[ISN] What Price Security?

InfoSec News isn at c4i.org
Mon May 16 04:15:10 EDT 2005


By Robert MacMillan
washingtonpost.com Staff Writer
Friday, May 13, 2005

It's time to give Microsoft credit for doing the right thing, and I am
not talking about the Xbox 360.

I'll devote a few lines to the new game box/savior of the world, but
first let's examine Windows OneCare, the automated repair service that
will make computer security a reality for the average PC owner. It
contains tools to fight spyware and viruses, a firewall to block
sketchy data (incoming and outgoing) and patches security holes.  
Microsoft is testing the product among its employees now and expects
to conduct a public test later this year.

The company deserves praise for "un-befuddling" computer users who
ignore what they don't understand, but the strategy contains two
flaws: It costs extra and is incompatible with competing products.

A Microsoft official quoted in the New York Times said OneCare is
computer security for the "Jiffy Lube customer." I couldn't put it
better myself.

But even though computer security is like driving a car, the analogy
breaks down (ha ha) when it comes to money. Most people feel that if
they shell out thousands of dollars to buy a computer, the
accompanying software and a steady Internet connection, the companies
that make all the complicated technology work ought to take care of
security on their end. That is also true. In an age of phishing,
spyware, hackers, denial-of-service attacks and all manner of other
digital troubles, Internet security is a requirement.

What Microsoft should do is make the service automatic -- and free --
and allow techies and other people who feel they know enough about
security to handle it themselves to opt out of receiving it. To be
fair, we don't know how much OneCare will cost, but even if it's only
an extra $5 or $10 each month, you can double your money by betting
$10 that the cost will result in fewer takers. Cost-conscious
customers see maintaining a computer and Internet connection as a
steady flow of outbound nickels and dimes, and no amount of front-page
news stories about hackers and identity theft will persuade all of
them to pay yet more money for something that the head office should
provide from the get-go.

As for compatibility, OneCare will turn Microsoft from a customer of
the anti-virus industry into a competitor. This isn't a business
column, but it's worth noting that this culminates several years of
speculation that the software firm would make just such a move. As for
the computer user, this carries important implications.

Here's a note from the Wall Street Journal: "Mr. Hamlin said OneCare
won't work with competing security programs from the likes of Symantec
and McAfee Inc., because Microsoft wants to be able to provide
comprehensive support services. He stressed that Microsoft is aiming
at users who don't now use security software and may not know they
need it."

This could prove to be a mistake. Plenty of news sources wrote that as
many as 75 percent of computer users don't have updated protection for
their computers, but in reality, those people probably don't have a
clue what they have -- or don't have. When I use my mother's computer
and update the security settings, I don't bother to tell her because
she doesn't speak the language. "As long as it works," she would say.  
Hopefully the testing phase for OneCare will convince Microsoft to let
the product play nice with competitors' programs. Competition, even on
its own operating system, is something that Microsoft already knows
can lead to unpleasant outcomes.


More information about the ISN mailing list