The big question to emerge was whether Microsoft has bitten off more than it can chew, with Bill Gates laying out the firm’s aspirations in antivirus and anti-spyware to a mixed reception from commentators and downright hostility from competitors.
Mr Gates took center stage at the start of the conference, suggesting in his keynote address that Microsoft will give away consumer anti-spyware software for free, and that it will deliver desktop antivirus before the end of the year.
Antivirus for the mail server will come sooner. Microsoft has acquired Sybari Software, which makes a product that combines virus scanning engines from multiple smaller vendors to scrub email before it hits the desktop.
It’s argued that having a single engine to do that scanning is really not sufficient, Mr Gates said. You really want to take the best ideas of many people writing these scanning engines, and get those working on your behalf.
This perhaps would not be so bad if Sybari had deals in place with the Symantecs, McAfees and Trend Micros of the world, but it does not. And there’s no talk of bringing in third-party products at the desktop.
We can also say that we’re on a path to deliver a product that includes AV capabilities broadly to consumers by the end of this year, Mr Gates said. Microsoft bought GeCad Software in June 2003 to achieve this end.
Rivals knew this was coming. Microsoft bought GeCad close to two years ago, and picked up an anti-spyware capability in December, but the keynote acted as a catalyst for competitors to officially start getting angry.
No sooner had Mr Gates left the podium than John Thompson, CEO of Symantec, which has the biggest share of the antivirus market and has thus the most to lose, was in his place, reminding potential customers that security is not Microsoft’s forte.
We applaud Microsoft’s security initiatives, Mr Thompson said. They are very necessary but, in my opinion, not sufficient for large enterprises. They don’t offer a cross-platform heterogeneous solution and genetically they may be incapable of doing so.
Sybari had a definite Microsoft-oriented technology focus, to the point where its pre-IPO regulatory filings were filled with warnings as to what could happen to its business if Microsoft started to compete in the email antivirus segment.
That’s why Symantec and other purpose-built security companies will always be a better alternative, Mr Thompson said. We provide common tools across the many disparate environments present in every large enterprise and we aren’t distracted by computer games and a host of unrelated security stuff going on.
One antivirus CEO, speaking anonymously to MarketWatch.com at the conference, reportedly described how he, losing his way at Microsoft’s Redmond campus, stumbled across a roomful of Microsoft executives being briefed on deriving innovation from vendors.
Depending on how you look at it, the anecdote lends either substance, or more apocrypha, to the oft-repeated story of the startup that thinks it’s negotiating a big contract with Microsoft, only to realize after the meeting is over that it’s actually been training the Microsoft executives it will shortly be competing with.
It remains to be seen whether Microsoft will be anything more than an also-ran in antivirus. It has substantial marketing leverage, and may produce a decent product, but it also has a poor reputation for security, and will face allegations of conflicts of interest when it starts trying to sell software that remedies the flaws in its other software.
Symantec was not all on the defensive, however. Its move into enterprise anti-spyware, also announced at the show, could be every bit as significant as Microsoft’s move into the consumer segment of the market.
Symantec is giving its anti-spyware capabilities away for no added cost in its enterprise desktop security products, on the basis that antivirus software should protect against those types of malware too.
Competitors are not offering such generous terms, and the anti-spyware market right now is dominated by startups that claim that spyware is a unique threat that requires a unique solution that should be paid for with a unique license fee.
Meanwhile, at the network gateway, Cisco used the RSA show to announce its entrance into intrusion prevention systems, taking aim at McAfee, Internet Security Systems and 3Com with devices and switch upgrades it said give 7Gbps IPS performance.
While a company the size of Cisco can hardly be accused of thought leadership when it comes to IPS, it has been targeting security for years, and CEO John Chambers left no doubt that Cisco will use its cash pile to buy its way into the market.
We will be acquiring aggressively, partnering aggressively and spending aggressively, Mr Chambers reportedly said at the show, referring to the company’s security strategy, as he announced a raft of security products.
The company that shares the conference’s name, RSA Security, also came in for overt competitive pressure early in the week, with VeriSign peeling off the second layer of its strategy to undercut RSA in the strong authentication market.
VeriSign announced an aggressive pricing strategy it claims will reduce the cost of one-time password tokens to less than $10 per user per year, but only in relatively large accounts where customers are migrating away from an RSA deployment.
RSA has shrugged off such competitive offerings before, but usually with smaller competitors. VeriSign’s core business is essentially authentication, and its pricing and service model have already proved attractive to a couple of big-name marquee accounts.
