McAfee Claims Foul on Vista Security Code
- By Stuart J. Johnston
- October 18, 2006
Microsoft last week said it is cooperating with antivirus and security providers so that they can provide the same level of security as its own products, including OneCare Live. At least one big Microsoft partner and competitor, though, disputes those statements.
"Contrary to what it says publicly, Microsoft has not cooperated with the leading security providers," Siobhan MacDermott, McAfee's vice president of worldwide corporate communications, said in a statement e-mailed to this site. "To date, we have not had any cooperation from MS and no response on McAfee's repeated requests to review the information."
In a press briefing last Friday, Brad Smith, Microsoft senior vice president and general counsel, announced that Windows Vista is on track to ship on schedule worldwide, beginning next month to corporate customers and in January for consumers.
Along with that, the company also said it was making changes in three key areas – search features, the XML Paper Specification and security -- to comply with requirements from the European Commission and South Korea.
High on the list, Microsoft said it is providing a security API (application programming interface) so that competing security vendors could bypass or disable certain Vista features including the Microsoft Security Center and a feature found only in the 64-bit editions of Vista called PatchGuard.
"With this new API, Windows Security Center will not send an alert to a computer user when there is an alternative security console installed on a PC, and when that security console is sending that same alert itself," Smith said.
Originally introduced in the 64-bit editions of Windows Server 2003 Service Pack 1, and included in the x64 edition of XP Professional, PatchGuard blocks third-party software from modifying the Windows kernel, according to an article on Wikipedia. "This mitigates a common tactic used by rootkits to hide themselves from user-mode applications," the article says.
The disagreements with partner-competitors generally devolve down into a fight over who is allowed to write code that reaches into Vista's kernel. For years, antivirus and security vendors have had that capability. After spending the last five years trying to make Windows more secure in the face of scathing criticism all around, however, Microsoft maintains that, with Vista, nobody should be able to do that except via an API.
Not surprisingly, McAfee and others strongly disagree. (Perhaps a little ironically, those same firms were also among those criticizing Windows' security problems.)
However, McAfee, for one, argues that being able to patch directly into the kernel enables them to get fixes out to users in the shortest time. Especially since information can be slow in coming from Microsoft, as McAfee claims was the case this week.
"We did receive a document from Microsoft on Monday that contained the [software devcelopers kit] for Windows Security Center only...In fact, we have not received anything at all from Microsoft concerning PatchGuard,," MacDermott said. "From McAfee's perspective, it is not at all acceptable for MS to wait until a service pack and not offer us kernel access until after the launch of Vista."
Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services, and .NET magazines.