McAfee Claims Foul on Vista Security Code

Microsoft last week said it is cooperating with antivirus and security providers so that they can provide the same level of security as its own products, including OneCare Live. At least one big Microsoft partner and competitor, though, disputes those statements.

"Contrary to what it says publicly, Microsoft has not cooperated with the leading security providers," Siobhan MacDermott, McAfee's vice president of worldwide corporate communications, said in a statement e-mailed to this site. "To date, we have not had any cooperation from MS and no response on McAfee's repeated requests to review the information."

In a press briefing last Friday, Brad Smith, Microsoft senior vice president and general counsel, announced that Windows Vista is on track to ship on schedule worldwide, beginning next month to corporate customers and in January for consumers.

Along with that, the company also said it was making changes in three key areas – search features, the XML Paper Specification and security -- to comply with requirements from the European Commission and South Korea.

High on the list, Microsoft said it is providing a security API (application programming interface) so that competing security vendors could bypass or disable certain Vista features including the Microsoft Security Center and a feature found only in the 64-bit editions of Vista called PatchGuard.

"With this new API, Windows Security Center will not send an alert to a computer user when there is an alternative security console installed on a PC, and when that security console is sending that same alert itself," Smith said.

Originally introduced in the 64-bit editions of Windows Server 2003 Service Pack 1, and included in the x64 edition of XP Professional, PatchGuard blocks third-party software from modifying the Windows kernel, according to an article on Wikipedia. "This mitigates a common tactic used by rootkits to hide themselves from user-mode applications," the article says.

The disagreements with partner-competitors generally devolve down into a fight over who is allowed to write code that reaches into Vista's kernel. For years, antivirus and security vendors have had that capability. After spending the last five years trying to make Windows more secure in the face of scathing criticism all around, however, Microsoft maintains that, with Vista, nobody should be able to do that except via an API.

Not surprisingly, McAfee and others strongly disagree. (Perhaps a little ironically, those same firms were also among those criticizing Windows' security problems.)

However, McAfee, for one, argues that being able to patch directly into the kernel enables them to get fixes out to users in the shortest time. Especially since information can be slow in coming from Microsoft, as McAfee claims was the case this week.

"We did receive a document from Microsoft on Monday that contained the [software devcelopers kit] for Windows Security Center only...In fact, we have not received anything at all from Microsoft concerning PatchGuard,," MacDermott said. "From McAfee's perspective, it is not at all acceptable for MS to wait until a service pack and not offer us kernel access until after the launch of Vista."

About the Author

Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services, and .NET magazines.


  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.

  • Microsoft Rolls Out SQL Server 2019 RC1

    The first release candidate of the forthcoming SQL Server 2019 product can now be downloaded from Microsoft's Evaluation Center page.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft, Tech Leaders Back Confidential Computing Consortium

    The Linux Foundation on Wednesday announced the formation of a new group that aims to ensure the security of processed data.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.