defined by anti-competition and anti-trust-style legislation.
Then, I argued that Microsoft was now in the almost ludicrous position of having to develop software that could never be too secure. If it did, then the anti-trust lawyers would descend upon Redmond in droves and as ever, the poor old customer would be forced to pay through the nose for peace of mind, ad infinitum.
Imagine for a moment buying a new house but with no locks on the doors or even windows. “Sorry sir says the builder, I’m afraid home security only goes as far as the latch on the front gate. If you want anything better, you’ll have to talk to one of our many partners, who will sell you anything from an Alsatian guard dog to a chain for the front door.
This isn’t as crazy as it sounds and is pretty close to the ‘Alice in Wonderland’ world of Windows security we now find ourselves in today as Microsoft, which has come along way since the start of its Trustworthy Computing Initiative, seeks to use the lessons its has learned to toughen up its next version of Windows, Vista.
According to MacAfee, writing about the Windows Vista Kernel argument: “Microsoft's new approach is misguided in principle, bad for innovation and competition. Above all it is bad for users."
Symantec adds: 'If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and manufacturers can continue to choose the best security solutions for the platform.”
So how ‘Open’ should Windows Vista really be? Should Microsoft have the right to decide how much access it gives to other companies in determining the future of a product that will make or break the company in the eyes of its customers from a security perspective? After all, if Microsoft fails us with Vista, who will ever trust the ‘trustworthiness’ of Redmond again?
But consider something else for a moment. The threats against the Windows Environment are also changing in a world of BotNets, Trojans, Phishing, Spam and serious and organised crime involved across the spectrum of the internet.
As the security in Windows, future and present, becomes tighter and more granular, some very large security software companies have reason to worry over future revenue streams.
So is this really what all the fuss is about, the diminishing size of tomorrow’s security ‘tax’ on the computer user or is it really about competition under threat once again in the wonderful world of Windows?