Following rival Symantec's lead, McAfee complained that by locking access to the Vista kernel, Microsoft was also blocking security vendors' access to the operating system core.
McAfee joined rival Symantec by taking its beef with Microsoft over Windows Vista public on Monday, saying that the new operating system's approach to security will pose "unnecessary risks to the consumer."
In a full-page ad in the day's Financial Times, and in an interview Monday afternoon, McAfee said that by locking access to the kernel in Vista, Microsoft was also locking out critical access by security vendors to the core of the operating system.
"It's the first domino," said John Viega, vice president and chief security architect for McAfee, of the significance of PatchGuard, a technology to be included only with the 64-bit version of Vista. PatchGuard is meant to stop both malicious code and third-party software from making changes at the kernel level, and has been touted by Microsoft as a defense against such malware technologies as rootkits.
"They've leveraged their access [to the kernel] to give themselves an unfair advantage," said Viega. "That will leave users less secure."
In the 32-bit Windows XP, security vendors like McAfee and Symantec have been able to patch to the kernel in order to implement intrusion prevention technologies that, among other things, sniff out malware by its behavior rather than match a "fingerprint" against an already-issued signature. The 64-bit version of Windows XP also uses PatchGuard, but that OS has made virtually no headway in the market.
"We were able to offer our protection to the consumer by accessing the kernel," said Viega. "But Microsoft's locking vendors out. When the first security vulnerability [hits], what's going to happen?"
"Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats," the ad which ran in the Financial Times said. "Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops."
Microsoft has repeatedly said that its own products -- security software included -- must also abide by the PatchGuard restrictions. Viega didn't think Microsoft would be able to resist the temptation. "I don't believe them," he said when asked about Microsoft's promises to steer clear of the kernel. "They're locking out the good guys."
McAfee doesn't like the fact that users of its products may face two competing dashboards -- Vista's and its own -- and says Microsoft must bend. "Usability is absolutely critical to a good security experience," Viego said. "In many cases, [Vista's Security Center] will go from 'you are protected' before installing McAfee to 'we're not sure you're protected' after it's installed."
Most recently, Kroes accused the American developer of running a "coordinated campaign" to discredit her. New reports in the Financial Times today listed encryption and handwriting recognition capabilities as two new Vista features that Kroes' commission is investigating.
"Microsoft is embracing flawed logic," concluded Viega. "It's undermining freedom of choice by inventing a single user interface [for security. It needs to let the customer choose their security provider."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.