An inherent conflict of interest

Microsoft is getting into the “anti” business. That is, the anti-spyware, anti-virus and, in general, anti-bad stuff business. The anti business is a pretty good one — to the tune of billions of dollars per year. The fact that almost all of the value of the business stems from the fact that Microsoft has not been able to get security right the first time makes Microsoft’s entry into the business more than a bit conflicted.

According to published reports, Microsoft’s OneCare will be more than just an anti-spyware and anti-virus package; it will be a subscription service targeted at home rather than enterprise users and will provide an auto-update function, as well as protect against viruses and spyware. Microsoft plans to try it out on its employees in the near future but has not announced when the service will be generally available.

My reaction when I first heard about the service was: “Hey, wait a minute. Microsoft caused this problem, so why should its customers have to pay extra to fix it?” But on second thought, because it might actually be technically or practically impossible to fix the problem at its source by not having so many bugs, charging to fix it might be the right thing from a number of points of view:

• From Microsoft’s point of view, it would be out of character to leave so much money on the table.

• From the point of view of the current players in the anti-virus and anti-spyware game, having Microsoft as a competitor is far better than Microsoft deciding to bundle the software into the base operating system.

• From an antitrust point of view, it is not clear that Microsoft had much choice than to charge a reasonable amount if it wanted to play in this field.

But Microsoft does have some significant advantages. The company will get very early word of any new exploits, likely before any of its competitors except in the case where a competitor discovers the vulnerability. Then there is the advantage of being able to delay fixing underlying bugs to encourage sales of OneCare — but Microsoft would never do that.

QuickLink: 051099

–Bradner is a consultant with Harvard University’s University Information Systems. He can be reached at

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now