Microsoft's enterprise antispyware may be anticlimactic

By Jennifer Lawinski, News Writer 19 Jul 2005 | SearchWindowsSecurity.com

Digg This!     StumbleUpon     Del.icio.us

As the world grows more connected, the ways in which the greedy and malicious exploit that connectivity grows increasingly sophisticated. First came viruses, followed by the

I don't know how it will be packaged yet, but that functionality will have a fee associated with it. Mike Nash, Microsoft corporate VP

menace of malicious spam. Now, any enterprise security plan also needs to address the threat posed by spyware and its more deadly cousin, the rootkit, a malicious program that takes root in the operating system.

"Rootkits are nasty, and right now the spyware [creators] are ahead of the marketplace," said Jennifer S. Davis, an infrastructure architect in Washington, D.C. "Right now the only remedy we have, when a machine becomes infected, we have to reload the operating system from scratch. Once a machine becomes infected, they're basically down for the day."

Between 20% and 40% of all help desk efforts are spent clearing computers of spyware infestation, said Peter Firstbrook, research director with Gartner Inc., in Stamford, Conn. And machines don't come to IT with just one rogue program that needs eliminating, there are several.

Microsoft will charge for the enterprise version

With its recent release of an Windows AntiSpyware beta, Microsoft is stepping into the antimalware market, and hopes to have an enterprise version of the product available soon. (The client antispyware beta was released in January and updated in June.)

"The enterprise version will provide visibility and control centrally," said Mike Nash, corporate vice president, security business and technology unit, at the Microsoft Worldwide Partner Conference 2005 in Minneapolis. "I don't know how it will be packaged yet, but that functionality will have a fee associated with it."

Analysts agree, however, that enterprise IT shops might not be willing to pay for a Microsoft antispyware product.

"If they do it right, it should be a no-brainer, easy to implement, no-cost solution," said Gartner's Firstbrook. "For a small or medium-sized business that would be very attractive." He said that in its first year, the product would attract smaller shops, and that enterprise adoption would depend on Microsoft's ability to prove itself as an enterprise-level security company.

Related links Prevention Guide: Detecting and removing rootkits in Windows   Spy Fighters: Antispyware lessons learned

Microsoft's release of an enterprise antispyware product could, he said, help drive down the cost of security suites from companies like Symantec Corp. and McAfee Inc. "If Microsoft comes out at half the price, the enterprises will use that as a tool on their incumbent vendors," Firstbrook said.

Licensing could be a barrier

Ed Moyle, founding partner of Security Curve, an Amherst, N.H., consulting firm, agrees that cost will determine Microsoft's success in the antimalware market as many antivirus vendors have already stepped into the antispyware arena.

"[If I choose Microsoft's products] I may lose some functionality in that dedicated antispyware players have a lot more specific features, but all in all, zero additional licensing costs is pretty tempting," he said. "If Microsoft makes any of that freely available, I think they'll sweep the market. If it's not free, I think the antivirus vendors will have a stake in the ground. I'm not sure how willing the market is going to be to ultimately bear additional licensing costs for more malware scanning, even if it is Microsoft."

Figuring in the MOM factor

Fred Cohen, a principal analyst for security and risk management strategies with the Burton Group, in Midvale, Utah, said Microsoft's entry into the enterprise antispyware market won't shake the industry's big security players because the company doesn't have an adequate enterprise-level management console. Low adoption of Microsoft's management software, Microsoft Operations Manager 2005, will ultimately hurt the company's antispyware efforts, he said.

"Microsoft doesn't have a good enterprise-wide control scheme," Cohen said. "What Burton Group has advised enterprises to do, is whatever your control mechanism is on the network-wide basis, you should apply that to the spyware problem. Why would you create unnecessary incompatibilities in your network?"

In the opinion of Jennifer Davis, the infrastructure architect, creating a more secure operating system will help eliminate the malware problem.

"It's the way the OS is designed to operate that the rootkits take advantage of," she said. Security enhancements slated for the next-generation Longhorn operating system could make her job easier, but malware doesn't seem to be going anywhere.

"Who can move faster, the writers or the protectors? And right now, it seems like the writers are moving faster," Davis said.

Tags: Endpoint security management tools,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Endpoint security management tools 20 days to a more secure enterprise How to get -- and keep -- user support with security MDOP for Windows 7 available now Microsoft's Online Desktop Manager caters to small IT shops Monitoring user activity with network analyzers Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Microsoft releases WSUS 3 SP2 with Win 7, R2 support

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary system tray  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary