Microsoft, McAfee Trade Barbs Over Vista Security

The war of words continues between Microsoft and the
top independent security software makers.

The software giant today called a
statement by security vendor McAfee “inaccurate and inflammatory.”
Meanwhile, it could be years before Microsoft changes Vista security,
according to a research firm.

Despite a last-minute conference call arranged by Microsoft to iron out details concerning access by security vendors to the 64-bit version of the upcoming Vista operating system,
McAfee said it was “disappointed” by what the
second-place security vendor called “hollow assurances” made by the software

“Despite pledges, press conferences and speeches by Microsoft, the community
of independent security companies that consumers rely on for computer
protection has seen little indication that Microsoft intends to live up to
the promises it made last week,” McAfee outside attorney Christopher Thomas
said in Brussels Thursday night.

Microsoft told EC regulators it would work
with vendors permitting outside security applications to work with new
security features used by Vista.

The promise, followed by the release of some
APIs providing controlled access to Windows Security Center, doesn’t go far
enough, argued Symantec and McAfee.

Although Microsoft released APIs allowing security vendors to replace
Windows alerts with their own, the APIs didn’t provide “hooks” into the
64-bit kernel, fenced off by Kernel Patch Protection, or PatchGuard.

Since Vista, for the first time, will ship with both 32-bit and 64-bit versions on the same disc, access to the kernel is needed for all security features to work, the vendors said.

Thursday, Microsoft announced it would make API hooks into the 64-bit kernel
available with the first Vista service pack. Word that access to the 64-bit
kernel could be delayed had security vendors in an uproar. But Microsoft
denied it was dragging its feet.

“It’s unfortunate that McAfee’s lawyers are making these kinds of inaccurate
and inflammatory statements,” Ben Fathi, corporate vice president of
Microsoft’s Security Technology Unit.

Fathi said Microsoft has taken a number of steps to address the vendors’ complaints, including Thursday’s meeting.

However, in a statement, Fathi said an agreement on accessing the
64-bit Vista kernel will happen “in the months ahead.”

Neil MacDonald, a security research for Gartner, believes it will be years
before Microsoft gives vendors access to the 64-bit kernel. This means
non-Microsoft security products will ship without full functionality.

Many security features offered by Symantec and McAfee involve detecting
malicious behavior or intrusion prevention.

Security is no longer about
antivirus or anti-spyware.

The sort of features that could differentiate
Symantec or McAfee from Microsoft’s own security products won’t be possible
without access to the 64-bit kernel, MacDonald told

Gaining access to the Vista kernel is “a very real concern for McAfee and
Symantec,” MacDonald said. With pressure from the EC lessened, it is up to
enterprises to press Microsoft to provide a date when it will offer rival
security vendors kernel access.

“With antitrust concerns temporarily satisfied, Microsoft may feel less
pressure to make kernel modifications quickly,” according to MacDonald.

Despite PatchGuard availability for three years in the 64-bit version of
Windows XP, nothing happened until the EU put pressure on Microsoft, the
analyst said.

He added that if the software giant doesn’t announce a
timeline for the kernel changes within nine months of Vista’s initial
shipment, a capability allowing security vendors access to the kernel will
likely not be ready for SP1.

It would be premature to speculate on a time frame for
service packs, given Vista development is not complete, a Microsoft spokesperson told

The company said it remains
focused on delivering its new operating system in November to volume license
customers and in January for general release.

News Around the Web