McAfee and Microsoft tangle over Vista security

The debate surrounding Windows Security Center and PatchGuard has turned vicious, with McAfee and Microsoft both claiming that the other is motivated by commercial factors rather than security concerns

McAfee launched its first salvo in the increasingly bitter battle between Microsoft and the security industry on Monday, taking out a full-page advert in the Financial Times.

The advertisement, entitled "Microsoft increasing security risk with Vista", claimed that the company's aim was to see "a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers... when it fails, it fails for 97 percent of the world's desktops".

In the advert, McAfee said that it had not been granted access to central portions of Vista, the next version of the Windows operating system, specifically to the kernel of the 64-bit version of Vista.

Mike Dalton, European president of McAfee, told ZDNet UK that this lack of access would "stop McAfee solutions working" on the 64-bit version of Vista, while leaving the door open for hackers to get past PatchGuard, the part of the operating system designed to prevent malicious attacks.

"If we can't see what's going on in the kernel, we can't see if there's an issue caused by malware," said Dalton. "The decision to build a wall around the kernel with the assumption it can't be breached is ridiculous. We know there are hacker documents out there on how to circumvent PatchGuard, and Microsoft has not had a good history of writing secure code."

In response, Microsoft claimed that PatchGuard, or Kernel Patch Protection, was "a critical step to making the kernel more secure".

"Kernel Patch Protection is not new to Vista; the technology has been shipping for more than three years and is currently available on XP 2003 and for Vista 64-bit shortly. McAfee's security solutions work on 64-bit systems. Customers can and will be protected by their solutions on 64-bit systems," a Microsoft spokesman said, adding that allowing third-party security vendors access to the kernel would cause "security, stability and integrity issues".

Dalton claimed Microsoft was trying to lock security vendors out of Vista so it could sell users its own security products such as OneCare.

"This is clearly an area where Microsoft is taking advantage of its position as vendor of 97 percent of the world's operating systems," said Dalton.

"Is Microsoft [locking vendors out] because the market will see other vendors are doing a better job at security? We may show them up as not having the greatest security product. I would say they're very worried [about that]," said Dalton. "You don't learn the technologies we've learnt overnight, and Microsoft's security attempts so far have been fraught with problems."

McAfee also claimed that Microsoft's refusal to allow its security console, Windows Security Center, to be turned off by vendors was a further attempt to sell more Microsoft products unfairly. "Windows Security Center is always on, always running in the background, saying 'Hey, come and look at Microsoft products'. I find it alarming," said Dalton.

Windows Security Center, introduced with Windows XP Service Pack 2, pops up on desktops to alert PC owners...

... if their firewall, virus protection and other security tools need attention. The version in the Vista update, set for broad release in January, will add new categories and management tools.

Last month, Symantec claimed that Microsoft's policy could endanger users, as people who choose to use Microsoft's console alone will get a limited view of their Vista PC protection.

However, Microsoft has hit back, arguing that these large vendors are complaining about Windows Security Center because they are afraid it could help their smaller security rivals to compete with them on the desktop.

According to Adrien Robinson, director of the security technology unit at Microsoft, the Security Center updates could drive more business to smaller security firms.

"Microsoft becomes a second voice to customers, enabling them to look at other solutions. Security Center can help smaller software vendors by letting customers know they can update software," said Robinson.

One channel used by large antivirus vendors is to get their software pre-installed on machines sold by original equipment manufacturers (OEMs). This software typically runs for a trial period, after which users are prompted with alerts to update the antivirus software.

Microsoft claims smaller independent software vendors (ISVs) don't have deals with OEMs such as Dell, and that Security Center can prevent bigger software vendors unfairly influencing customers.

"Smaller ISVs such as F-Secure don't have an agreement with Dell," said Robinson. "Bigger vendors don't want any other vendor involved once they have an OEM relationship. There's the rub. It's about striking a balance between them."

"The big vendors have a financial relationship with OEMs, but what if a customer wants to use Rising Sun in China or Grisoft [free antivirus software]?" Robinson added.

But Symantec reacted strongly to Microsoft's claim that Security Center would provide customers with more options.

"That's wrong — there is no choice," said John Brigden, Symantec senior vice president for Europe. "Windows Security Center is foisted upon the user with confusingly similar and incomplete information. The security measures in Vista will decrease security if people are driving two dashboards."

"Customers will follow Microsoft products, and endorsed security products that come through Security Center," Brigden told ZDNet UK. "Even though Microsoft is a monopolist, it shouldn't decide the view of the platform."

However, Microsoft alleged that Symantec's products try to disable the alerts generated by Security Center, rendering the console invisible to customers.

"All the big vendors like Symantec and McAfee try to disable alerts and hide Security Center," said Robinson. "[In which case] Windows Security Center is invisible to customers as long as they have an up-to-date firewall and antivirus".

A Microsoft spokesman also denied McAfee's earlier claim that this was the first time a security vendor had been cut off from the core of a Microsoft operating system, saying that security vendors had not been granted access to the core of the 64-bit version of XP.