McAfee Slams Microsoft Over Vista Security

Windows Vista

In a full-page ad in the day's Financial Times, and in an interview Monday afternoon, McAfee said that by locking access to the kernel in Vista, Microsoft was also locking out critical access by security vendors to the core of the operating system.

"It's the first domino," said John Viega, vice president and chief security architect for McAfee, of the significance of PatchGuard, a technology to be included only with the 64-bit version of Vista. PatchGuard is meant to stop both malicious code and third-party software from making changes at the kernel level, and has been touted by Microsoft as a defense against such malware technologies as rootkits.

"They've leveraged their access [to the kernel] to give themselves an unfair advantage," said Viega. "That will leave users less secure."

In the 32-bit Windows XP, security vendors like McAfee and Symantec have been able to patch to the kernel in order to implement intrusion prevention technologies that, among other things, sniff out malware by its behavior rather than match a "fingerprint" against an already-issued signature. The 64-bit version of Windows XP also uses PatchGuard, but that OS has made virtually no headway in the market.

"We were able to offer our protection to the consumer by accessing the kernel," said Viega. "But Microsoft's locking vendors out. When the first security vulnerability [hits], what's going to happen?"

"Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats," the ad which ran in the Financial Times said. "Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops."

Microsoft has repeatedly said that its own products -- security software included -- must also abide by the PatchGuard restrictions. Viega didn't think Microsoft would be able to resist the temptation. "I don't believe them," he said when asked about Microsoft's promises to steer clear of the kernel. "They're locking out the good guys."

Viega also cited Vista's Security Center, the security status dashboard that Symantec slammed in September. Unlike Windows XP, Vista will not allow third-party vendors to automatically disable the dashboard when their products are installed; users, however, can manually switch off the dashboard.

McAfee doesn't like the fact that users of its products may face two competing dashboards -- Vista's and its own -- and says Microsoft must bend. "Usability is absolutely critical to a good security experience," Viego said. "In many cases, [Vista's Security Center] will go from 'you are protected' before installing McAfee to 'we're not sure you're protected' after it's installed."

Like Symantec, McAfee said it was not officially taking the issues of Vista's security to the European Union's Competition Commission, which has been skirmishing with Microsoft over the operating system for months. At one point, Microsoft threatened to delay Vista's release in the EU if the commission didn't green light its security plans; Commissioner Neelie Kroes, meanwhile, said it was Microsoft's responsibility to figure out what was permissible under the 2004 antitrust ruling.

Most recently, Kroes accused the American developer of running a "coordinated campaign" to discredit her. New reports in the Financial Times today listed encryption and handwriting recognition capabilities as two new Vista features that Kroes' commission is investigating.

"Microsoft is embracing flawed logic," concluded Viega. "It's undermining freedom of choice by inventing a single user interface [for security. It needs to let the customer choose their security provider."