News

Microsoft and anti-virus suppliers battle it out over Vista security levels

Corporate IT security departments risk being caught in a row that could limit the security of the new Windows Vista operating system, as Microsoft and leading security suppliers engage in a bitter war of words about its security features.

Anti-virus suppliers McAfee and Symantec have accused Microsoft of withholding technical information about the system, effectively blocking the development of security products such as intrusion detection systems that need access to the Windows kernel.

But Ben Fathi, vice-president of Microsoft's security technology unit, said the suppliers were spreading "fear, uncertainty and doubt" about a new technology that is essential to ensure the stability of Windows.

The company is also saying that leading anti-virus suppliers are blocking the firm's attempts to improve the "baseline security" of Windows Vista by refusing to integrate their products into the new operating system.

The row threatens to leave IT departments in the lurch by limiting both the security of the new operating system when it is released next year, and the capability of third-party security products.

"I do not think any of us can know what impact this will have. It comes down to whether Micro­soft is right or not. The market needs a product that is adequately secure out of the box," said Jay Heiser, research vice-president at analyst firm Gartner.

Senior managers at anti-virus company, McAfee made their complaints about Microsoft public this week, after what they claim are its repeated refusals to share key information about the operating system.

Mike Dalton, vice-president for Europe at McAfee, claimed Microsoft had barred third-party security products from accessing the Windows kernel. "We cannot see into the kernel, therefore our heuristics scanning will not function as well as it should. They are removing a considerable level of security that helps prevent zero day attacks."

Symantec has also joined the row, saying customers will lose the ability to choose what security products they run and be forced to use only those offered by Microsoft.

The dispute centres on the Windows patchlink feature in the 64-bit version of Windows Vista, introduced to prevent malware from rewriting the kernel software. Micro­soft has acknowledged that the feature also restricts the capability of some third-party products, such as intrusion protection systems.

The Windows Security Center, which is meant to give users a view of the security status of their machines, is also provoking a dispute.

But Fathi said if Microsoft did not stick to its guns, "Five years from now we are going to be in the same position as we are in today. We are going to have stability issues because there is unsupported random change being made to the kernel."

He claimed that McAfee and other anti-virus companies were deliberately refusing to integrate their products into the security centre, because they did not want to give customers the opportunity to download rival anti-virus products.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy