Anti-spyware

Ellen Messmer of NetworkWorld posts on Friday (here) about Microsoft's eventual impact and potential domination of the anti-spyware business. Why? They are bundling Windows Defender (the new name for their anti-spyware) with IE 6 and 7 and Vista. So within a year or two, it will just be there on a majority of PCs. Since it will likely be good enough, why would someone pay for anything else?

The answer - they won't. But not necessarily because everyone will use Microsoft's stuff. I don't think that is the case. Customers will not pay for anti-spyware because it is a feature of their anti-virus and/or desktop security suite. So it may not be Microsoft that gets all the business (though they will get there share), but Symantec, McAfee and Trend will also benefit. Anti-spyware capabilities will be integrated into the unified threat management (UTM) equipment on the perimeter, so the gateway opportunity is not long lived either.

Mark Shavlik posts on his blog as well about the topic (here), even working in a cool Brady Bunch analogy. He maintains that Microsoft will dominate the consumer end of things, but that Microsoft is not going to provide what's needed for enterprises. I do agree with the fact that Microsoft is not going offer anti-spyware for Linux or Mac, and as usual their first couple of releases leave a lot to be desired. But that doesn't mean there is a large opportunity for stand alone anti-spyware vendors.

He goes on to mention some of the functionality that will be in Shavlik's anti-spyware offering:

Our corporate customer focus groups are driving what our Spyware product does, we are being asked for deep clean up, admin level control, enterprise features such as machine grouping and reporting, fast database back-end support, large network support, remote site management all things Microsoft is not providing.

Our corporate customers (we do not sell consumer products) are not comparing us to Microsoft, they are comparing us to the Anti-virus products because those products have the management tools needed.  We tie patching and spyware together, the AV vendors tie AV and Spyware together.  We will add AV management to our line soon to make the choice easier for customers.

So, there you have it. Enterprise customers want enterprise management. Shocker! And Microsoft's product is not really enterprise capable right now. Duh!

More interesting to me is the 2nd paragraph. Shavlik sees themselves as an AV vendor with the differentiation being patching and compliance (whatever that means). Man, that will be a tough road to hoe. Sure, you've got to do something since stand alone patching is not a long term answer either, and Shavlik's reputation on the patch side is sterling. BUT, that does not translate into being able to compete effectively with the folks milking the cash cows. But Shavlik is a privately held, self-funded company, so they very well may be able to build a nice business scraping the barnacles off of Symantec's and McAfee's oceanliners (Sophos and Kaspersky certainly do). 

To be clear, there are some organizations that will want to use stand alone anti-spyware offerings. Just as with every security market, some buyers opt for best of breed, even when the stand alone product isn't very differentiated. That's basic religion and these customers will never move towards a suite approach. They believe their value is in integrating lots of different solutions, thus providing job security because they've built an environment that is too complex for anyone else to manage.

Yes it's cynical. But it's also true. These folks should realize their value is in pushing forward a security agenda, and focusing on high value projects. Not on integrating disparate point products.

OK, back to the topic. I don't believe best of breed anti-spyware is the mass market. Per my ranting in "More Stupid Marketing Sizing Numbers" it's clear to me that anti-spyware is not a stand-alone market. No one seems to be disagreeing with that.

So that means some ferocious consolidation and erosion in that space will happen in the coming 12 months. End users need to choose carefully because there is a great likelihood whichever independent you choose today will be gone (or merged) tomorrow.

This time it's Radicati and the ridiculous numbers are for the "corporate anti-spyware" market. Part of me wants to just let it go because no one pays attention to this stuff anyway. But I started Security Incite to fight mediocrity in security research, so letting this go would cause me more heartburn than taking 10 minutes to pick it apart.

Here is the release. From a numbers standpoint, this is what they expect to happen:

According to the study, worldwide revenue from both segments of the anti-spyware market combined is expected to grow from $214 million in 2006, to $1.4 billion in 2010.

As I detailed in The Farce of Market Sizing, these numbers are not worth the paper they are written on. Clearly, Radicati believes there are lots of vendors and VCs that are still interested in the standalone anti-spyware market in order to justify publishing a report. Well, they are wrong.

I wonder who these folks are talking to do this research. Every conversation relating to spyware I had at RSA (with users and vendors alike) focused around how malware and spyware were basically inseparable moving forward. THERE IS NO STANDALONE ANTI-SPYWARE MARKET.

So projecting what the market will be in 2010 is just utterly ridiculous.

To be clear, and to make sure I'm going on the record here, anti-spyware is a feature. You'll see the standalone anti-spyware vendors either 1) get acquired, 2) broaden their offering to look more like a broad anti-malware play, 3) go away. That's it. Focused standalone anti-spyware vendor is not an option.

Could someone set a tickler in their calendar for March 2010 to remind me to poke these bozos in the eye again? But alas, that's the wonderful world of mediocre analysts. No accountability and no one with a memory long enough to go back and check the accuracy of these numbers.