• United States
Senior Editor, Network World

Microsoft to buy Romanian antivirus company

Jun 10, 20035 mins
Financial Services IndustryMergers and AcquisitionsMicrosoft

Microsoft Tuesday announced it is buying Bucharest, Romania-based antivirus software vendor GeCAD Software for an undisclosed price, making it clear that the Redmond giant intends to enter the antivirus market.

Microsoft Tuesday announced it is buying Bucharest, Romania-based antivirus software vendor GeCAD Software for an undisclosed price, making it clear that the Redmond giant intends to enter the antivirus market.

In a press release issued with little fanfare today, Microsoft said it has signed a definitive agreement to purchase GeCAD Software, which makes the RAV AntiVirus line of products for Windows and Linux operating systems and applications that include Microsoft Exchange and Novell GroupWise. Microsoft said it’s buying GeCAD, which is little known in the U.S., so that Microsoft can provide “antivirus solutions for Microsoft products and services.”

In a press release, Microsoft also emphasized that the GeCAD acquisition may also be of benefit to “third-party antivirus vendors so they can provide customers with increasingly secure and comprehensive levels of virus protection.”

Microsoft’s senior director in the security business unit, Jonathan Perera, said Microsoft wants to buy GeCAD for its antivirus engine and signature-updating technology. “Microsoft will be making antivirus solutions available to customers in the future,” said Perera, declining to specify exactly when that would be. “We’ll provide fee-based antivirus services at some point.”

However, Perera indicated that other antivirus software companies – the largest today are Symantec and Network Associates – need not feel threatened by Microsoft’s interest in the antivirus software business. “We will continue to recommend that customers buy antivirus software from third parties,” he said.

He said Microsoft will make changes in future editions of its operating system – and most likely, to the current Windows XP operating system as well – to facilitate the use of antivirus software in certain ways. Microsoft is developing a so-called “antivirus mini-filter” that is expected to be added to both XP and forthcoming products as a platform component for running antivirus software. “It will allow multiple antivirus engines to run more efficiently,” Perera said.

Whether third-party antivirus software would have to support the so-called “antivirus mini-filter” for antivirus software to run on future Microsoft products at all was a question Perera said he couldn’t answer definitively.

“While we still need to understand the full implications for this announcement, we applaud Microsoft’s efforts to develop an operating system upon which antivirus vendors can build more effective protection,” a Symantec spokesperson said.

Another vendor, Sybari, said it doesn’t feel threatened by the Microsoft announcement. Sybari doesn’t make its own antivirus engine but licenses engines from Computer Associates, Sophos, Kaspersky Labs and Norman Data Defense to make an e-mail-based product of its own called Antigen. “We would add the Microsoft antivirus engine to our product,” said Tom Buoniello, Sybari’s vice president of product management.

Analysts see Microsoft’s GeCAD acquisition as a huge first step into a new market for Microsoft, which could led to the company becoming a major player in antivirus over time.

“Definitely, this is the case in the long run,” said Jan Sundgrun, analyst at Cambridge, Mass.-based Forrester Research, adding it could take years for Microsoft to play a dominant role in the antivirus software market.

Other analysts see a broader use of the GeCAD software than just for antivirus signature updates, which are typically required to protect against newly discovered worms or viruses attacking servers or desktops, frequently by exploiting software holes.

With GeCAD, Microsoft “gains a fully vetted subscription-based model where they should be able to add things like patches and other types of software updates in connection with providing signatures for known viruses,” said Pete Lindstrom, research director at consultancy Spire Security. The GeCAD purchase by Microsoft is “extremely valuable for desktop antivirus replacement.”

Some corporate security managers said they have mixed feelings about the idea of buying antivirus software and services from Microsoft.

“Microsoft has lots of money to throw at a lot of things, so that’s a plus,” said Pete White, security architect at M.D. Anderson Cancer Center, which is part of the University of Texas. The money factor means Microsoft could conceivably have a big impact in improving on antivirus products in some way. But on the other hand, added White, “very few shops are Microsoft-only shops. They’re Linux or Solaris or non-Microsoft.”

Whatever Microsoft comes up with is unlikely to benefit anything other than its own products, White said. “They’ll be a player, but I wouldn’t feel real comfortable about them,” he said, noting that Microsoft’s record in security matters, such as software patches to fix its own software, has been imperfect.

The GeCAD acquisition by Microsoft could eventually end up pushing the antivirus industry into a model fostered by Microsoft, at least for antivirus protection on Microsoft operating systems and applications. 

Microsoft already creates antivirus Application Programming Interfaces (API) that make third-party antivirus software run more efficiently in Microsoft Exchange. These Microsoft antivirus server APIs are used by most major antivirus software vendors.

There is general anticipation in the software industry that Microsoft will also have a set of desktop antivirus APIs in the next version of the Microsoft operating system, code-named Longhorn, which is at least another year away from production.

In other public steps indicating growing interest in antivirus issues, Microsoft last month also founded the Virus Information Alliance with third-party antivirus software vendors to share information about malicious code.