A recent survey commissioned by IBM states that overall user confidence in the Internet is going down as the result of increased phishing and pharming attacks. Thirty-eight percent of the 700 people surveyed do not or will no longer bank online. Thirty-seven percent of those surveyed do not or will no longer provide credit card information online. Fifty percent won't use shared wireless connections in an airport or cafe. Sixty-four percent won't conduct online transactions on a networked computer. And three out of four think they're more likely to become victims of a cybercrime, such as identity theft, as opposed to a physical crime, such as robbery.
Given this erosion of online personal trust, there appears to be plenty of room for security vendors to market themselves as providers of effective desktop and laptop solutions. Later this year, both Microsoft and Symantec will roll out managed online security services, offering everything from remote-controlled antivirus protection to hard drive optimization in one neat little package. These services will go beyond just providing the necessary software--they'll include 24/7 remote monitoring of your desktop PC and the automatic application of patches and updates when necessary. Think of it as having an IT staff on call to keep your home computer up and running. This will also create the first real head-to-head competition for the two software giants. But more importantly, it'll force a difficult security question for some consumers: who do you trust more?
 |
Later this year, both Microsoft and Symantec will roll out managed online security services, offering everything from remote-controlled antivirus protection to hard drive optimization in one neat little package.
 |
|
|
Microsoft OneCare
Back in 2003 when Microsoft bought the Romanian antivirus vendor GeCad, there was considerable speculation whether the software giant would offer a Microsoft-branded antivirus product to compete with Symantec and others or simply fold such protection into the upcoming Windows Vista operating system. Microsoft did neither and, instead, announced last year that it would create an online service that customers could subscribe to annually that would deliver full technical support for the security and overall health of their PCs. Now available in a free public beta, Microsoft OneCare offers antivirus, antispyware, and antiphishing tools, as well as disk defragmentation tools and backup and recovery solutions. Final cost of the service has not been announced.
Given the increasing size and complexity of boxed Internet Security suites, making OneCare a downloadable service makes sense. Microsoft can add and subtract tools and features behind the scenes without the end user having to uninstall and reinstall apps. But the OneCare beta came under fire last week for supporting an insecure outbound firewall setting as default. And, frankly, having Microsoft monitor and fix your broken computer strikes me as disingenuous. I've already called Microsoft's service SopranoCare, since the software giant seems to be asking for "protection" money from its users. It's like Microsoft's saying to the customer, yeah, we wrote shoddy code, but pay us an annual fee, and we'll protect you from viruses and other malicious code.
Symantec's code-named Genesis
Symantec is also working on a managed-service solution code-named Project Genesis, which will include features that run the gamut from antivirus to disk optimization. Tom Powledge, director of product management consumer products and solutions, says that with Genesis, Symantec is starting from scratch, taking components from its existing stand-alone consumer security and performance products and revisiting the code, perhaps moving away from current signature-based dependencies that date back to the early 1980s. Symantec is looking to streamline Genesis, optimizing cutting-edge behavior-based heuristic tools obtained from its recent purchase of WholeSecurity for its consumer market. Final cost has not been announced.
|
Microsoft and Symantec are not alone in planning online managed-security solutions.
|
|
|
Symantec's solution, I think, is better. First, Symantec is not Microsoft, so at least you get the benefit of a third party observing the health of your Microsoft OS PC. Also, Symantec has its own worldwide threat system: it owns Network Operations Center, with thousands of systems worldwide creating an up-to-the-minute snapshot of the Internet's health. Symantec should, in theory, be able to tweak its Genesis behavior rules on individual desktops worldwide in a flash to respond to emerging threats. Say a threat comes down the line that's not related to Microsoft, will Microsoft have the same fast turnaround as Symantec? I wouldn't hold my breath. On the other hand, who's to say Microsoft won't start supplying its Windows security updates to its OneCare customers first, then later to the general public?
| |
Microsoft OneCare |
Symantec Genesis |
| Antivirus |
Yes |
Yes |
| Antispyware |
Yes |
Yes |
| Firewall |
Yes |
Yes |
| Automatic Windows updates |
Yes |
No |
| Backup to CD, DVD |
Yes |
Yes |
| Internet backup |
No |
Yes |
| Defragments hard drives |
Yes |
Yes |
| Removes unnecessary files |
Yes |
Yes |
| Boxed edition in stores |
Yes |
Yes |
But...Symantec?
Over the years, I've taken Symantec's individual consumer products to task as being out-of-step with today's security market, and we've granted Editors' Choice awards to other vendors in our antivirus, antispam, and Internet Security suites roundups. That said, I should give credit where it is due. Of late, Symantec has been taking the lead within the security community by helping to create a new antispyware coalition, and Symantec was one of the principal partners in announcing last week the first-ever standardized testing platform for antispyware software. Rolling out a new managed-care solution for desktops strikes me as another step in the right direction--assuming, that is, that the company really does improve the products and services it offers.
Symantec is not without its own Microsoft-security moments, of course. There was the recent disclosure that a longtime feature within Norton SystemWorks that allows you to undelete deleted material can also be described (and used) as a rootkit. There are also recent buffer overrun issues within Norton AntiVirus.
Any other choices? Perhaps
Microsoft and Symantec are not alone in planning online managed-security solutions. The pieces of the puzzle exist within other security giants, as well; Trend Micro, McAfee, and CA (formerly Computer Associates) have all purchased smaller security and PC-performance vendors in the last few years and could easily announce similar service plans at any time. As software moves away from boxed media distribution and becomes a strictly downloadable service option in the near future, the question becomes not whether online managed security makes sense for the home desktop user, but from whom? Whom do you trust?
If you had to choose one security vendor to guarantee your safety online, which vendor would that be? Talk back to me.
