Microsoft has just thrown the anti-virus industry a problem called Microsoft Security Essentials. The problem is the incredibly obvious one - it's free.
What's amazing is not that Microsoft is handing out something for free, but that it has taken them so long to get around to it. For at least the last four years since XP's SP2 security makeover, it's been obvious that anti-malware is not an optional extra with a PC but a core part of what makes it usable.
The clue to Essentials is in its name.
This follows history. Not that long ago, the Internet-inspired bought TCP/IP stacks to get their computers to connect to the Internet until it was realised that this was a job for the operating system and was actually a necessity. Although Essentials isn't tightly knitted to Windows, my prediction is that it will one day become so, just as the Windows 7 firewall and User account Control are now standard piece of its internal workings.
What of the extraordinary number of other companies selling programs that do much the same thing? In the short term, some of them will also have to start giving away basic anti-malware programs too for fear that they will be pushed off the desktop. Longer term, the better paid-for programs will start adding more and more features to keep up market share.
An increasing number already come with anti-spam (the one useful thing Essentials doesn't yet do) anti-keylogging virtual keyboards, patching of third-party vulnerabilities, and some have started taking up ID theft protection. I can see encryption utilities entering the fray. The possibilities are myriad.
For sure, the Symantecs and McAfees will need better marketing to explain why all these extra bits matter because the average consumer has barely even heard of them never mind seeing it as a reason to spend money. That's the biggest challenge - trying to explain why they need something that goes beyond what free programs will do for nothing.
An interesting question is where all this leaves business customers. The majority of these have tended to stick to basic AV programs that can be centrally managed, but it's hard to see how Essentials won't have some sort of knock-on effect on this market too.
Security software companies are an essential part of the microcosm of diversity that is essential to keep the security industry form lagging too far behind the criminals. But perhaps that's the real problem that the arrival of Essentials points too. The idea of a security company is slowly becoming obsolete as these technologies reach closer to kernel level.