Select Page

Yesterday we learned that Microsoft will be taking the unusual step of spifing resellers 20% of their license sales — in addition to their normal margins. It seems that it’s going to be more profitable to become a reseller of Microsoft product than a developer of Microsoft product. 

Is this a good thing?  Well, hear me out.

When I wrote recently on predatory pricing, I got all kinds of interesting reactions.  There were really two camps that emerged:

Camp #1. Alex is a big fat whiner. The argument went something like this: “Security companies have been screwing the customer for years now and it’s about time someone set them straight.  Besides, it’s not really predatory pricing that Microsoft is practicing.  It’s natural market forces at work.  Besides, there’s no evidence that Microsoft is losing money on its bid to get into security.” 

Camp #2. Alex is bringing up a good point.  This is something we need to be concerned about. 

Unfortunately for me, Camp 1 was the majority.

It’s notable that Camp 2 was largely people who have been long-time Microsoft observers or have actually had the unfortunate circumstance of competing directly with Microsoft.  

I don’t mind the slings and arrows.  I want people to think, discuss and argue these points.  It’s important stuff to debate. 

And thinking about it, I came to the conclusion that Camp 1 had a pretty good point:  Some security companies have been screwing customers for years.   Overpriced, bloated suites.  Constant hikes in subscription fees.  Poor quality products.  You know, that kind of thing.

But that’s really on the consumer side of the business.  On the enterprise side (protecting corporations), most security companies have been doing a pretty good job. 

And I made a big mistake in my blog:  I started off talking about OneCare, which really isn’t the major issue. In fact, it’s the enterprise, where Microsoft has significantly underpriced the market.

The thing is, it actually costs a lot of money to run an enterprise security software company.  It’s an intensely competitive business and the research alone will eat your operating expenses.  And when it comes to protecting corporations, it’s a whole different ballgame.  You need enterprise support specialists, sales engineers, and a high level of quality assurance.  Plus, the expense of marketing to corporations is pretty high, paying for outside sales offices and the like.  There is a real danger that Microsoft’s brutal undercutting of enterprise software companies will take the wind out of a lot of sails.

I compete with free and inexpensive products all the time, and in fact, I have a free firewall myself that I give away. The point is not price — the point is predatory pricing — where a large manufacturer like Microsoft comes into a market and undercuts the incumbents. 

Is Microsoft pricing their products below cost?  You tell me:  I would estimate that Microsoft’s investment in security is perhaps three-quarters of a billion dollars.  Can they make back that investment while covering their expenses selling security software at low-ball prices, then giving discounts to resellers and then giving more back-end discounts?  As one customer said to us today:

Microsoft has seriously cut the price of Antigen compared to what Sybari charged, especially for Select customers.  We can get the Antigen suite for about $10 per user per year, and that’s for nine AV engines, Exchange scanner, SMTP scanner, antispam, and central management server.  With Sybari we were paying about double that and didn’t get the central management server, antispam or SMTP scanner — just AV.  

Antigen Gateway is annually $7.80 per user for a five-user shop.  Assuming a reseller discount of 30%, then the 20% bribe, you’re looking at a wholesale cost of $4.38 per user.   That’s for a five user shop — never mind 1,000 users.  Is Microsoft is going to make money at those prices, recouping their massive investment at the same time? 

Perhaps some may think all of this is nothing to be concerned about, and perhaps they are right.

One might, however, propose that the security industry should be a vibrant, diverse one; and that the business should not be dominated by one vendor who can be taken down by attack; and to whom the majority of the community relies upon. If Microsoft wants to compete fairly, I have absolutely no problem with that. But if they want to undercut the market, it makes things a bit different.

I remember 15 years ago, when we had a variety of databases to choose from in the small to medium business market. dBase, Paradox, FoxPro, etc. Today we have primarily MS SQL and Access, at least for the small to medium business market (Oracle and IBM continue to be the major providers in the high-end market, and let’s not get into the LAMP discussion—MySQL is a far cry from MS SQL).

In the early 90s, Microsoft priced Access below their cost, they blew the margins out the business, and took out the incentive for new entrants to innovate and push the envelope. This is a simple fact that any Borland executive who was there at the time will testify to, and as an ex-Borlander myself, I can say that it was certainly not a good thing.  Can you really tell me that there have been vast improvements in database design over the last 15 years since Microsoft barreled into the market?  

The same goes for languages — we had Borland and other really innovative companies. Now we have Microsoft as the dominant commercial language provider. Borland finally gave up and is moving into automated testing.  

It’s been the same wave in browsers, as well. The majority of the market moved to IE. And after that, we had the massive wave of adware and spyware, directly targeted at IE. And on and on and on.

Is this healthy in the security market? Will new companies be able to get funding for their products? Will businesses continue to invest in this space, given that Microsoft may dominate? That’s the critical issue – will companies go on cruise control in the security market because major investment just isn’t worth it, while budding innovators put their efforts elsewhere?

There are those who welcome Microsoft’s entry into the security space, and many are feeling (justifiably) that there are security vendors who have been selling bloated, overpriced products and deserve a bit of a kick in their backside.

It’s just that I question whether or not it’s healthy in the end to have a Microsoft hegemony in security. 


Alex Eckelberry