Walt Mossberg at the Wall Street Journal reviewed the beta AntiSpyware program from Microsoft. The summary is it isn't very good yet. But Mossberg makes an important point:
Before getting into the details, let me say a word about Microsoft's role in protecting consumers against malicious software and other invasions of their computers. Some critics argue that Microsoft should stay out of the security-software business so as not to use its Windows monopoly to unfairly compete with third-party security vendors. But I have never believed it was inherently wrong for Microsoft to add core functions to Windows, even if they competed with add-ons sold by other companies. And I regard security as a core function. To me, the need to protect Windows users, especially consumers and small businesses without IT staffs, trumps any antitrust considerations.
I don't work in a security group, or know MS's product plans, but I've thought about it. Mostly I've thought about it when one of my friends of relatives tells me they spent a day rebuilding a machine that was overwhelmed with spyware and virii. I spent 4 hours doing that myself one day. I was fuming the whole time.
This isn't just an MS problem: as Mossberg points out there are Spyware programs hitting FireFox (and I'm getting popups in FireFox and the latest IE now, not many, but a few). Oracle is hit by virii, Linux has security holes. If you work in this business, you should feel a little under attack.
Ideally an OS is completely secure, but as long as there are social engineering attacks, spyware and malware is going to get onto machines (unless they are completely locked down--no installable apps, addons, or upgrades). This necessitates active security, which includes AntiSpyware and AntiVirus programs.
Security isn't a feature, its part of the air supply. If you've got a computer and it has a memory manager, a file system and networking, I'll take active security next...before a GUI or a browser frankly. Every machine should have this stuff at install time. Thus it is either the OS vendor's responsibility, or the hardware vendor's...and there are too many hardware vendor's to coordinate this.
Again, I don't know what MS's plans are (I thought I'd post my feelings, then do the research and find out whether my company agrees), but here's what I think should happen: The OS should ship with AntiVirus and AntiSpyware. They should be part of "Security Center" and be as invisible and unobtrusive to the user as possible...the goal should be in 5 years end users don't even know the terms AntiVirus and AntiSpyware. This requires the stuff be free, not a pay service. MS shouldn't make money from this. This is where the antitrust stuff comes in: what about McAfee and Symantec etc.? My best guess is the Security Center offers a basic, built-in service and makes it easy for the hardware vendor or consumer to upgrade to a premium service from one of these companies. In the long run, the goal should be for this business model to go away.
It's a little like being in the seat-belt installation business. You must have known the auto manufacturers would include them as standard equipment, but hopefully you felt it was in the best interest of all, even if you did had to switch businesses.