Has Microsoft Softened Its

By Matt Hines  |  Posted 2006-10-19 Print this article Print

Tone?"> The move to meet with the software makers to alleviate lingering concerns on the part of the companies over PatchGuard marks a significant shift in the tone that Microsoft has adopted in communicating with the security industry about the feature.

In previous months, Microsoft has suggested that ISVs needed to find new ways to innovate their products to work with the tools, versus conceding that it could do more to help the firms adjust to the design shift.

Despite Microsofts effort to quell the controversy over Vista security, which arrived in the face of EU inquiries into the operating systems new features and the software giants move further into the security applications arena, Toulouse said that his companys position has remained the same throughout the development of the OS.

He denied that Microsoft has bent its strategy to appease its security partners or industry regulators.

"Characterizing the move to provide more APIs as Microsoft caving is confusing for us, as throughout the development process weve encouraged all the parties involved to take advantage of the programs weve made available to them," Toulouse said. "This is part of the design process by which partners have the ability to contribute to the development of the product; weve said all along that we wont allow anyone to disable PatchGuard, and thats not going to change; this is about striking a balance of keeping protections for the end user in place and working with ISVs."

At the heart of the controversy between Microsoft and its partners is the notion that the company is adding security features to Vista, and making changes in the overall design of its Windows platform, to promote its own interests in the security market and put its rivals at a disadvantage.

While Microsoft maintains that it has been open in communicating with its security partners and providing them with sufficient programming interfaces, Symantec and McAfee contend that the company is sitting on APIs and deliberately making it harder for them to design new products that will integrate with Vista.

Did Microsoft cave on Vista security? Click here to read more. In particular, representatives for the ISVs said that by making them wait for needed APIs, Microsoft has put them in a tough position for building products available at the time of Vistas introduction, which is slated for some time in November 2006.

To put the debate to rest, some industry analysts have suggested that Microsoft and its security partners should set a date to have all of their design disputes resolved in the name of helping customers prepare for Vista adoption.

At the same time that Microsoft has defended that PatchGuard is vitally important for protecting users against malware attacks, some security experts maintain that the system can already be circumvented by hackers. A security researcher associated with the Metasploit Project has already published an essay on the Uninformed.org Web site that proposes several different techniques that could be used to bypass PatchGuard.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel