[ISN] Security firms skeptical about Vista shift

From: InfoSec News (alerts@private)
Date: Sun Oct 15 2006 - 22:37:00 PDT


http://news.com.com/Security+firms+skeptical+about+Vista+shift/2100-7355_3-6125866.html

By Joris Evers
Staff Writer, CNET News.com
October 13, 2006

Security rivals' reaction to word that Microsoft will make changes in 
Windows Vista to allay competitive concerns: We'll believe it when we 
see it.

On Friday, Microsoft said it will give security software makers 
technology to access the kernel of 64-bit versions of Vista for 
security-monitoring purposes. Additionally, the company said it will 
make it possible for security companies to disable certain parts of the 
Windows Security Center in Vista when a third-party security console is 
installed.

Microsoft made both changes in response to antitrust concerns from the 
European Commission. Led by Symantec, the world's largest antivirus 
software maker, security companies had publicly criticized Microsoft 
over both Vista features and also talked to European competition 
officials about their gripes.

Security companies are taking note of the changes Microsoft said it 
would make to the operating system update, but will judge the outcome 
when they actually see them.

"We have not seen anything yet," said Cris Paden, a Symantec spokesman. 
"These are technical issues. Until we actually see the APIs, all we know 
is what they have said in the media. So far they have not done anything 
yet."

APIs, or application program interfaces, are the actual parts of Vista 
that Microsoft on Friday said it would make available so that security 
companies can access the Vista kernel and disable parts of Windows 
Security Center.

"If it is true, then it would be a step in the right direction for 
giving customers the choice to use whatever solutions they would like," 
Paden said.

The technology to suppress Windows Security Center alerts should be 
available next week, but APIs related to kernel protection still need to 
be developed and may not be ready before Microsoft ships Vista to PC 
makers and CD factories, said Adrien Robinson, a director in Microsoft's 
Security Technology Unit.

"We do not want vendors... accessing the kernel through unmodified 
approaches or modifying the kernel," Robinson said. "We will not allow 
them to go on the fly and modify the kernel, basically circumventing 
PatchGuard. We need to work with them on the right approaches to work 
with PatchGuard."


Points of contention

Kernel protection and Windows Security Center were two of the main 
points of contention between Microsoft and its security rivals. 
Symantec, McAfee and others had charged that Microsoft was hurting the 
competition and creating an unfair advantage for its own products 
through these features.

In 64-bit versions of Vista, the kernel protection, or PatchGuard, not 
only locked out hackers but also prevented some security software from 
running, security companies have said. They had asked for a way to 
access the kernel, which Microsoft insisted would hurt the security and 
stability of Windows. Microsoft now says it will provide that access, 
albeit in a controlled way.

"We have committed to create a new set of APIs that will enable 
third-party security products to access the Windows kernel in a secure 
manner," Microsoft said in a statement on Friday.

Windows Security Center, a key piece of Windows Vista real estate, tells 
people the status of security on their Vista PC, such as whether 
antivirus software or a firewall is installed and running. Security 
rivals have asked for a way to disable the Windows Security Center in 
favor of their own security dashboards.

Microsoft appears to be granting some, but not all, of that wish. "We 
are creating a new set of APIs to ensure that Windows Security Center 
will not send an alert to a computer user when an alternative competing 
security console is installed on the PC and is sending the same alert 
instead," Microsoft said in a statement.

Windows Security Center will continue to be running on the system so 
that a customer can have a cross-vendor, cross-technology view of the 
security on their Vista PC, Robinson said. In other words, third-party 
products won't be able to completely hide the Windows Security Center 
interface, which is what security companies had asked for.


Still skeptical

McAfee and Check Point Software Technologies, maker of ZoneAlarm 
security software, welcomed Microsoft's announcement, but, like 
Symantec, reserved judgment.

"We are encouraged by Microsoft's recognition that there is a problem. 
However, we do not have specific information on the nature of these 
changes, or their timing," said Siobhan MacDermott, a McAfee 
spokeswoman. "As more information becomes available, we will study it 
carefully before forming a view on whether Microsoft's plans provide a 
reasonable basis for addressing these issues."

Check Point's response also stressed that the clock is ticking on the 
release of Vista.

"We are encouraged to see Microsoft taking the security industry's 
concerns seriously," said Laura Yecies, general manager of Check Point's 
ZoneAlarm consumer division. "Once we have a chance to see what 
capabilities the new kernel-level APIs will extend to us, we'll have a 
better idea if they will be adequate. We hope to see those new API's 
soon."

Timing is of the essence. Security providers, including Symantec and 
McAfee, want to have products available that work with Vista the moment 
it is released. Vista, the long-awaited successor to Windows XP, is 
slated to be available to large business users next month and the 
general public in January.

"If the APIs exist, then Microsoft should make them available to the 
security industry immediately," Symantec's Paden said. "We will have 
Vista compatible solutions when the operating system is finally 
available for consumers. Last we heard, that was going to be January; 
therefore, we need these APIs yesterday."

Copyright 1995-2006 CNET Networks, Inc. All rights reserved.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Oct 15 2006 - 22:44:50 PDT