COMMENTARY — Acknowledging last week that a Microsoft-provided spyware remedy is on the way, Bill Gates said, "This malware thing is so bad ....now that's the one that has us really needing to jump in." Gates admitted that even his own home systems have been afflicted by "that crap" spyware. Perhaps now we know what it takes for something to get promoted to the top of Microsoft's to-do list.
Spyware is a type of software that, like other forms of malware, most often afflicts users of Windows. Usually, it installs itself — often surreptitiously — on systems after users visit certain Web sites. Once installed, spyware engages in a variety of objectionable and nefarious behaviors such as monitoring system activities and keystrokes, sending the information it collects back to its authors, forcing the appearance of unsolicited advertising, and hijacking system settings such as the browser's default search engine.
Will Microsoft build its own anti-spyware utility into Windows == or will it acquire an existing product?
Judging by ZDNet reader comments, many Windows-watchers view Microsoft's potential inclusion of anti-spyware, anti-virus, pop-up blockers, or industrial-strength personal firewalls into any of its operating systems as a predatory attack on the cottage industries that feed off the Windows ecosystem. Although I agree that the inclusion of any such security functionality would likely wipe out relevant software sectors — and would be extremely unfortunate for the employees of those companies — I'm with Gates in his decision to "jump in." The existence of malware isn't Microsoft's fault and it's not unreasonable for customers of any software company, Microsoft included, to expect their software to be secured to the best of the solution providers' abilities. That said, when Microsoft has jumped in — particularly in the area of the personal firewall — it hasn't jumped to the best of its abilities. While the company may be trying to allow for the survival of third-party providers, it's making a mistake by including software that doesn't live up to the promises of its Trustworthy Computing Initiative. Judging by the firewall fiasco, the company would be ill-advised to include a toy anti-spyware solution.
If Microsoft is looking for a functionality cut-off point in order to leave third-party providers with a longer lease on life, that cut-off should come after "industrial strength" and before "multi-user, centrally administered." For example, inclusion of industrial-strength anti-spyware might adversely affect the long-term prospects for stand-alone products like LavaSoft's Ad-Aware while leaving room for the enterprise version of Webroot's SpySweeper (see "Spyware following spam into the enterprise"). Finally, if the company is really serious about spyware, it has no choice but to revisit the flawed firewall. Anti-spyware products can be very effective at keeping spyware off our systems. But, as Microsoft Steve Ballmer said over the weekend to a gathering of U.K. press, "There are bad people out there in cyberspace, and they are not going to go away." In the cat-and-mouse game of security, every time one door gets closed in the hackers' faces, they somehow open another one. Like any security solution, anti-spyware software will never be perfect. It's only common sense to make sure that the personal firewall included with Windows provides as good a safety net as possible by keeping spyware from phoning home (which requires outbound blocking, a feature that Windows' newly revamped personal firewall doesn't have).
With the clock ticking, Microsoft doesn't have time to build its own anti-spyware utility. Microsoft must make a buy. Recognizing that Windows must, out-of-the-box, address all of the most common threats and security-related afflictions, Microsoft will likely acquire a large, broad-based security solutions provider that already provides a one-stop shop for meeting Microsoft's needs: a single user interface to access all security functionality (a la Service Pack 2's new security dashboard), and a single on-line stop for all periodic software updates (something that could easily be woven into Windows Update). Which company — Symantec, Checkpoint (parent to Zone Labs), McAfee, or some other player — should be on Microsoft's short list? Sound off with your opinion in this article's discussion thread.