I’ve been speaking with journalists a bit about Microsoft’s new anti-spyware push (like here). I don’t see this as huge news. We already knew MS had some designs on this space with its purchase of GeCad last year. We also know that MS has a history of slowly integrating "utility" like capabilities into its O.S. We also know that MS is integrating its Next-Generation Secure Computing Base (NGSCB) architecture into Longhorn. We also know that Intel and AMD are building some security capabilities into their chips. Desktop antivirus as we know it today will be eclipsed by host intrusion prevention within the next three years. Of course, nobody will really know because this is basically a continuous innovation (as opposed to disruptive). Products of the future will rely much more heavily on the ‘default deny’ model of HIP than the signature based approach to viruses, though there is no real reason to eliminate it. The one thing av software will continue to be good for is detecting viruses that perform actions that are allowed, as if the user had programmed a script to do it. (In other words, we must still detect viruses that travel via authorized paths).

With av’s demise as a backdrop, the reason the MS announcement will not have a huge impact on av is twofold – 1) much of the revenue av companies earn are derived from multi-year contracts to include it on the desktops of PCs when purchased; and 2) enterprises want more functionality than a bare-bones reactive approach to spyware and viruses. This has been made clear with the success of patch management solutions. MS does not do management well nor is it interested in heterogeneous platform support.