Want anti-virus with that?

Do you think Microsoft should build anti-virus protection into Windows? 76.8% Yes 17.9% No 5.3% Don't know Total Votes: 2,465

The graphic at right shows the results from yesterday's poll on the seattlepi.com home page, which asked readers whether Microsoft should build anti-virus protection into Windows. As you can see, nearly 77 percent of respondents answered yes. It's important to keep in mind that these polls are unscientific and not designed to be representative, making it difficult and unwise to try to draw from them conclusions about the larger population. Still, it's an interesting result.

The poll was based on this story from Saturday's P-I, which recounted the comments of Microsoft General Counsel Brad Smith at a seminar held by Seattle University and TechNet. As the story explains, the situation presents Microsoft with a dilemma. With many computers unprotected, some might say it would be responsible for the company to incorporate antivirus capabilities into Windows. But doing so could give rise to claims over the competitive impact. (See also this previous story on the subject.)

Public sentiment seems to be more divided than the poll results suggest. I received this emphatic e-mail from a reader in Renton after the story appeared:

An absolute NO!!!!!! Would you buy a car built by Microsoft?? Hell NO!! McAfee, Norton and Innoculan do a great job with their virus programs. It's only those folks who are too cheap or too ignorant to invest in or learn to constantly update their virus programs that get hit with viruses. As a computer tech who has RELIGIOUSLY kept his virus program updated, I have been hit with exactly ONE virus in 4 years that came even remotely close to doing any kind of damage.....Having Microsoft get into the virus protection business is an exercise in futility & will only give us a sub-standard product.....Don't own a virus program or do not update it regularly?? TOUGH LUCK!!! Like the old Fram oil filter commercial. You can pay me now or you can pay me later.....

Also see this discussion on Neowin, below a reference to the story. A comment there and a post by Joe Wilcox on Microsoft Monitor both questioned the 70 percent/30 percent statistic cited by Smith during his speech. I've made a few calls in an attempt to figure out where that came from, and I'll let you know what I find out. (Microsoft CEO Steve Ballmer cited essentially the same stat in a speech a few weeks ago.)

In the meantime, I went back to my recording and transcribed the relevant portions of Smith's speech. It's important to note that this came as part of a much broader discussion. He also talked in detail about the security-related responsibilities of Microsoft, the rest of the industry, government, law enforcement and others. With that in mind, here's what he said about the consumer aspect of the issue:

"Automobile manufacturers have had to do a great deal to make cars safer. But individuals are still the ones who decide whether to put on their seatbelt. And to some degree the same analogy applies with respect to PCs, as well. And I think part of our responsibility as an industry is not only to provide the tools that individuals can use but to invest in increasingly broad education campaigns to help make consumers aware of the tools that are at their fingertips, and the need for them to use them.

"So earlier this year we launched a Protect Your PC campaign that basically has three simple steps. First it encourages individuals to turn on their firewall in their software. Especially if they have a broadband connection, there's really no reason for the individual to keep that PC connected without having their firewall turned on. Through something like the Security Center in Windows that I mentioned, that will become even easier for people to access. The second is for people to regularly update their software, and again, with a broadband connection, that becomes an easy and even seamless step for people to take. And the third step is for people to keep their antivirus software up to date.

"If you bought a new computer for your home in the last two or three years, in all probability it came with some type of limited-in-time, free subscription from a company like Symantec or Network Associates for anti-virus features. The interesting thing today, however, is that only 30 percent of consumers keep their anti-virus software up to date. What that means is that as more and more of these computers are being connected through broadband links to the Internet, over two-thirds of these PCs do not have current anti-virus protection. And so, while we as an industry need to keep making it easier and perhaps even less expensive for people to do this, ultimately it will be a bit like the seat belt in people's cars. We need to ask people and remind them to keep their software up to date, to turn on their firewall, and to subscribe to an ongoing anti-virus program."

Later, during the Q&A, a person in the audience noted that, in the auto industry, consumer lawsuits prompted manufacturers to install seat belts and airbags as standard features, not just as options. (The issue of legal liability is different in the software industry, given the protections of end-user license agreements. See this story and this post from last year if you're interested in more on that issue.) The person asked Smith whether the same might happen in the software industry -- with antivirus features, for example. Here's what Smith said in response:

"Well, you raise an interesting question, because the reality is, over the last decade, Microsoft has been sued not for leaving things out but for putting things in. [Laughter from crowd.] There is a tension that is a real-world tension. We definitely have emerged from all the antitrust issues of the last decade with a keen appreciation for the wide variety of ways in which our decisions affect others, including others in our industry. There are a number of very important companies that we collaborate very closely with, and have for years, who are in the anti-virus space. At the same time, one does hear increasingly suggestions from consumer organizations or consumers who basically say, 'Gee, why don't you build anti-virus support into Windows?'

"It's not a decision that we have decided to take, to date, but it is something we hear increasingly about. I have to say, it is a real cause of concern for us that 70 percent of consumer PCs do not have current anti-virus protection. It is such a threat to what we characterize as the PC ecosystem as a whole. It is such an obvious threat to everybody who uses a PC, whether they have anti-virus protection or not, because it can be a threat to the entire Internet. ... If people come to perceive PCs as these devices that are more problematic to use, that is something that can become a barrier to the industry's long-term ability to keep growing.

"And so, it is something that we're definitely mindful of. At the same time, I think we are really trying to bear in mind all of the factors in the equation, including the benefits that consumers would derive if there were stronger anti-virus features built into operating system software, whether it's from Microsoft or Apple or anyone else. ... We clearly need to bear in mind the potential impact on other highly respected companies in our industry."

Posted by Todd Bishop at April 27, 2004 12:37 PM