McAfee, Microsoft Trade Insults Over Vista

kernel 64-bit

Microsoft immediately fired back, with its chief security executive calling McAfee's charges "inflammatory" and "inaccurate."

The increasingly testy exchange between Microsoft and third-party security software makers -- most notably the two biggest, Symantec and McAfee -- revolves around Microsoft's decision to wall off the kernel in 64-bit Vista. Dubbed "PatchGuard," Microsoft claims that the technology will stop malicious code such as stealth-like rootkits from making changes at the kernel level.

Symantec and McAfee went public with objections to PatchGuard. Both charged that by blocking "kernel hooking" -- intercepting Windows' system calls and modifying the kernel dispatch table -- Microsoft was making it impossible for them to implement advanced security techniques. Both have bluntly accused Microsoft of locking down the kernel to stifle their security products, and those by other security developers.

To appease the European Union's antitrust agency -- which has threatened to poke deeper into Microsoft's desktop monopoly -- the company last week said it would relax its restrictions and build a set of APIs, or Application Programming Interfaces, for vendors to replicate kernel hooking techniques in Vista.

Sponsored post

Thursday, Microsoft held several briefings with more than a score of security vendors as the opening round of talks about the PatchGuard APIs. Microsoft has said the API development process will be long -- first-time APIs probably won't show until Service Pack 1 (SP1) sometime in 2008 -- and research firm Gartner has put the timeline as "years."

But within hours of the briefings, McAfee released a statement in Brussels, the headquarters of the European Union and its antitrust agency, the Competition Commission. "Despite pledges, press conferences, and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week", said Christopher Thomas, McAfee's outside counsel in Brussels, in a statement issued Thursday night.

"We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week." McAfee was not immediately available Friday for follow-up comment, or to answer whether it planned to file an official complaint with the EU commission.

Microsoft wasted no time in responding. Friday morning, the company released a statement attributed to Ben Fathi, who heads its security group. "It's unfortunate that McAfee's lawyers are making these kinds of inaccurate and inflammatory statements," said Fathi. "These discussions are underway between our engineering teams and our third-party security partners about the functionality they are seeking, and how to prioritize this significant work in the months ahead. We are implementing the commitments we made to the European Commission."

Fathi also repeated assurances made previously that Microsoft will itself not be able to access the kernel any more, or any more directly, than security rivals. "It's important to note that we are being completely even-handed with Kernel Patch Protection, aka 'PatchGuard,'" he added. "Microsoft applications will have to follow the same rules as any other security vendor."

McAfee and Symantec have both scoffed at that. Earlier this month, John Viega, McAfee's chief security architect, flatly said: "I don't believe them" when asked about Microsoft's promises. This week, Symantec's head of consumer engineering accused Microsoft of brushing off vendors who want to access the kernel because Microsoft doesn't have the advanced capabilities that require kernel hooking in their own security software, like Windows Live OneCare. "It's no coincidence that they're not concerned about kernel access because they don't offer these advanced technologies. Now that they're in anti-virus, it's even more convenient for them to not offer [kernel access]," said Rowan Trollope.

Although Symantec, McAfee, and other security vendors are pressuring Microsoft in Vista's 11th hour -- the operating system is scheduled to release to enterprise customers next month, probably after the U.S.'s Thanksgiving holiday -- Microsoft will not delay the operating system to meet their demands. This week, Microsoft's chief executive Steve Ballmer said from Europe that Vista was a "go."

"We are through thatwe're prepared to release our product," Ballmer told Reuters in Brussels.

Windows Vista is to ship on new computers and at retail in January 2007.