Microsoft's Latest Patch Release Takes Shine Off Antivirus Deal

Computerworld - Microsoft Corp. last week announced plans to acquire antivirus tools vendor Sybari Software Inc. But the eight software patches that Microsoft released on the same day to fix critical flaws in its products added to the skepticism that some users feel about the company's expanding IT security ambitions.

"Microsoft has a long way to go when it comes to information integrity," said Dave Jordan, chief information security officer for the government of Arlington County, Va. "All you have to do is take a look at the latest Terrible Tuesday."

Jordan was referring to the set of patches issued by Microsoft last week in the latest of its regularly scheduled security updates, which take place on the second Tuesday of each month. Altogether, the software vendor released 12 new patches.

Eric Beasley, a senior network manager at Baker Hill Corp. in Carmel, Ind., said the application service provider already gets "a lot of flak" from its customers for being an all-Microsoft server shop.

"I don't know that I would feel comfortable about having Microsoft as my antivirus vendor as well," Beasley said, pointing to the company's continuing difficulties in making its products more secure. "They may be issuing patches only once a month—still, eight [critical ones] at once is a lot."

One good thing about Microsoft's expanding presence in the security business is that it likely will spur more innovation from pure-play vendors, said Steve Gelfound, IT operations manager at the National Center for Missing & Exploited Children in Alexandria, Va. "The others are going to have to work harder to compete," he said.

The Sybari acquisition will be Microsoft's third security-related purchase in less than two years. Microsoft bought GeCAD Software, a Romanian antivirus vendor, in June 2003. And just last month, it completed an acquisition of Giant Company Software Inc., a New York-based vendor of antispyware tools.

Microsoft's acquisition of East Northport, N.Y.-based Sybari for an undisclosed sum will give it a server-level security suite designed to protect Exchange and Lotus Notes messaging servers as well as its SharePoint Portal Server collaboration software.

Sybari's technology will allow Microsoft to address a continuing need among users for tools that offer better protection against e-mail security threats than they currently receive, said Gordon Mangione, corporate vice president of Microsoft's security business and technology unit. "We're still seeing large network penetrations by viruses coming in through e-mail flows," he said.

IT managers should expect Microsoft to be "very aggressive" about pushing Sybari's software for use with Exchange, said Jon Oltsik, an analyst at Enterprise Strategy Group Inc. in Milford, Mass.