More Musings on Spyware as a Stand-alone Market

Ellen Messmer of NetworkWorld posts on Friday (here) about Microsoft's eventual impact and potential domination of the anti-spyware business. Why? They are bundling Windows Defender (the new name for their anti-spyware) with IE 6 and 7 and Vista. So within a year or two, it will just be there on a majority of PCs. Since it will likely be good enough, why would someone pay for anything else?

The answer - they won't. But not necessarily because everyone will use Microsoft's stuff. I don't think that is the case. Customers will not pay for anti-spyware because it is a feature of their anti-virus and/or desktop security suite. So it may not be Microsoft that gets all the business (though they will get there share), but Symantec, McAfee and Trend will also benefit. Anti-spyware capabilities will be integrated into the unified threat management (UTM) equipment on the perimeter, so the gateway opportunity is not long lived either.

Mark Shavlik posts on his blog as well about the topic (here), even working in a cool Brady Bunch analogy. He maintains that Microsoft will dominate the consumer end of things, but that Microsoft is not going to provide what's needed for enterprises. I do agree with the fact that Microsoft is not going offer anti-spyware for Linux or Mac, and as usual their first couple of releases leave a lot to be desired. But that doesn't mean there is a large opportunity for stand alone anti-spyware vendors.

He goes on to mention some of the functionality that will be in Shavlik's anti-spyware offering:

Our corporate customer focus groups are driving what our Spyware product does, we are being asked for deep clean up, admin level control, enterprise features such as machine grouping and reporting, fast database back-end support, large network support, remote site management all things Microsoft is not providing.

Our corporate customers (we do not sell consumer products) are not comparing us to Microsoft, they are comparing us to the Anti-virus products because those products have the management tools needed.  We tie patching and spyware together, the AV vendors tie AV and Spyware together.  We will add AV management to our line soon to make the choice easier for customers.

So, there you have it. Enterprise customers want enterprise management. Shocker! And Microsoft's product is not really enterprise capable right now. Duh!

More interesting to me is the 2nd paragraph. Shavlik sees themselves as an AV vendor with the differentiation being patching and compliance (whatever that means). Man, that will be a tough road to hoe. Sure, you've got to do something since stand alone patching is not a long term answer either, and Shavlik's reputation on the patch side is sterling. BUT, that does not translate into being able to compete effectively with the folks milking the cash cows. But Shavlik is a privately held, self-funded company, so they very well may be able to build a nice business scraping the barnacles off of Symantec's and McAfee's oceanliners (Sophos and Kaspersky certainly do). 

To be clear, there are some organizations that will want to use stand alone anti-spyware offerings. Just as with every security market, some buyers opt for best of breed, even when the stand alone product isn't very differentiated. That's basic religion and these customers will never move towards a suite approach. They believe their value is in integrating lots of different solutions, thus providing job security because they've built an environment that is too complex for anyone else to manage.

Yes it's cynical. But it's also true. These folks should realize their value is in pushing forward a security agenda, and focusing on high value projects. Not on integrating disparate point products.

OK, back to the topic. I don't believe best of breed anti-spyware is the mass market. Per my ranting in "More Stupid Marketing Sizing Numbers" it's clear to me that anti-spyware is not a stand-alone market. No one seems to be disagreeing with that.

So that means some ferocious consolidation and erosion in that space will happen in the coming 12 months. End users need to choose carefully because there is a great likelihood whichever independent you choose today will be gone (or merged) tomorrow.