Thanks for the post. There's much to be said for your point of view, to be sure, especially the argument that the world benefits from having multiple vendors, who may not share the same vulnerabilities as a Microsoft solution.

The challenge you're describing is one that many have had to deal with. As Microsoft, for instance, built systems maintenance capabilities into the OS, it put pressure on Symantec and others in the utility business. Symantec focused on premium versions of the utilities which offered value beyond Microsoft's integrated offering. Moreover, Microsoft's decision to build those features in broadened the market by raising awareness of the need for these utilities. Microsoft, however, is fundamentally a fast follower in the market. They wait for others to blaze the trail, and then copy a subset of their features.

I have a lot of sympathy for the place you find yourself. Your only choice, in my opinion, is to out-innovate Microsoft. As a user, I find that to be a good thing. It pushes the state of the art forward at a faster rate than might otherwise happen.

A

I compete with free and inexpensive products all the time, and in fact, I have a free firewall myself that I give away. The point is not price — the point is predatory pricing — where a large manufacturer like Microsoft comes into a market and undercuts the incumbents.

Perhaps some may think it's nothing to be concerned about, and perhaps they are right. One might, however, propose that the security industry should be a vibrant, diverse one; and that the business should not be dominated by one vendor who can be taken down by attack; and to whom the majority of the community relies upon. If Microsoft wants to compete fairly, I have absolutely _no_ problem with that. But if they want to undercut the market, it makes things a bit different.

I remember 15 years ago, when we had a variety of databases to choose from. Today we have primarily SQL and Access, at least for the small to medium business market. Microsoft priced Access below their cost, they blew the margins out the business, and took out the incentive for new entrants to innovate and push the envelope. The same goes for languages — we had Borland and other really innovative companies. Now we have Microsoft as the dominant commercial language provider. Borland has finally given up and is moving into automated testing.

It’s been the same wave in browsers, as well. The majority of the market moved to IE. And after that, we had the massive wave of adware and spyware, directly targeted at IE. And on and on and on. Is this healthy in the security market? Will new companies be able to get funding for their products? Will businesses continue to invest in this space, given that Microsoft may dominate? That’s the critical issue – will companies go on cruise control in the security market because major investment just isn’t worth it, while budding innovators put their efforts elsewhere?

There are those who welcome Microsoft’s entry into the security space, and many are feeling (justifiably) that there are security vendors who have been selling bloated, overpriced products and deserve a bit of a kick in their backside. It’s just that I question whether or not it’s healthy in the end to have a Microsoft hegemony in security.

Alex Eckelberry

In support of your point #2, MS (and every other OS vendor) will always keep raising the bar and moving up the technology stack, and ISVs need to as well. That's the way the platforms/apps game works, and everyone knows it. The day an OS vendor stops adding functionality and settles for simply polishing what they've already got is they day they die.

Personally I think the security services should be free and built in to Windows. The fact that it's been a 3rd party add-on market for years is negligent. It's like buying a car and then having to pay extra to buy safety belts and fix manufacturing defects found after you've driven it off the lot.

Also, I remember from my years at Sybari (now Microsoft!) that Microsoft did extensive research to locate where viruses came from, fron the point of vue of infection vectors. It turned out that over 90% (if my memory serves me right) of virus attacks came from home PCs, not corporate networks and most of those PCs has either deficient/expired antivirus technology or none at all.

After these findings, guess what Microsoft did? They bought http://www.ravantivirus.com/ back in 2003 and we're finally seeing in the home security products and Antigen the fruits of owning an antivirus scanner.

All those Dells, HP's and Gateway boxes with 60/90 days of McAfee or Norton are just not cutting it and Microsoft took matters in their own hands. It's that simple.

I sympathise with folks like Sunbelt, they're stuck in the "innovate or dissapear" situation. But Microsoft is doing something which will result in a better global computing experience and you can't dispute that.