Executives at Symantec Corp. and other security vendors say that
some of the security technologies that Microsoft plans to introduce
in Vista are making it harder for them to build products that
protect customers.
Of specific interest is Vista's PatchGuard feature that prevents
any software other than Microsoft's from adding extensions to the
Vista kernel, regardless of the intent. This is not only designed
to prevent malware from hooking the kernel for nefarious purposes,
but it should also stop third-party software from making legitimate
extensions to the kernel.
Following the May debut of Microsoft's Windows Live OneCare
antivirus, antispyware and security suite, the Redmond, Wash.,
software giant has executives at other antivirus and security
companies on edge.
"I haven't gotten any answers from the Windows engineers as to
whether this is a new policy or just something they're doing, but
at a company like Microsoft something like this usually happens
from the top down," David Thompson, CIO at Symantec, of Cupertino,
Calif., said in a recent interview. "What this does is limit our
ability to build products that are compatible with Vista. That's
bad for customers."
But it's also potentially good for Microsoft. The company for
years has relied on Symantec, McAfee Inc., Trend Micro Inc. and CA
Inc. to deliver antivirus products for Windows machines, and most
PC manufacturers preload one of these vendors' AV suites on new
computers. But that model could quickly be going by the wayside, as
Microsoft prepares to deliver Vista and works to entice consumers
to switch to Windows Live OneCare.
Other security vendors say they understand why Microsoft is doing
what it's doing with PatchGuard and similar kernel-protection
technologies, but say that the effects will likely be short-lived.
"Since many programs, including security software, use the
kernel in undocumented ways, they had a concern," said Ron O'Brien,
senior security analyst at UK-based antivirus firm Sophos plc.
"PatchGuard will serve as a deterrent for a period of time, but
will be circumvented sooner or later."
Some executives in the security industry, including Symantec CEO
John Thompson, have said that they don't fear Microsoft as a
competitor. But CIO David Thompson said the company is very aware
of the threat that Microsoft poses to its core AV business.
"We absolutely take them seriously. That's a very smart group of
people," Thompson said. "But I have a lot of confidence in our team
too. We have a very large and very loyal customer base."
PatchGuard has been available on Windows XP x64 Edition for some
time, but its inclusion in Vista will be its first wide release. In
a blog post this week discussing the kernel mode security in
Windows, Oliver Friedrichs, director of emerging technologies at
Symantec, expressed many concerns about PatchGuard and its
implications.
"Another disturbing side effect of this technology is that while
legitimate security vendors can no longer make extensions to the
Vista kernel (any attempt to circumvent these security features may
only work temporarily), researchers and attackers can, and have,
already found ways to disable and work around PatchGuard,"
Friedrichs wrote. "These new technologies, along with Microsoft's
unwillingness to make compromises in this area, have serious
implications for the security industry as a whole."
A source at Microsoft, who asked not to be named, said the
company has no agenda that would justify preventing other security
vendors from making compatible products; it is simply trying to
lock down the Vista kernel as tightly as possible.