The Microsoft Conspiracy: To Monopolize the Security Arena

Put your tinfoil hats on boys and girls. Here is another conspiracy in action.

A comment at Neowin.net brings up an interesting theory: "So which company stands to benefit the most from the surging demand for security software? That's right: Microsoft. "

This is interesting, even with my tinfoil hat sitting on my lap protecting my genital region from the death rays emitting from my monitor, caused by the Windows XP video drivers.

Ok seriously though, this is kinda far fetched. The thinking of the comment is that Microsoft is going to dominate the anti-virus market with the purchase of a Romanian software company called GeCAD, which is apparently now integrated into Longhorn.

Simply thowing technology at the problem isn't going to solve it. It is going to take years (possibly longer) for Microsoft to rebuild any sort of trust as it relates to security and its customers, and get their approach to information security right. Consider XP's firewall. Before the release of XP everyone was saying the personal firewall market will die because of Microsoft's new firewall. With XP now out for a few years, we can see this isn't the case. Why?

Microsoft is not an information security company. Their expertise is in writing consumer software, and their focus is not on getting information security right. During their functional design phase, the firewall in XP it appears it was not designed with security implementors in mind. Which is why its interface, its interaction with the system, and its whole approach to packet filtering is below standard. And is why more personal firewall vendors have done well in recent years. There is a good chance the same will go with the anti-virus.

As Microsoft continues its shift to more secure coding practices, new code will be more stable, but legacy code will continue to be riddled with bugs. Let us remember that every iteration of their latest OS has an NT4 core.... which is scarey to say the least. Not that NT 4 was bad at the time, but it wasn't designed with secure coding practices in mind.

As Microsoft solves their patch management problems, their code audit issues, and gets itself on track for their Trustworthy Computing Initiative, they will indeed release "shielding technology" (A Ballmarism quote) that will make their platforms stronger. Yet even in the face of this, because most information security specialists, system administrators and IT managers do not trust Microsoft when it comes to security, Microsoft will not yet dominate the security industry.

The information security field has seen a lot of consolidation and many small companies get gobbled up in the process. Microsoft was another company swallowing up pieces of technology to assist them in an area they are weak. And that is good business. They had two choices. Build it or buy it. Much more effective to do the latter when you can. Hopefully the anti-virus component will be more successfully integrated than the XP firewall ever was.

So lets not become vexed because Microsoft bought an anti-virus company, nor shall we use our tin hats for anything more than a solar powered popcorn maker. (*yum*) Lets hope that the way Microsoft benefits is through a more secure platform for critical business resources. Then its not just Microsoft that wins, but us all.