Windows Vista will have robust built-in security features when released early next year, according to a new report that says the platform upgrade will be good news for PC users, but could spell trouble for the PC security software industry.
The Yankee Group said the security features Microsoft is building into Vista will largely eliminate the need for PCs to run separate anti-spyware or firewall software. The firm says that could lead to turmoil in what is currently a US$3.6 billion market for Windows-related security products.
The firm “expects Vista to significantly shrink the aftermarket for anti-spyware and desktop firewalls,” said Yankee analyst Andrew Jaquith. The new operating system could also cut into other markets, including those for disk encryption, device control and certain types of host intrusion prevention software, he added.
Yankee Group said Vista could reduce the number of “critical security vulnerabilities” that Windows users are exposed to by as much as 80 percent, thanks to revamped coding and built-in security features.
The anti-virus software space — itself a $2.6 billion a year market –will not suffer from Vista, which will not include built-in virus detection or prevention capabilities. Instead, Microsoft hopes to entice users to sign up for its Windows Live OneCare anti-virus option, which will formally launch as soon as next month.
Though Yankee said major vendors are large enough to withstand any drop in business tied to Vista, the impact could still be significant, since the vast majority of PCs in operation worldwide run one form or another of Windows, and because such a large percentage of known security threats — spyware, adware, Trojan horses and viruses, to name a few — are built to target Windows machines.
Wait and See
The true impact of Vista on other software markets will not be known until the product is released, said Jaquith, since Microsoft continues to work furiously on development, hoping to make a now delayed release schedule that has the product available for enterprises and consumers by early 2007.
Software vendors that are able to quickly react to what Vista offers and that offer solutions to fill in gaps in the coverage will perform best in a post-Vista world, added Jaquith.
Some security vendors were quick to downplay the threat Vista represents. Symantec CEO John Thompson said his firm would produce better security products than Microsoft.
“We know more about security than they ever will,” Thompson said in response to the report during Symantec’s annual customer and partner conference. The Microsoft “brand is synonymous with a lot of things. Security is not one of them.”
The image hurdle may be the biggest one for Microsoft to overcome as it asks customers to forgo third-party protections in favor of built-in or hosted services from Microsoft.
“Users will gravitate toward a built-in solution because it’s easier,” Enderle Group Principal Analyst Rob Enderle told TechNewsWorld. Since Microsoft has been a favorite target of hackers in the past, however, with scores of vulnerabilities in its Internet Explorer browser and other products publicized and exploited, “users might take some time to get used to the idea.”
More Delays Ahead?
A lot will come down to execution, meaning that it may be well into 2007 or even later before the true impact of Vista on security vendors and others is felt.
In fact, some analysts are already predicting more delays in the launch of Vista, given the complexity of the upgrade and the number of new features Microsoft hopes to build into it.
Once it finally does hit shelves, meanwhile, Vista will pose challenges for users in both corporate and home settings as the additional security features will come at a price in terms of usability, Jaquith said. Tools such as User Account Control, which limits the privileges a Windows user has, could become an annoyance to some users as they upgrade, because some features will be turned on as a default setting.
That approach proved a stumbling block for some when XP was launched with the built-in firewall turned on, creating problems for users who were trying to connect to wireless networks, for instance.
In fact, Yankee has begun to recommend that corporate customers target sometime in 2008 for widespread deployments of Vista, giving cutting-edge users a chance to find and fix bugs in the platform in the meantime.