By Robert McMillan
October 16, 2006
IDG News Service
Microsoft has taken the first step toward addressing complaints made by
security vendors Symantec Corp. and McAfee Inc., which had feared that
the software giant's upcoming Vista operating system would harm their
On Monday, Microsoft released API (application programming interface)
code that will allow security vendors to disable the Security Center
management console that will ship with Vista. Symantec and McAfee had
complained that without the ability to disable this software, Vista
users who had purchased their products would receive duplicate and
confusing security messages.
The APIs are being released via several of Microsoft's security partner
programs, including the SecureIT Alliance and the Microsoft Security
Response Alliance, said Adrien Robinson, a director with Microsoft's
Security Technology Unit.
Symantec had brought this and other complaints to the European press
recently and was clearly hoping to pressure the European Commission into
forcing Microsoft into changes.
On Friday, Microsoft announced that it would make the changes that
McAfee and Symantec had been seeking. Monday's API release is the first
step in this direction.
However, it appears that it may be as long as a year before Microsoft
addresses a second concern, relating to a technology called PatchGuard
that Symantec and McAfee say will make their products less secure on
some Windows systems.
PatchGuard is designed to prevent software from accessing the core of
the Windows operating system, called the kernel.
Although PatchGuard is not used by Vista when it is running in 32-bit
mode, it will lock many types of software, including Symantec's, out of
the kernel on 64-bit versions of the operating system. The security
vendors wanted Microsoft to give them some way to access the 64-bit
kernel, saying that this high-level access was required in order to
activate critical security features.
Most Vista users are expected to run Vista in 32-bit mode when it first
ships, but the 64-bit version is expected to eventually become more
widely adopted because its ability to process data in larger, 64-bit
chunks will give it a performance edge.
Microsoft has now pledged to create new APIs for Vista that will allow
vendors like Symantec to get around PatchGuard.
Those APIs will be complex, however, and it will take time for them to
be developed, Robinson said. Microsoft expects to roll out this
functionality in the first major "service pack" update to Vista. No
timeline has been set for Vista SP 1, but if history is a guide, it
could be a year away. Microsoft rolled out its first service pack for
Vista's predecessor, Windows XP, nearly one year after the software's
Robinson left open the possibility that the kernel APIs could also be
released ahead of Vista SP 1. "If we can do something sooner, then we'd
like to do that as well," she said.
Visit the InfoSec News store!