Symantec Lashes Out at Microsoft for Barring Vista Code Access
Sep 28, 2006 4:06 PM PT
Symantec is ratcheting up its criticism of Microsoft's forthcoming Windows Vista application. The security vendor has raised several code-related issues that have only been partially resolved. At issue is the firm's access, or lack thereof, to the product's underlying code.
Now Symantec is stating outright that Microsoft is abusing its monopoly position in order to protect its own emerging market share in the security software space.
"Microsoft is using their dominant position to regulate what security can be provided on their system and how that security is provided," Rowan Trollope, Symantec's vice president for consumer engineering, told TechNewsWorld. "Microsoft has regulated what choices are there: 'You're going to have our stuff no matter what.'"
Accessing the Kernel
Symantec's current complaint is its lack of access to the kernel -- the fundamental level of operating system code. Microsoft' reason for withholding access is that it wants to lock out malware writers, according to Ron O'Brien, senior security analyst for Sophos.
"What they are doing is, in order to avoid exploits to vulnerabilities, they are trying to lock down the kernel to make it less accessible," he told TechNewsWorld.
Microsoft was unable to comment in time for publication.
In a blog posting, Microsoft architect Scott Field, who is working on Windows Kernel Security, explains why the kernel is so valuable -- and so vulnerable. It "is the most carefully coded piece of the entire operating system. Since all other programs depend upon it, a glitch in the kernel can make all other programs crash or perform unexpectedly. ... Rootkits often try to gain access to the kernel of the OS. Since the kernel has the power to control all of the other applications on the PC, the rootkit can actually hide itself from the file system or even anti-malware tools, and ultimately from view of the user."
Is It Necessary?
Right now, Sophos is not worried about access to the kernel, O'Brien said. "I've checked with our own tech people, and they have said there is no malware out there that impacts the kernel. That means we don't have a need to [access] its code."
If malware were to develop that did exploit a vulnerability in the kernel, he said, then that would change. "In that situation, we would work with Microsoft to develop a patch."
Symantec might have larger issues with Microsoft, O'Brien suggested, namely worries about its own consumer market share. He didn't extend those same concerns to Sophos, though, which focuses on enterprises. "We feel our customers will continue to rely on us to protect them against exploits in vulnerabilities."