Symantec Calls Out Microsoft Over Vista Security Center

Microsoft said Symantec's charges were bogus.

The Cupertino, Calif. security company's beef with Microsoft is over the new operating system's Security Center, a dashboard that Vista presents to indicate whether the firewall is correctly configured, for example, or that the computer's anti-virus signatures are up to date. Microsoft plans to release Vista in November to corporate clients, and push it into general availability in January 2007.

"Our concern is that Microsoft is fundamentally limiting customers' choice," said Rowan Trollope, Symantec's vice president of consumer engineering.

Although Vista's Security Center remains an issue, earlier discussions between the two led Microsoft to agree to let third-party security developers disable the Windows Firewall if another is installed, Symantec said. "Microsoft did agree under much pressure to [let us] turn off the firewall, and we believe they will give us a way to turn off [Windows] Defender," said Trollope. "But Microsoft hasn't budged on Security Center. They've categorically stated that it must be on, and they will not give us a way to turn it off.

"Why does Microsoft have to the be the sole voice about [Vista] security?"

Symantec, as well as others in the consumer security market, like McAfee and Trend Micro, produce security suites that include some kind of dashboard which displays the status of security settings. Symantec calls its dashboard "Security Protection Center," and includes it with its consumer products, including Norton Internet Security.

In Windows XP, vendors were able to turn off Microsoft's Security Center, and replace it entirely with their own. That's what they want to do in Vista, said Symantec.

If there are multiple dashboards on a PC, Symantec claimed, users will be confused by conflicting messages. "What if they're told by Security Center that everything's green and by McAfee that anti-virus is red? Who should they believe?" said Trollope. "That makes for a terrible user experience. It would be like having two dashboards in a car, each one telling you different things."

Several veteran security vendors, including Symantec, have butted heads with Microsoft over the company's entry into the consumer space with its OneCare software, and more recently, over Vista. Some rivals have gone so far as to accuse Microsoft of trying to drive them out of business with predatory pricing practices.

"It's no coincidence at all that Microsoft's doing this as it enters the security market," said Symantec spokesman Chris Paden. "The problem we have with this is that Microsoft's using its monopoly over the operating system to dictate the choices that consumers have."

Ridiculous, answered Stephen Toulouse, a senior product manager in Microsoft's security technology group. "It's completely the opposite. We're not dictating choices."

Instead, said Toulouse, the decision to make sure Security Center could not be disabled by vendors came out of experience with Windows XP SP2, where at times users who uninstalled a third-party security suite would not know how to turn the integrated dashboard back on after it had not been re-enabled by the departing suite. "We're meant to be a complementary voice" on security in Vista, Toulouse, argued, not the only voice. "Third-party software can expand on different categories than those present in Security Center, and the user has the ability to turn off the Security Center entirely."

Toulouse also argued that because none of the third-party security software dashboards communicate with each other, Vista needs its own console, one that gathers status information from all installed security components and puts in it one place. "It's a safety net of notification."

The argument between Symantec and Microsoft over Security Center is important because Vista's security features have recently been cited by Neelie Kroes, the head of the European Union's antitrust agency. In a letter to the Financial Times this week, Kroes said "We do nevertheless seek to ensure that rival security software vendors, who have traditionally been the innovators in this area, are able to compete on a level playing field."

Microsoft and Kroes' Competition Commission have gone public in recent weeks over Vista, with the American developer threatening to delay the operating system's release in Europe if the EC doesn't green light Vista's feature set. For its part, the EC has said it's up to Microsoft to follow the 2004 ruling, which termed Microsoft a near monopoly and fined it over $600 million.

On Friday, Symantec's spokesmen denied earlier reports that they were traveling to Europe next week to meet with the EC regulators. Those reports had linked Symantec with Adobe, which has reportedly filed an official complaint with the EC over Vista.

"Other IT companies share our concerns," said Symantec's Paden. "But they operate with different agendas. We hope that by dealing with Microsoft [directly] that these issues will be resolved. Because of those discussions, it's premature to say that anyone would take any other action."

Toulouse was also adamant about Vista and the EU. "We will produce a version of Vista that is complaint in the EU," he said. "We're still seeking clarity on that. But our position on choice [and the Security Center] is the same with the EU as it is with Symantec.

"This enables choice, and we think that's a good thing," Toulouse said.