Technology News: Security: Microsoft's Refusal to Share Vista Kernel Still Drawing Fire

By Erika Morphy
E-Commerce Times
Part of the ECT News Network
10/09/06 3:20 PM PT

Symantec and McAfee have joined other antivirus vendors in decrying Microsoft's decision to deny independent firms access to the kernel of its upcoming Vista operating system. "If Microsoft succeeds in its latest effort to hamstring ... competitors, computers everywhere could be less secure," Symantec chairman and CEO George Samenuk wrote in an open letter to customers.

Rackspace now offers green hosting solutions at the same cost without sacrificing performance. We make it easy for our customers to choose a green configuration or customize one that works for your business needs. Make the eco-friendly choice.

Third party antivirus vendors are becoming increasingly convinced that Microsoft's (Nasdaq: MSFT) rigorous security protocols for its forthcoming Windows Vista operating system are in effect a back-door effort to gain market share in the computer security space.

Symantec (Nasdaq: SYMC) -- and more recently, McAfee -- have charged the Redmond, Wash.-based conglomerate with abusing its dominant position in the OS market by denying independent firms access to its security code. The firms have reportedly brought the issue to the attention of the Department of Justice and are increasingly voicing their opinions on the matter in public venues. Late last month, Rowan Trollope, Symantec's vice president for consumer engineering, told the E-Commerce Times that Microsoft is attempting to "regulate what security can be provided on their system and how that security is provided."

Shutting Independents Out

Now, in an open letter to customers, McAfee chairman and CEO George Samenuk is adding his own voice to the chorus.

"For the first time, Microsoft shut off security providers' access to the core of its operating system -- what is known as the 'kernel,'" he wrote.

"At the same time, Microsoft has firmly embedded in Vista its own Windows Security Center -- a product that cannot be disabled even when the user purchases an alternative security solution. This approach results in confusion for customers and prevents genuine freedom of choice."

Microsoft's Mindset

In an earlier interview with the E-Commerce Times regarding Symantec's complaints about Microsoft's Vista security policies, Ron O'Brien, senior security analyst for Sophos , took a stab at explaining Microsoft's mindset.

"What they are doing is, in order to avoid exploits to vulnerabilities, they are trying to lock down the kernel to make it less accessible," he told the E-Commerce Times.

He added that Sophos was not worried about access to the kernel -- for the moment -- as there is no malware known to be in existence that impacts the kernel. If that changes, he says, Microsoft would provide access to Sophos, which is one of its partner companies.

Critics, however, are becoming more vehement in their demands for access to the Vista kernel.

In his letter, Samenuk said that customers should recognize that Microsoft is being completely unrealistic if it thinks that by locking security companies out of the kernel, hackers won't crack it. Samenuk, in fact, claims that hackers already have the kernel.

Still, he acknowledges that few threats actually target the kernel itself. Rather, most malware is aimed at disabling applications or programs. "Yet the unfettered access previously enjoyed by security providers has been a key part of keeping those programs and applications safe from hackers and malicious software," he said.

"If Microsoft succeeds in its latest effort to hamstring these competitors, computers everywhere could be less secure."

Microsoft was unable to respond to this story in time for publication.

Microsoft	Activate Alert \| Search Archives

Symantec	Activate Alert \| Search Archives

McAfee	Activate Alert \| Search Archives

Sophos	Activate Alert \| Search Archives