Microsoft has bought two antivirus companies and an antispyware company -- the latter acquisition has already produced an antispyware application for Windows -- since Bill Gates launched the Trustworthy Computing Initiative, which changed coding practices to make security Microsoft's first priority.
However, Gartner analyst Neil MacDonald said in an advisory on Friday that Microsoft has "missed an opportunity" to clarify its position in the security market by not stating its intentions. He said the company needs to -articulate whether it plans to be a leader in consumer and enterprise security solutions across desktop, server and server gateway".
"Microsoft's overriding goal should be to eliminate the need for AV and AS products, not simply to enter the market with lookalike products at lower prices," said MacDonald.
In the advisory, MacDonald predicts that Microsoft will launch a combined antivirus and antispyware product mid-2005, which will directly compete with established products such as Norton Antivirus from Symantec.
"This move will challenge antivirus vendors that depend heavily on revenue from consumers, such as Symantec, and vendors that derive substantial revenue from upselling enterprises to antivirus product suites that include desktops and servers, such as McAfee and Computer Associates," said MacDonald.
However, James Turner, security analyst at Frost & Sullivan, told ZDNet Australia that Microsoft's security strategy is a "commercially sensitive" area and the company is not obliged to reveal its strategy.
"The fact is that Microsoft have purchased a number of security oriented companies, anti-spyware and anti-virus. You don't buy a number of companies for the fun of it. This is part of a long term strategy," said Turner.
Additionally, Turner said Microsoft's attitude to security has changed since the launch of its trustworthy computing initiative. He cites the company's response to the recent attack on MSN Messenger.
"You don't just judge a company by what they say, you also judge them by what they do. Microsoft's recent clamp down on MSN Messenger to repair the vulnerabilities there is a clear sign that Microsoft can mobilise very quickly when something is completely within its control. If Microsoft was ignoring security the market would punish it and so would the legal system," said Turner.
Gartner's MacDonald also attacked Microsoft's decision to only create an updated version of Internet Explorer (7.0) for Windows XP, hinting that the only reason behind the decision is to force enterprise to upgrade from Windows 2000.
"The decision to restrict IE 7.0 to the XP platform also suggests that Microsoft wants to force users of older platforms to upgrade if they want improved security. If Microsoft wishes to be seen as a responsible industry leader in maintaining security for its products and its customers, it should provide IE 7.0 for Windows 2000 users.
"Furthermore, instead of making more evolutionary security improvements to IE, Microsoft should announce that it will fundamentally rearchitect IE with security in mind," said MacDonald.
The Gartner advisory concludes with recommendations that are likely to cause some concern to traditional antivirus vendors.
According to Gartner, companies should demand that their antivirus provider offers an enterprise-class solution - including antispyware - at no cost by the end of this year. Gartner also advises companies to demand a "converged desktop security product with antivirus, antispyware, personal firewall and behaviour blocking at a total price no more than 20 percent higher than what you now pay for standalone AV."
Neither Microsoft or Symantec were available for comment.
One day, some time into the future, I will have a desktop OS that simply provides a secure browsing experience. It will not require regular updates to prevent unsolicited intrusions in any form.
Since phishing attacks have been linked to trojan viruses with silent keylogging and scren capture software, most of Gartners points are mute.
There is now little division between intrusion vectors, as the combinations develop in complexity. Today I received a "returned" email in my Webmail, from myself. The ZIP file attached will provide a unique experience if clicked.
Get a grip, and please give us a system that incorparates a range of defences, and let MS pay for them, directly from the developers who continue to put their freeware software out to the public for testing in any case.
We pay enough for the internet as it is, without the constant intrusions, from a dozen new virus variations each week, spyware, adware, pop-ups and flashing banner adds. Embed and secure the GUI please. AV companies will survive in the corporate market across a wide range of platforms.