We've looked hard at the nature of this problem, and made a decision that this anti-spyware capability will become something that's available at no additional charge for Windows users -- both the blocking capability, and the scanning and removal capabilities -- Bill Gates at RSA.
Somehow I find this development disturbing:
- Not because of the irony of providing a solution to a problem it created
- Not because it portends another monopoly to a convicted monopolist
- Not because the spyware is spyware itself
Because under the rubric of safer computing, this is the next browser war, and a new way of filtering out competition. Microsoft was right to realize that the insecurity of its solutions presented a significant threat to customer satisfaction and its core business (although, spyware does cripple your average user's computer by forcing clean installs and in many cases, upgrades).
A big move is required in this area, not just to protect the core, however. This is a large and growing market with strategic consequence. McAffee pioneered a business model of lower cost consumer security solutions with enterprise upsells. Microsoft will still charge for its enterprise solutions.
I don't think there is a good definition for what is spyware actually is. One man's rouge program is another man's amusing toy. A spyware or adware program seems to be simply a program that runs unsanctioned by the user. With relatively secure computing, prompting a user to sanction each install is not an unbearable burden. When insecure, its too much for one man. Like anti-virus, sanctioning can be offloaded to a service like Microsoft's which runs on pooled definitions to enforce. Regardless of the intent of the program or users, anti-spyware can filter out valid programs and media files.
Especially when administered by a company with a significant stake in DRM, when it finds a legal copy of a copyrighted work, it can flag it as suspicious. And then send the basic computer information about the user to the cloud for enforcement. Or what happens when a promising but unsanctioned open source application starts to run tasks in the background? Bittorrent is an extreme example in this case, but nowadays almost every client application leverages the cloud. To be fully analogous to the browser war, the giveaway browser would also have to block unsanctioned websites.
But let's consider for a moment what happens when the PC is secured by Microsoft. Yes, this is highly unlikely given the company' history when it comes to security, but stay with me. With anti-virus, adware and spyware services tightly bundled with a free and security improved IE, consumer's lives will on the face of it be improved. But as these services are filters for net activity, and will be tightly bundled with the operating system -- they raise the very same antitrust issues decoupling the browser from the OS sought to regulate.
Further, when consumers are confident in their computing, they will share even more personal data with the new Microsoft lockbox. Even with regulatory oversight, which is surely a function of this scenario, privacy abuse is more than possible (AT&T was a provider for the Do Not Call list, yet was one of the first to be fined for cold calling the list!). Even further, some of the better applications on the horizon will leverage sharing of personal data, files and media. If this is locked down, not only will innovation be stemmed, so will be the production of social goods.
I am actually less worried about these issues than I would have been if I was developing Windows applications a decade ago. Now we have open source alternatives and the browser is a viable application platform. But this is a scenario that, while we don't fully understand it, quite frankly makes me very insecure.
Oh, and I have to add this. Picture how this scenario would be different if Microsoft embraced open source for anti-ware.
The enemy's spies who have come to spy on us must be sought out, tempted with bribes, led away and comfortably housed. Thus they will become double agents and available for our service. It is through the information brought by the double agent that we are able to acquire and employ local and inward spies. It is owing to his information, again, that we can cause the doomed spy to carry false tidings to the enemy. -- Sun Tsu
