In Nov 2008, Microsoft announced that they are going to start offering free anti-virus/spyware/trojan/rootkit protection. Say bye-bye to Symantec and Mcafee’s cash cows. It looks like it took about 5 years to make it happen assuming they are using the technology they aquired back in 2003 via GeCAD.

So the big question is how long will it take them to go free or alomost free on the enterprise market. My guess late 2009 or early 2010 based on this acquisition.

How good will it be? Who the heck knows but competing against free is always hard. It is really hard when people already hate buying anti-* software. Why buy that when I get this for free from MS.

Last qustion is how are Symantec Mcafee and Trendmicro, et. al. going to recoup all that lost revenue? I have not looked lately but not long ago home and SMB markets where major piles of cash for those companies. So the smart ones will ook at other aquistions to bolster there bottom line. I don’t think it can be just one, they are going to have to go on a bit of a spending spree or die.

Sometimes I just want to give up. I really hate XSS because it is really a tricky issue to explain to people that don’t understand.  It basically boils down to bad people using my website to compromise clients. What they do with those compromised clients can range from fairly benign replicating worms ,  phishing scams, all the way to total remote control of the end users browser. The fine folks at Scam ScanAlert clearly don’t think this is a problem though.

It is hard enough to educate web site owners that this is a problem and how it impacts them without having to fight against people in our own industry telling them it is OK to have XSS vulnerabilities.

Jeremiah, provide more great commentary. By the way, how are you liking the electric wheelchair you bought?