Microsoft accused of withholding Vista APIs

Update: Security vendors are almost apoplectic, claiming Microsoft is deliberately withholding access to its Vista spyware product, but the software giant denies the charge

Anti-malware company Symantec has accused Microsoft of withholding key information about its upcoming Vista operating system, in an attempt to gain an unfair advantage in the security market.

Symantec claimed this week that Microsoft is refusing to hand over the application programmable interfaces (APIs) for Windows Defender, its spyware product which will be included in Vista.

Without the APIs, Symantec claims that it isn't able to ensure that its own security products are compatible with Vista.

Microsoft, though, insisted on Wednesday afternoon that the APIs are now available.

"Microsoft is affirmatively introducing bottlenecks to funnel customers to their products," said John Brigden, Symantec senior vice president for Europe. "It's all about control and dominance. They are deliberately delaying giving us the APIs," Brigden told ZDNet UK.

The antivirus company claimed on Tuesday that no security vendors had yet received APIs. The timing of this is crucial for Symantec, as it is due to ship a Vista-compatible Norton antivirus product to PC makers in October.

"No-one has received any information about Defender, and we're coming up to an OEM [original equipment manufacturers] shipment date in October. It's three weeks away," said Brigden.

Symantec has partnerships with equipment manufacturers Dell, Fujitsu, HP, IBM, Sony and Toshiba, among others. The antivirus vendor is worried that Microsoft will hand over the APIs so late that Symantec won't be able to make its antivirus software compatible with Vista in time.

"Microsoft will provide information about two days before the October shipment date, and say "We've given you the APIs". Now we're good, but we're not good enough [to integrate Norton with Defender] in that time," said a Symantec spokesperson.

Symantec hopes the APIs will be supplied before that, and would not comment on the damage to its OEM relationships should it not have enough time to integrate Norton into Vista.

Security vendor McAfee is also angry that Microsoft has not provided APIs for Defender. Sources close to the company confimed that Microsoft has not provided the APIs, and that senior McAfee executives "really have a bee in their bonnets" about the situation.

McAfee is concerned that there will be compatibility problems between its security systems and Vista, and that customers will not be able to remove Defender from their systems, ZDNet UK understands.

Microsoft responded to Symantec's concerns on Wednesday, and claimed that it made the APIs for Defender available earlier this week.

"As a result of our ongoing dialogue with partners and our customers, Microsoft decided in August this year to add the ability for any security software company to programmatically disable Windows Defender access through an API," said a Microsoft spokesman.

"Availability of the Defender APIs was announced to security partners on Friday 22 September, 2006 and, we understand, Symantec requested and received the go ahead to develop on that API on Monday 25 September," Microsoft added.

Symantec, though, insists that the APIs still aren't available.

Both Symantec and McAfee also claim not to have been given access to the PatchGuard kernel, a protective feature that vendors claim excludes them but lets in hackers.