Although McAfee Chief Executive George Samenuk and Symantec Chief Executive John Thompson have been friends since they both worked at IBM years ago, lately they've been fierce competitors in Internet security. Symantec has been the market leader; McAfee a scrappy challenger. But on Oct. 2, the executives found themselves publicly on the same page again.
McAfee (MFE) placed a full-page ad in the Financial Times to run an open letter against Microsoft (MSFT), saying the software giant is abusing monopoly power to promote its own line of security products—a claim Symantec started to make loudly last week in public statements. Said Samenuk in the letter, "Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats. Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops."
Chris Paden, a spokesman for Symantec (SYMC), was more blunt: "The M.O. of Microsoft is to prevent innovation from being able to happen, dumb down the environment, and then create solutions on their own."
LATE REACTION. Don't expect such rhetoric to ease up. Samenuk is in the midst of a two-day press tour and he's also looking to drum up support from regulators and competitors. "When it hurts the consumer, we feel we have to bring this issue forward," he says.
Not to mention the hurt Microsoft may put on his bottom line. Cynics say the hubbub has more to do with Microsoft's potential threat to what has long been a Symantec and McAfee cash cow: basic security software protecting Windows-based computers.
That's clearly part of it. Still, Microsoft has been publicly building a security business for the better part of two years, and only in recent weeks have allegations of monopolistic unfair practices come to the fore.
Indeed, back in February, 2005, Thompson said he wouldn't pursue any kind of anticompetitive back channels to keep Microsoft out of the security landscape. His contention at the time was that Symantec would just deliver a better product.
CLASHING PRODUCTS. So why the about-face? Samenuk, for one, says he thought Microsoft was going to be more collaborative with outside software companies. Then he saw the test version of Microsoft's new operating system, Vista, and tried running it with McAfee software. The first problem he found is that Microsoft makes its Security Center dashboard the default warning system for any new attacks or necessary updates.
Such dashboards come with Symantec and McAfee's software too, and in the past, the tools could keep a Microsoft system from sending duplicate alerts. Now, only the user can turn off that system. Microsoft says the purpose is to give people extra protection, particularly in cases where they stop using Symantec or McAfee's products. "We have no way to know upon uninstallation if (Security Center) is turned back on," says Stephen Toulouse, Microsoft senior product manager.
But Symantec and McAfee claim two dashboards are confusing and that, typically, two competing security products can confuse one another, crashing a computer. If nothing else, the default status arguably gives Microsoft, a newcomer to security, a leg up on becoming the new trusted name in computer health, the role that Symantec and McAfee have played for years. "It's emasculating to them," says Andrew Jaquith of market researcher Yankee Group. John Pescatore of Gartner goes further, saying, "Microsoft has definitely taken advantage of their monopolistic position on the desktop to give their own security products an advantage."
KERNEL CONTROL. The second complaint is that Microsoft has locked down the kernel, or guts, of the Vista operating system, preventing more sophisticated software from Symantec and McAfee from protecting the computer from the inside out. "In order to protect customers from the bad guys, you don't lock out the good guys," Samenuk says. "We're the people who've been protecting your product for years."
In the early days of Internet security, antivirus software and firewall software were cutting-edge products that protected a computer from threats before they could get in. They acted like a moat, keeping the bad guys from getting in. But as hackers got wilier, sending attacks through e-mail, the Web, or even instant messaging applications, it became clear this type of protection wasn't enough. Increasingly, more sophisticated software protected the computer from the inside out, watching for certain types of attacks, or suspicious behavior of attackers.
Now, Symantec and McAfee say, Microsoft is erasing all that progress by locking up its kernel, basically rendering useless much of the progress they've made in recent years. And as basic protection like antivirus and firewalls have become commodity products, the move could freeze the companies out of key growth markets too.
A PRE-EMPTIVE STRIKE. But is this about protecting a monopoly, or protecting the user? In essence, Microsoft is just making its software safer—something that critics have been saying it should do for years. Existing versions of Windows allow programmers to modify the kernel on the fly, while it is running. Microsoft has always frowned on the practice, but didn't forbid it outright. Legitimate partners like Symantec and McAfee could get in, but so could hackers. They in turn could embed software that enabled the functioning of bot.nets and keylogging programs.
The question is whether Microsoft has the chops to really make the kernel bulletproof. Once a hacker gets in, there's no software to stop him from doing damage, and many other programs will no longer work. More troubling is the fear that down the road, Microsoft will use this proprietary knowledge of its kernel to write more effective security software, giving itself an unfair advantage.
While McAfee and Symantec say this is about protecting the safety of the Internet, it's also a pre-emptive strike on any future unfair advantages. The people who write Vista and the people working on security are totally different staffs. Toulouse says the system will shut down if anyone—even someone from Microsoft—breaks in and tries to modify it. But Paden from Symantec fires back, "Microsoft wrote the code. To say, 'We can't access it' is disingenuous."
Both Symantec and McAfee say they've tried working directly with Microsoft for months, unsuccessfully, and are now resorting to the court of public opinion, hoping a backlash, consumer or regulatory, will succeed where diplomacy has failed.
Lacy is a writer for BusinessWeek.com in Silicon Valley and Greene is BusinessWeek's Seattle bureau chief
Printer-Friendly Version