Microsoft vs McAfee turns nasty

Relations between Microsoft and the large security vendors deteriorated late last week, when the software giant accused McAfee of making misleading claims over its Vista operating system.

In a statement, Microsoft said McAfee was wrong to claim the software giant was failing to deliver on recent promises to work with the security industry.

"It's unfortunate that McAfee's lawyers are making these kinds of inaccurate and inflammatory statements," said Ben Fathi, corporate vice president of Microsoft's security technology unit.

Fathi was responding to comments made by Christopher Thomas, a partner at legal firm Lovells which is being employed by McAfee.

"Despite pledges, press conference and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week," said Thomas.

"We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week," Thomas added.

Thomas was referring to Microsoft's recent commitment to give security software makers technology to access the kernel of 64-bit versions of Vista for security-monitoring purposes, and allow them to disable certain parts of the Windows Security Center in Vista.

Both McAfee and Symantec have claimed that Microsoft was endangering user security by blocking their access to Vista. Microsoft, though, argued that they were just concerned about losing market share to smaller rivals.

Technical discussions over access to the Vista kernel also got off to a bad start last Thursday. The first online conference between Microsoft and the security firms was a damp squib, with many vendors unable to join the discussion. Microsoft senior product manager, Stephen Toulouse, later admitted that participants were sent the wrong link.

"People joining using the link resulted in basically the first attempt at the meeting folding and we had to scramble to set it up again," admitted Toulouse in a blog posting.

The increasingly bitter dispute over Vista security may deter some users from upgrading. Analyst firm Gartner has recommended that companies who run some host intrusion-prevention systems (HIPS) should hold off from moving to 64-bit Vista for several years.

McAfee and Symantec's rivals, though, have little sympathy. Sophos claimed on Monday that they were to blame for not giving enough thought to Vista when developing their products.

"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with high-spec Vista in mind," said Richard Jacobs, chief technical officer of Sophos.

"We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them. That's why we're ready for 64-bit Vista, and others aren't."