Symantec and Microsoft co-operate on security

At the RSA Conference, the vendors have announced joint participation in a forum aimed at promoting security best practice, despite having previously fallen out over certain aspects of Vista

Antivirus specialist Symantec has joined a security organisation alongside Microsoft, despite having previously come to very public blows with the software giant over its willingness to share security information on Vista.

Announced at the RSA Conference Europe 2007 on Tuesday, Symantec and Microsoft will join the Software Assurance Forum for Excellence in Code (SafeCode), which claims to be a not-for-profit organisation aimed at increasing trust around IT. Other members include EMC, SAP and Juniper Networks.

Commenting on questions about the recent argument between his company and Microsoft over Vista application programming interfaces (APIs), Ilias Chantzos, Symantec's government relations manager for EMEA, said that the two organisations would co-operate in SafeCode in order to benefit customers.

"We have a multi-faced relationship with Microsoft and we are keen to work with them. That will ultimately benefit our customers. I see this relationship as complimentary rather than competitive," Chantzos said.

Last year, security companies, including Symantec and McAfee, complained that Microsoft had locked them out of the Windows kernel. The security vendors claimed that a kernel shield developed by Microsoft, called "PatchGuard" and intended to stop hackers attacking 64-bit versions of Vista, blocked their security products too.

Microsoft eventually agreed to provide security companies with access to the 64-bit APIs but didn't actually provide access until two months after it had officially relented.

Microsoft had long maintained that a complete lock on the kernel would provide the best operating-system security and stability, but it made concessions in response to antitrust concerns raised by officials in Europe and Korea.

SafeCode is being headed up by cybersecurity expert Paul Kurtz, who was one of the founding members of the Cyber Security Industry Alliance (CSIA) and a former White House National Security Council and Homeland Security Council member under Presidents Bush and Clinton.

Kurtz claimed that the organisation is the first global industry-led body aimed at the development and delivery of more secure and reliable hardware software and services.

"Where are the best practices? Everyone talks about them, but how do you find them? SafeCode is going to bring those best practices into one place so that government, consumers and businesses can make best use of them," said Kurtz.

Kurtz added that SafeCode will be assembling an advisory group of government leaders and critical infrastructure operators from around the world to help with its mission.

The organisation will be funded via a $50,000 (£24,000) membership fee levied on each of the members, Kurtz added.

"We want to be seen as an organisation that government and industry can turn to and say: 'Can you help us with this?'," said Kurtz.