In a move that may do more for its reputation than its bottom line, Microsoft is buying Sybari, a small New York security-software company.

Share story

In a move that may do more for its reputation than its bottom line, Microsoft is buying Sybari, a small New York security-software company that was preparing to go public this year.

About 10,000 companies and government agencies, including the Pentagon and the FBI, use Sybari products to protect their e-mail systems from worms, spam and viruses.

Sybari is the third such company Microsoft has bought since Chairman Bill Gates made security and reliability top priorities in 2002.

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

The acquisitions are helping Microsoft produce better software, but potential competition from Redmond is causing jitters in the security-software industry. Shares of Sybari competitors Symantec and McAfee fell yesterday, while Microsoft gained 8 cents to close at $26.24.

The Sybari deal signals Microsoft plans to provide security products to large companies as well as consumers, said Piper Jaffray analyst Gene Munster.

“The reality is that Microsoft, they’re making a statement here — they’re coming and they’re going to come up to the enterprise,” he said.

Microsoft security moves

The acquisition of Sybari Software is the latest step Microsoft has taken to improve product security and confidence customers have in its software.

January 2002:
Chairman Bill Gates directs employees to make security a top priority.

June 2003:
Buys GeCAD, a Romanian antivirus vendor.

December 2004:
Buys anti-spyware vendor Giant Company Software of New York.

January 2005:
Releases test version of anti-spyware software based on Giant technology.

February 2005:
Announces acquisition of Sybari Software.

Still unclear is whether Microsoft will continue offering the acquired security products separately or bundle them into future versions of its software. Insights into the strategy may come Tuesday, when Gates speaks at a security conference in San Francisco.

The Sybari deal is still being completed, and Microsoft would not disclose the terms. But analysts estimate Sybari sold for at least $186 million, the value of its shares at their proposed $16 maximum offering price.

Munster estimates Microsoft paid “somewhere around $300 million” for a company with sales around $40 million a year.

“The way they’re gobbling stuff up, I wouldn’t be surprised if they do it with somebody else,” he said.

Microsoft has been using Sybari to protect its own systems, said Mike Nash, vice president of the Redmond company’s security and business unit.

After the deal is finalized, Microsoft will sell business customers a standalone security product based on technology from Sybari and some from GeCAD, a Romanian antivirus-software company it bought in 2003.

External, internal moves

Nash said Microsoft is improving the security of its offerings with a mix of acquisitions and internally developed technology, such as the recent service pack for Windows XP.

“It really is a function of us looking at the overall strategy, focusing primarily on customer needs and then building or buying things to respond to those needs,” he said.

Sybari has about 10,000 customers, including about 20 percent of the Fortune 500. Most use its products to add security to Microsoft Exchange servers, which are used for e-mail and messaging. Sybari also makes products for customers using the competing IBM Lotus Notes systems.

Nash said Microsoft will continue serving customers that use Lotus Notes on Windows but it’s still “working through” what to do for customers using Lotus Notes on non-Microsoft platforms.

One of the most active Nasdaq stocks yesterday was Symantec, whose shares fell $1.51 to $22.09.

Enrique Salem, senior vice president of the Cupertino, Calif.-based company, said Symantec will endure because business customers want premium security products that work on a mix of software platforms in addition to Windows.

“They want vendors who can run security across Linux, across Windows, across AIX, across Solaris — that’s what Symantec specializes in,” he said.

Big companies will keep paying for premium security. But a lower-priced option from Microsoft — such as a basic security feature bundled with its software — would appeal to many small- and medium-sized companies, said Laura Koetzle, vice president at Forrester Research.

For smaller companies strapped for cash, she said, “the question isn’t how good is it in absolute terms; the question is, is it enough?”

Image maker

Although Sybari is a relatively small player, its high-profile customers could help Microsoft make the case its products are more trustworthy.

Users include Airbus,, American Express, Safeco, Visa, Congress and the U.S. Department of Energy.

Sybari also protects the e-mail system of the European Commission, the agency pursuing an antitrust case against Microsoft.

Microsoft may be hoping for more credibility with Sybari, but its software will continue to be heavily scrutinized, UBS analyst Daniel Cummins said in a research note.

He said corporate customers are more interested in “tighter Windows code” than new Microsoft security products.

Ten-year-old Sybari employs about 280 people, including about 50 software developers, based in East Northport, N.Y.

Microsoft will continue running the company there for now, but layoffs and relocations are possible in the future, spokeswoman Nicole Miller said.

“As we bring the two businesses together we will look for overlap in roles and responsibilities,” she said via e-mail.

“As we begin the process of integration we may identify locations where there is overlap, and over time we may decide to co-locate.”

Sybari Chief Executive Robert Wallace referred an inquiry to Microsoft.

Brier Dudley: 206-515-5687 or

New round of security fixes

Microsoft released eight security fixes yesterday that carry its highest threat rating and urged computer users to install them quickly because the vulnerabilities they address could let attackers take complete control of systems.

Seven of the vulnerabilities Microsoft marked “critical” affect the Windows operating system and related software, including the Internet Explorer browser, media player and instant messaging. The eighth is with the Redmond software maker’s Office XP business software.

Microsoft also released four security fixes that carry lesser threat levels, but the problems could still allow attackers to gain some control of a system.

Anyone running any version of Windows will need to install at least one of the updates.

Many of the fixes also apply to Service Pack 2, the massive security upgrade for Windows XP released last summer.

The Associated Press