Category Archives: Microsoft

Why the Department of Defense Failed to Secure Our Computers

Every day, new viruses emerge that compromise the security of millions of computers – both personal and corporate. As government agencies increasingly rely upon commercial software for Top Secret computer systems, they found themselves facing a difficult dilemma: continue using their 80’s era software or upgrade to the latest commercial systems, while exposing themselves to the security vulnerabilities that plague everyday users.

From 1999-2001, Robert Meushaw, the director of the NSA’s Information Assurance Reserach Laboratory (NIARL), and his team worked on a solution that coul dgive hte best of both worlds. The system he developed, codenamed NetTop, uses a “sandbox” technique whereby inherently insecure software (such as Microsoft Windows and MS Office) is granted access to a limited portion of the computer. Even if one of the insecure applications was infected with a virus, it is unable to spread beyond the specific machine.

Unfortunately, the results were disappointing. Two crucial missteps ultimately led to its slow adoption within government agencies and by the general public.

The first problem was that NetTop compromised security for functionality. By being neither 100% secure, nor 100% functional, security experts were unsatisfied, and users were frustrated.

The second problem was around cost. Each “virtual” system required its own licenses. Thus, Top Secret computers that accessed six separate networks would require 6 licenses for Microsoft Windows on a single computer! Furthermore, the virtualization component was developed by a for-profit startup named VMWare (now publicly traded NYSE: VMW). As VMWare grew larger and more successful, Microsoft started to tamp down the competition by restricting its licensing terms to make virtualization even less cost-effective.

The end result has been another expensive government project with limited application and a dim future.

Current trends on Security Software M&A Activity

I was recently asked to comment on the state of the Security Software industry. Here is how I responded:

Companies such as Symantec and McAfee are experiencing increased pressure from Microsoft, which has beefed up the built-in security capabilities in Vista. In an effort to counter this competition, the larger firms have made numerous acquisitions that will help differentiate their product portfolio and maintain product superiority. Acquisitions typically focus on two areas:

  1. Acquisitions with next-generation feature/functionality that can be incorporated into the core product suite
  2. Acquisitions that target a niche or highly specialized market that will remain impervious to any mass-market product that Microsoft introduces

As Symantec and McAfee reevaluate their portfolios over the next year, they are likely to continue acquisitions at a slower rate, as management fills gaps in the portfolio and focuses on integrating previously made acquisitions.

Whether consolidation in the industry is good or bad depends on who you are.

  • Consolidation reflects a defensive posture against Microsoft; however, it will not alter Microsoft’s slow entry into the market (nor will it alter Microsoft’s ineptness at developing secure products)
  • Symantec and McAfee will become larger and more stable, in a better position to hold off Microsoft
  • VC-backed startups will find it more difficult to scale organically to the size needed to generate 10x returns for their investors
  • Bootstrapped startups will continue to be able to find niche segments that are under the radar of the incumbents (even during and after this period of consolidation)
  • Customers will see fewer, more stable products and services with consistent levels of quality…for a price

One way to compete against Microsoft and Google

I was recently asked to comment on a startup that is attempting to compete against both Micrsoft Office and Google Docs & Spreadsheets.

Here is what I suggested:

“Historically, there have been any number of office products that performed better than MS Office but weren’t able to capture share. As a small player, it is extremely unlikely that your fate will be any different – don’t expect to beat Microsoft and Google at their own game.

“Your approach, therefore, must be to develop a fantastic product targeted at a specific niche. The weakness of Google and Microsoft is that they are mass-market products and serve everyone adequately, but no one well. Choose either a niche market segment or a specific functional area – and dominate it. For example, mid-sized law firms, or word process that integrates with CRM for sales folks. If you develop best-in-class applications for a niche, not only will you have a compelling value proposition and easily identifiable target market, but it is much easier to achieve critical mass and become the dominant player.

“One point to note: interoperability is key. There must be seamless, flawless opening and saving of Microsoft apps. There’s the old saying within Microsoft that the next version of office isn’t ready to ship until it breaks previous compatibility standards. It’s your job as a competitor to fight them in this arena – to stay up to date so that your users won’t experience any headache when interacting with the other 98% of users.”