Technology > Tech Biz
Microsoft gets serious about security
But concerns about more viruses may continue to hover over the stock for years to come.
November 18, 2003: 1:10 PM EST
By Paul R. La Monica, CNN/Money Senior Writer

Sign up for the Tech Biz e-mail newsletter

NEW YORK (CNN/Money) - Security is a huge issue for Microsoft and the company, at least, finally seems to be getting it.

Chairman Bill Gates unveiled new anti-spam software technology called SmartScreen during his keynote address at the annual Comdex tech trade show in Las Vegas on Sunday night. Add-ons to several existing Microsoft e-mail products with SmartScreen built in will be available early next year.

Thousands of miles away, Microsoft CEO Steve Ballmer told a group of college students at Tokyo's Waseda University Monday morning that security is the company's No. 1 priority.

Is this just lip service? Probably not. Microsoft, after all, has nearly $52 billion in cash. And the company spent $1.6 billion, nearly 20 percent of its revenue, on research and development in its most recent quarter. Based on Gates' comments at Comdex, it seems safe to say a fair chunk of that is going into security.

That's obviously a good thing, not just for Microsoft users but for investors as well. I don't think it's a coincidence that while most tech stocks are enjoying a late 90's-like surge this year, shares of Microsoft (MSFT: Research, Estimates) have flat-lined.

Concerns about Microsoft's continued vulnerabilities, which escalated after a series of viruses hit the Windows operating system last summer, seem to be taking their toll.

Need to fix problems before they become problems

Though Windows runs on about 90 percent of personal computers, competition is increasing, most notably from companies offering the open-source Linux operating system.

"It behooves Microsoft to make software more secure," said Drake Johnstone, an analyst with Davenport & Co. "Microsoft can't ignore the fact that there are stronger Linux alternatives taking shape."

Unfortunately for investors, though, Microsoft could be in for more short-term pain ahead. The company has been promising that its new operating system, Longhorn, will solve many security problems. But Longhorn isn't due out until 2006. So what happens if there are some nasty outbreaks, worse than this summer's Blaster and SoBig.F viruses, between now and then?

Recently in Tech Biz
The end is near for pop-up ads
Give up, Larry!
Gateway country, Part II

Microsoft can continue to offer software patches to combat viruses after the fact, but that won't solve the bigger problem, which could further dampen investor and customer confidence in the company. Microsoft, despite its best efforts, is still viewed as taking a reactive view to security lapses, rather than proactive.

"Microsoft is making moves in the right direction, but there is nothing the company could do that would ever be a silver bullet," said Mark Sunner, chief technology officer of MessageLabs, an e-mail security service firm. "It's good to catch things that are known, but it is the unknown that is the main problem."

Jury still out on latest security steps

At the same time, while Microsoft needs to step up security initiatives, it must also be careful not to appear as if it's profiting from its problems. It's one thing for independent companies like Symantec (SYMC: Research, Estimates) and Network Associates (NET: Research, Estimates) to sell consumer anti-virus software. But for Microsoft to enter the anti-virus market in a splashy way would be kind of like McDonald's deciding to market Weight Watchers products.

"The world wants Microsoft to build secure products. The world does not want Microsoft to become a security software vendor," said Michael Rasmussen, an analyst with Forrester Research. "Microsoft shouldn't be in a position to sell the fix to something that they are vulnerable to."

Tech Biz
Microsoft Corporation
Computer viruses
By Paul R. La Monica

So Microsoft is stuck between that proverbial rock and a hard place. Virus writers love to pick on Microsoft due to its dominance, something unlikely to change. Going after Windows creates the most disruption. Where's the fun in creating a virus that will wreak havoc on Apple's iMacs or servers running on Linux?

To be sure, Microsoft is finally demonstrating to customers and investors that it really does care about security. In addition to this week's comments from Gates and Ballmer, Microsoft took the somewhat unusual step of setting up a bounty program for virus writers this month, offering reward money for information about the authors of some of this summer's worms.

But ultimately, investors won't really know if Microsoft's security efforts are a success until hackers get a chance to take a crack at finding Longhorn flaws. Even then, it's unlikely that individual consumers and corporations will update to Longhorn en masse, so any lapses in Windows XP or earlier versions will probably continue to be exposed.

And that means that Microsoft's security problems are likely to remain in the news until at least 2007, if not longer. Not an encouraging thought.

Analysts quoted in this story do not own Microsoft stock and their firms have no investment banking relationships with the company.

Sign up to receive the Tech Biz column by e-mail.

Plus, see more tech commentary and get the latest tech news.  Top of page

Europe prepares to hit Google with another huge fine
Walmart and Microsoft team up to fight Amazon
Elon Musk apologizes to cave rescuer for 'pedo' tweet
6 things to know before the bell
Europe prepares to hit Google with another huge fine
Boeing looked into the future. Here are 3 things it saw

graphic graphic