RealTime IT News

Doom For Anti-Spyware Software?

UPDATED: A Yankee Group report published today predicts imminent doom for anti-spyware makers with the release of Windows Vista. But don't plan a funeral for WebRoot and Ad-Aware just yet. First, Microsoft has to sell the darned operating system.

Microsoft still has not spelled out the system requirements for Windows Vista, with less than a year to go before its release.

But Andrew Jaquith, program manager for security solutions and services at The Yankee Group, and author of the report, said he expects Vista will require 1GB of memory or more, a Pentium 4 processor and a 128MB video card.

"These are not what you call lightweight configurations," he said.

So in order for the predictions in his report that anti-spyware vendors will suffer under the freely available Windows Defender in Vista, first thing that has to happen is Vista must be a hit, and he doesn't think it will be.

"We think it will be a lot less than the 400 million [installed base] they want to have out in the next 24 months," said Jaquith. "I do think they have made a strategic error in making the requirements so heavy."

Jaquith's report, "Microsoft's Vista Won't Stop the Windows Security Aftermarket," predicted a big hit for aftermarket firewalls and anti-spyware software.

Windows XP Service Pack 2 has a firewall, but it only handled inbound traffic. The firewall in Vista will handle inbound and outbound traffic, something currently handled by third-party products from Symantec and Check Point, among others.

But it is anti-spyware software that the report predicted will feel the most pain, as Windows Defender, bundled with the OS, will do for free what aftermarket products do now.

As was the case with Internet Explorer, Jaquith thinks Defender doesn't need to be the best out there.

"Free and good enough beats costly and elegant, if that makes sense," he told internetnews.com. "So regardless how good one of the anti-spyware vendors is, it's still something that costs money to buy. What comes with Vista might be just good enough."

And in a lot of cases, Microsoft will be going against entrenched interests. The larger software security vendors, like CA, McAfee, Trend Micro, Symantec and others, have added anti-spyware into their larger product offerings and have established customer relationships with larger companies.

Jaquith expects those companies will be happy to continue their relationships.

SMB's which may not have relationships with these companies or are more cost-sensitive, are more likely to consider Windows Defender as a cheaper and readily available alternative to third-party software, he said.

David Moll, CEO of spyware remover WebRoot, disagreed with the conclusion and the IE analogy. Web browsing is one thing, he argued, spyware is a much more serious issue. "Security tends to be a best of breed market," he said. "When I look at the latest phishing Trojans, I ask myself, do I want to have a pretty good freeware program guarding my back or a best of breed product protecting me?"

If any applications will suffer, he suspects it will be freely downloadable products like Ad-Aware and Spybot, not WebRoot's SpySweeper and other commercial anti-spyware products.

Moll also questions Microsoft's ability to be nimble against spyware authors. His company recently found spyware that mutates every hour, making it very hard to write signature files to recognize that kind of mutating spyware. He doubts lumbering Microsoft, which operates on annual release dates, can keep up. "When the threats move on that kind of basis, how does a company that misses release dates by years and operates on annual time move to a tempo of stopwatch time?" he asked.

The bigger security issue for Jaquith is the new User Access Control (UAC), which is designed to offer fine-grain security over the system but may prove a royal nuisance because it prompts the user for approval of normally minor tasks.

In the report, Jaquith quoted a blogger testing Vista, who called UAC "probably the most annoying thing ever invented."

"Microsoft is very firm about their viewpoint that they want users to have a choice in whether they are secure or not. And how can you argue with consent?" said Jaquith. "The real issue is how often do you ask users to give consent. If the answer is every five minutes, people will become numb to it."

Some things, like changing software or installing software, should require user approval. Changing the clock or deleting a shortcut should not.

The unhappy blogger cited in Jaquith's report had to run in Administrator mode to avoid being pestered constantly, when the whole point of UAC was to get away from Administrator mode in the first place.

Problems with UAC may end up causing the most heartburn for both Microsoft and end users, Jaquith said.