Corporate IT security departments risk being caught in a row that could limit the security of the new Windows Vista operating system, as Microsoft and leading security suppliers engage in a bitter war of words about its security features.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Anti-virus suppliers McAfee and Symantec have accused Microsoft of withholding technical information about the system, effectively blocking the development of security products such as intrusion detection systems that need access to the Windows kernel.
But Ben Fathi, vice-president of Microsoft's security technology unit, said the suppliers were spreading "fear, uncertainty and doubt" about a new technology that is essential to ensure the stability of Windows.
The company is also saying that leading anti-virus suppliers are blocking the firm's attempts to improve the "baseline security" of Windows Vista by refusing to integrate their products into the new operating system.
The row threatens to leave IT departments in the lurch by limiting both the security of the new operating system when it is released next year, and the capability of third-party security products.
"I do not think any of us can know what impact this will have. It comes down to whether Microsoft is right or not. The market needs a product that is adequately secure out of the box," said Jay Heiser, research vice-president at analyst firm Gartner.
Senior managers at anti-virus company, McAfee made their complaints about Microsoft public this week, after what they claim are its repeated refusals to share key information about the operating system.
Mike Dalton, vice-president for Europe at McAfee, claimed Microsoft had barred third-party security products from accessing the Windows kernel. "We cannot see into the kernel, therefore our heuristics scanning will not function as well as it should. They are removing a considerable level of security that helps prevent zero day attacks."
Symantec has also joined the row, saying customers will lose the ability to choose what security products they run and be forced to use only those offered by Microsoft.
The dispute centres on the Windows patchlink feature in the 64-bit version of Windows Vista, introduced to prevent malware from rewriting the kernel software. Microsoft has acknowledged that the feature also restricts the capability of some third-party products, such as intrusion protection systems.
The Windows Security Center, which is meant to give users a view of the security status of their machines, is also provoking a dispute.
But Fathi said if Microsoft did not stick to its guns, "Five years from now we are going to be in the same position as we are in today. We are going to have stability issues because there is unsupported random change being made to the kernel."
He claimed that McAfee and other anti-virus companies were deliberately refusing to integrate their products into the security centre, because they did not want to give customers the opportunity to download rival anti-virus products.