Should Microsoft Be in the Anti-Malware Business?

This is a good question to discuss. As critics rightly point out, the weaknesses in Microsoft's operating system have led to many, if not most, of the security problems that allow malware to be installed on end-user desktops. Why should the company causing the problem be allowed to offer, and sell, the solution to a problem they created?

This is a valid question, but the nature of a free-market economy is that anyone is "allowed" to be in any business they want. Whether customers will "trust" the offering they have is a different question altogether, and many of the established security vendors appear to be trying very hard to ensure that customers do not trust Microsoft's offerings, as noted previously. In essence, customers trusting Microsoft to succeed in security is harmful to the remaining security industry's business model, which has largely been based on protecting Microsoft's customers from Microsoft's mistakes. In Microsoft's defense, Microsoft has not intentionally ever allowed malware to be installed. Maybe in the past, Microsoft was more lackadaisical about security, but for at least half a decade they have been working tirelessly to prevent attacks.

A large majority of the malware that is installed on a user's system is so installed, intentionally or unintentionally, as a side-effect of some intentional act, by the user, usually when they fall for some social engineering method. And, if the end user installs untrusted software, it will always be successful, no matter what the operating system is. It's not like Linux, Unix, or Macintosh computers are anymore resistant to user-installed malware. It's just that they are attacked less because they are less popular. Other popular forms of malware, such as buffer overflows, haunt all popular desktop operating systems and will be successful most of the time despite the defenses put up by a software-based operating system. This is not to say that Microsoft could not have done a better job with security, but there are malicious methods that would be success against most operating systems regardless of the defenses.

Additionally, what harm is there in allowing Microsoft to offer up free or additional adjunct software protection alternatives? Rarely is the consumer hurt by being exposed to more choices. As long as Microsoft is not anticompetitive in pushing their computer defense choices over other vendors, additional choices are a good thing. If any of the Microsoft-derived tools prevent a malware program from being installed that might otherwise be missed, then they are a good thing.

For example, prior to Microsoft's Windows Firewall, many Windows users did not install a host-based firewall. There are many free choices, including the excellent and popular ZoneAlarm (http://www.zonealarm.com). But a large percentage of users never installed any host-based firewall, so those systems did not benefit by the additional protection. Microsoft, when it released, and later pushed, Windows Firewall, installed a host-based firewall to many XP users who would have otherwise never installed one. It is this large percentage of the desktop user population that benefits from Microsoft's additional security defense software products. And when those users are protected and less likely to be exploited, it benefits us all (because their systems aren't being used to spread malware and to attack our systems). If Microsoft's actions benefit its end users (without being anti-competitive) and prevent malware, it is a positive move for customers.