Coming off a good quarter for Symantec's consumer businesses, chief executive John Thompson warns against viewing Windows Vista as a solution to security woes.
Symantec ended 2006 with three months in which revenue for its consumer business grew 24 percent year over year. The company is planning to release its new flagship security tool, Norton 360, in the coming weeks and has a new identity management product, Norton Identity Manager, lined up as well.
On the enterprise side, the news isn't that rosy. Symantec has also revisited its plans to enter the identity management space and ceded to the many players already on the market. Identity management software identifies users of a system and controls their access to resources by associating rights and restrictions with a particular identity.
There are vultures in the sky over Symantec. Along with Microsoft, technology giants including EMC, IBM, Oracle and Cisco Systems are eyeing parts of Symantec's business. Thompson, however, in a recent interview, said his company is fearless, though it may need to execute better on its strategies.
Q: Have you installed Vista?
A: No, I have not. I see no need for it for what I do online today. The machine that I use is the one provided by our company, and we have not made a commitment to migrate to Vista and therefore there is no reason for me to use Vista.
Microsoft says you have to buy Vista because it makes you much safer online than XP, or any of its previous operating systems. Do you believe that?
Consumers should not be confused. Vista is not a security solution. Vista is an operating system, and Vista provides some very important advances from Microsoft's perspective and for the industry's point of view on building a more stable, more reliable, more secure operating platform, but people still need the efficacy that comes with the products that Symantec and others in the industry build, and so we should not be confused by the marketing rhetoric with what Vista is. It's a hopefully much better product than XP or any of its predecessors, but it's not a security solution.
Antivirus and firewall products, which you sell — they're considered a first line of defence, but they're also considered outdated. Are you keeping up with the times?
It would be naive to say they're outdated. Locks were invented for doors in the homes that we live in many, many years ago. They're no longer the last line of defence, they are the first line of defence, and people still buy more advanced locks, hence more antivirus, more firewalls. As the value of the assets that you have in the physical world goes up, so does the need to change the protection that you put around those devices, or those assets. And that is clearly the case in the digital world as well, and so antivirus and firewalls will continue to be the first line of defence. We'll have to be smarter about delivering new capabilities and new functions there for proactive defence as opposed to reactive defence, but you'll also have to layer other kinds of technologies on to deal with new threats around fraud and identity management and all of those.
You've said that managing user identities is one of the most pressing challenges that face enterprises today. You've said that identity management is in an area where Symantec might acquire a company. Where are you at when it comes to that?
Identity management has to be parsed based upon whose identity you are trying to protect. At the corporate level, there is no shortage of solutions that corporations have tried to deploy for years to solve this identity management problem, so I just don't think that's an area where Symantec should expend its resources.
However, on the consumer side, I think there is more that Symantec can do with its broad consumer client footprint that would allow us to deliver an identity management solution that would give consumers confidence in their online experience. So we'll concentrate there.
It seems that your position on identity management has changed.
Yes, a year or so ago we were really studying the opportunity, and we looked long and hard at what our entry point would be. And we looked at a number of technologies that we had in our own portfolio...
Talkback
Symantec's comments are hardly surprising seeing as the latest 2007 edition of it's security suite is considered "not compatible with visita" I have it installed on Vista and it works but some features are disabled by Vista and Vista suggests removing it.
To make things worse main rival McAfee does work with Vista.
hmm I wonder why John Thompson doesn't have Vista installed? Could it be he doesn't want to have to install McAfee instead of Norton?
Interesting to see if his viewpoints change when Norton release fully Vista compatible edition
The comments are bound to be biased not simply due to the fact that their software is not yet fully compatible with Vista but also because Microsoft is a competitor to Symantec in the security arena. However, I do think John Thompson makes some good points about consumer's requiring efficacy that comes with using products supplied by companies whose core business is information security. If security was as core to its business as it is to the likes of Trend, McAfee, Symantec etc, then we would have seen Windows 200/XP/Vista SE (meaning Secure Edition) where the billions of dollars would have been spent developing hardened operating systems rather than fancy GUIs. The Wow starts now, security comes later ... we hope.
Good point. Sometimes it's hard to listen to what is actually been said when you know it is coming from a non-objective source.
However, saying that I still think user awareness and training is needed rather than more resource hogging security apps. Do you know what antivirus software hackers and virus writers use? None. The ones that I have read about anyway. They just know not to download that email attachment called "I love you" or open websites promising free ipods or the latest copy of photoshop for nothing.
Don't get me wrong you still need firewall protection etc. but In the last year since I have my hardware firewall build into my router I have had 0 intrution attempts and 0 viruses detected by my copy of Norton. How necessary is it? Not very but I keep it out of fear.
I think having these apps makes people lazy and they don't bother to become net savvy enough to avoid viruses and spyware in the first place. That is why Phising was so successful to begin with because anti-virus couldn't protect people from it and not being net savvy or having common sense users readily entered their bank login or even credit card details into fake websites making it easy for the criminals.