Microsoft PC Satisfaction Security Software In Hands Of Channel

But many question how this will play out in the Windows XP code, and what it means for ISV partners like Symantec and Network Associates' McAfee.

Some partners that have the PC Satisfaction trial software in-house said it provides a good level of default antivirus, firewall and backup features for Windows XP--with minimal user intervention.

"You run it and it gives you a client, which has a Red Cross symbol and safety meter saying if your protection is weak, fair or good, and realtime virus scanning," said one solution provider who has seen and worked with the trial software but asked not to be named. "It is a threat to McAfee."

One solution provider now testing the software said the Windows user interface automatically offers prescribed "Actions" for users to take, as well as backup, antivirus scanning and firewall options that are easy-to-use and access.

According to documents provided to CRN, and screen shots of the user interface, the PC Satisfaction software's PC Safety Meter Score automatically changes the color of a user's screen to red or green, for example, to indicate the overall health of the computer. It also automatically runs virus scan after the software is installed and according to scheduled intervals following the initial scan.

According to the PC Satisfaction documents, PC Satisfaction backs up files daily by default, but users can customize settings by selecting "Change rules for backing up my files" on the Task List. One observer said, for instance, that although Windows XP has backup options, PC Satisfaction makes it easier for users to compress files, store them elsewhere on network and more easily restore them once a crisis is over.

A view of one screen shot, for example, shows a red highlighted "Weak" report for overall PC Safety and numerous options on buttons, including "show me full security report," "restore my files from backup," and "change virus protection rules."

Integrating security features into Windows XP by default--as opposed to offering options to users--has become necessary as hackers and worm and virus writers increasingly target major holes in the Windows code, partners say. According to Gartner, 10 serious Windows XP vulnerabilities have been announced since mid-July.

Since it was first reported by The Wall Street Journal on Aug. 14, the Redmond, Wash., software giant has insisted the PC Satisfaction software is only a marketing trial to evaluate customer interest in Windows XP protection. However, partners and observers are cautiously awaiting the results of the trial.

Nothing has been decided, but Microsoft hasn't ruled out the possibility of productizing the technologies in PC Satisfaction, a company spokesman confirmed.

It's too early to speculate what the trial might result in, said a spokesman for Microsoft. There's nothing to deploy [now], and it's very limited trial at this point geared at small business and consumers, he said.

The PC Satisfaction trial was conducted solely by the Windows XP team at Microsoft, but the company's Security Business unit is considering new security features across Microsoft's entire software portfolio, the spokesman said.

For instance, Microsoft is looking at a number of options to protect Windows customers from worms and viruses, including turning Windows XP's autoupdate and firewall connection features on by default, he said.

It's clear that Microsoft intends to enhance the Windows client and server before the next major upgrade, Longhorn, ships in the 2005-2006 time frame.

Microsoft would neither comment on the beginning and end dates of the trial nor the number of people invited to test the software. However, the company confirmed the technologies currently in the trial software are from Tiny Software, Santa Clara, Calif., and Authenium, Jupiter, Fla.

Tiny Software's firewall solution was selected because it tests outbound network messages, while Windows XP provides protection only for incoming messages, the spokesman said. Authentium's Command antivirus software was used because it easily fit into Windows XP, he said.

The integration of the code into Windows XP could affect ISV products in the SMB markets, including Symantec's popular Norton Anti-Virus, Firewall and Backup Solutions for the SMB space. McAfee also provides VirusScan and PersonalFirewall Plus for the SMB and consumers segments of the market.

However, a Symantec spokeswoman said the entry of Microsoft into a market often steers customers to look for better third-party ISV offerings. She also said Syamntec's consumer business has grown 52 percent and its enterprise business has grown 30 percent in the past year.

It is premature at this time to discuss a Microsoft security product, since it is our understanding the PC Satisfaction trials are part of a research project at this time, and no specific product plans have been announced, said the Symantec spokeswoman, adding that Symantec believes that many customers will continue to look to independent security companies to provide comprehensive threat protection for Windows and other popular operating environments.

John Pescatore, vice president for Internet security at Gartner, said Microsoft should fix the holes rather than add Band-Aids.

"If Windows didn't have so many vulnerabilities, we wouldn't have this problem," Pescatore said, adding that Microsoft's acquisition of GeDac and Pelican Software--and potential shipment of more protection products--is the wrong solution. "Microsoft should focus all of its security investment on making its products more secure faster, and not on buying security software companies. It should transform the antivirus market by making its products virus- and worm-proof, not enter the market to gain revenue by selling Band-Aids to cover vulnerabilities in its products."

One solution provider acknowledged that point but said hackers and virus writers will continue to attack top platforms.

"It is very difficult to argue with the crowd, whose viewpoint is that Microsoft should not rush products to market but instead lengthen their product release cycles and take the time to make the code better," said Michael Cocanower, president of ITSynergy, Phoenix. "I can certainly see that point, but where does one draw the line? If Microsoft adds three months onto a product cycle, will that make a difference? Six months? Two years? No matter what amount of time you add, the chance still exists that an exploit will be found."

Yet another source close to Microsoft speculated that the software giant may be looking to launch this as an add-on service to MSN for consumers and small businesses. "Maybe it's a way to add value to MSN," said the source, who asked to remain anonymous. "