Home & Office

Symantec: Microsoft won't give us key Vista tech

Security rival says Microsoft is withholding spyware APIs for Windows update, but software giant denies it.
Written by Tom Espiner, Contributor

Symantec has accused Microsoft of withholding key information about its upcoming Vista operating system in an attempt to gain an advantage in the security market.

The security specialist said this week that Microsoft is refusing to hand over the application programmable interfaces (APIs) for Windows Defender, the spyware product that will be included in Windows Vista. Without the APIs, Symantec contends that it is not able to ensure that its own security products are compatible with the update.

"Microsoft is affirmatively introducing bottlenecks to funnel customers to their products," said John Brigden, Symantec senior vice president for Europe. "It's all about control and dominance. They are deliberately delaying giving us the APIs."

Microsoft responded to Symantec's concerns on Wednesday, and said that it had made the APIs for Defender available earlier this week.

"As a result of our ongoing dialogue with partners and our customers, Microsoft decided in August this year to add the ability for any security software company to programmatically disable Windows Defender access through an API," a Microsoft representative said.

"Availability of the Defender APIs was announced to security partners on Friday, Sept. 22, 2006, and we understand Symantec requested and received the go-ahead to develop on that API on Monday, Sept. 25," Microsoft said.

Microsoft added the functionality to disable Windows Defender in Release Candidate 1 of Vista, or RC1, which came out early this month. There may have been some confusion in the industry because the accompanying information for developers, called a software development kit, or SDK, did not provide details on the functionality, the company said.

"Two weeks after releasing RC 1, we provided the follow-up documentation, which was released out-of-band, normally we release it with major milestones," said Adrien Robinson, business development manager at Microsoft. "The confusion, I think, that people are having is that the functionality is not in the RC 1 SDK, and the reason for that is that we added it just before RC1."

Symantec, though, insists that the APIs still aren't available.

The timing of the release of APIs is crucial for Symantec, as it is due to ship a Vista-compatible Norton antivirus product to PC makers in October.

"No-one has received any information about Defender, and we're coming up to an OEM (original equipment manufacturers) shipment date in October. It's three weeks away," Brigden said.

Symantec has partnerships with equipment manufacturers Dell, Fujitsu, Hewlett-Packard, IBM, Sony and Toshiba, among others. The antivirus vendor is worried that Microsoft will hand over the APIs so late that Symantec will not be able to make its antivirus software compatible with Vista in time.

"Microsoft will provide information about two days before the October shipment date, and say 'We've given you the APIs.' Now, we're good, but we're not good enough (to integrate Norton with Defender) in that time," a Symantec representative said.

Symantec hopes the APIs will be supplied before that. It would not comment on the potential damage to its relationships with PC partners, should it not have enough time to integrate Norton into Vista.

The entry of Microsoft into the security market has put incumbents on their guard, given the software giant's US$34 billion cash pile and a hefty presence on desktops. On top of this, European Commission regulators and Microsoft are in the middle of a tussle over the potential antitrust impact of security components in Vista.

Security vendor McAfee is also irked that Microsoft has not provided APIs for Defender. Sources close to the company confirmed that Microsoft has not provided the APIs, and that senior McAfee executives "really have a bee in their bonnets" about the situation.

McAfee is concerned that there will be compatibility problems between its security systems and Vista, and that customers will not be able to remove Defender from their systems, CNET News.com sister site ZDNet UK has learned.

Symantec and McAfee are battling Microsoft for the ability to replace the Windows Security Center with their own security consoles. Additionally, the security companies also claim the PatchGuard feature in 64-bit editions of Vista excludes them but lets in hackers.

CNET News.com's Joris Evers contributed to this report.

Editorial standards