Microsoft OneCare was 'good enough'

newsmaker Eugene Kaspersky once told a competitor to his face: "I will eat you." The co-founder and CEO of Kaspersky Lab was certainly not into cannibalism, but was clearly hell-bent on winning over the majority market share his competitor had in the company's base in Russia.

That was in 1995, the year Windows 95 was launched. Contrary to Kaspersky's strategy to develop new software optimized for the Microsoft operating system, its domestic rival saw no need to do so. Today, Kaspersky has the pleasure of saying he had the last laugh since the tables have turned, and it is now the market leader in Russia while its competitor has less than 1 percent share.

In Singapore this week for an Interpol conference and customer and media meetings, the 44-year-old Russian spoke candidly in an interview with ZDNet Asia as he elaborated on the security strategy of rival Microsoft, as well as how cybercrime should be combated.

Q: You've been a security analyst for 20 years. What frustrates you most in the work to keep cybercriminals at bay?
Kaspersky: Understanding what we do is very important. We're not just doing business or just developing some software. We're fighting with the bad guys. It's a very complicated game because many of our opponents are high-level experts. It's very difficult to find solutions against some types of threats. It's a technological arms race.

Are you saying that people often don't understand the complexities of the work security researchers are involved in? Consumers, businesses and even governments?
Governments do understand because they are more and more in touch with these problems. Enterprises, big enterprises, some of them have dedicated teams of security experts and they really understand what's going on. Consumers generally have no clue, but they don't need to understand.

If you had the power to change up to three things in the world today that are related to IT security, what would they be?
Internet design--that's enough.

That's it? What's wrong with the design of the Internet?
There's anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people--hundreds, or maybe thousands. Then it was introduced to the public and it was wrong�to introduce it in the same way.

If I were Bill Gates, I'd run another company--100 percent owned by Microsoft--that produces the antivirus under a different brand.

I'd like to change the design of the Internet by introducing regulation--Internet passports, Internet police and international agreement--about following Internet standards. And if some countries don't agree with or don't pay attention to the agreement, just cut them off.

Isn't it enough to have everyone register with ISPs (Internet service providers) and have IP addresses made known?
You're not sure who exactly has the connection. I can have a Wi-Fi connection and connect using a password, or give away the password for someone else to use that connection. Or the connection could be hacked.

Even if the IP address is traced to an Internet caf�, they will not know who the customer or person is behind the attacks. Think about cars--you have plates on the cars, but you also have driver licenses.

What would keep the vision of an Internet passport, Internet government and an Internet police from becoming reality?
It's expensive, and it's very bureaucratic to have all these agreements.

Governments understand that the problem is a very important one to tackle but they behave in a national way. The minds of law enforcement are still focused on national borders, but the Internet does not have borders. It's a new world in which we have to think differently. That's why I always talk about the need for not just cyberpolice, but Internet police--Internet Interpol.

Microsoft has just launched its Security Essentials. What's your take on the product?
(Grimaces) It's Microsoft 'TwoCare'--it's really the next generation of OneCare. I don't believe in the success of that.

Why not?
Do you believe in the success of Microsoft's antivirus? One person told me: "Yes, but three generations from now." Security is not part of Microsoft's identity. To change that takes years. Companies that want to change their brand definitions have to spend a lot of time and a lot of money, or be smarter.

Toyota was known as a Japanese manufacturer of cheap cars. When they decided to make premium cars, they used a different brand--Lexus. Microsoft can build a very secure product of very high quality, but people will not believe in the brand. If I were Bill Gates, I'd run another company--100 percent owned by Microsoft--that produces the antivirus under a different brand.

But that's a branding issue. What about the quality of the software?
OneCare was good enough. They got very good engineers, a very strong lab--all the resources were in place. From the beginning, the product was good enough but it didn't take market share at all.

But it also faced a lot of criticism from other vendors?
From us, and a bit from Symantec which said the same things as us--that Microsoft and security don't come together.

But, what was good for us was that when they announced they were going to enter the consumer market, our main competitors started to move out of that market. Some of our competitors just cut budgets for consumer product development.

We did the opposite. We allocated more resources. As a result, we're very close to being No. 1 in the retail market in Europe, and we're No. 2 in retail in the United States. We started from zero three years back. So actually, I have much to thank Microsoft for.