Symantec is ratcheting up its criticism ofMicrosoft’s forthcoming Windows Vista application.The security vendor has raised several code-related issues that have only beenpartially resolved. At issue is the firm’s access, or lack thereof, to the product’s underlying code.
Now Symantec is stating outright that Microsoft is abusingits monopoly position in order to protect its ownemerging market share in the security software space.
“Microsoft is using their dominant position toregulate what security can be provided on their systemand how that security is provided,” Rowan Trollope,Symantec’s vice president for consumer engineering,told TechNewsWorld. “Microsoft has regulated whatchoices are there: ‘You’re going to have our stuff nomatter what.'”
Accessing the Kernel
Symantec’s current complaint is its lack of access tothe kernel — the fundamental level of operating system code.Microsoft’ reason for withholding access is that it wants to lock out malware writers, according to Ron O’Brien, senior security analyst for Sophos.
“What they are doing is, in order to avoid exploits tovulnerabilities, they are trying to lock down thekernel to make it less accessible,” he toldTechNewsWorld.
Microsoft was unable to comment in time forpublication.
In a blog posting, Microsoft architect Scott Field,who is working on Windows Kernel Security, explains whythe kernel is so valuable — and so vulnerable. It “isthe most carefully coded piece of the entire operatingsystem. Since all other programs depend upon it, aglitch in the kernel can make all other programs crashor perform unexpectedly. … Rootkits often try to gainaccess to the kernel of the OS. Since the kernel hasthe power to control all of the other applications onthe PC, the rootkit can actually hide itself from thefile system or even anti-malware tools, and ultimatelyfrom view of the user.”
Is It Necessary?
Right now, Sophos is not worried about access to thekernel, O’Brien said. “I’ve checked with our own techpeople, and they have said there is no malware outthere that impacts the kernel. That means we don’thave a need to [access] its code.”
If malware were to developthat did exploit a vulnerability in the kernel, hesaid, then that would change. “In that situation, wewould work with Microsoft to develop a patch.”
Symantec might have larger issueswith Microsoft, O’Brien suggested, namely worries about its own consumermarket share. He didn’t extend those same concerns toSophos, though, which focuses on enterprises. “We feelour customers will continue to rely on us to protectthem against exploits in vulnerabilities.”