Time Frames

By Matt Hines  |  Posted 2006-10-17 Print this article Print

If the existing problems are not solved within a relatively short time frame, it will be based on competitive issues emerging between the players involved as Microsoft pushes into the security market, and not related to technological issues, he said.

"The odds that all these companies will be able to play nicely together are not that high, based on what weve seen to this point," said Pescatore.
"Solutions can be reached that meet [customers] needs; if not, it wont be because of technical issues, but competitive forces, and both camps could be guilty of dragging their feet to make it seem as if the other is causing the delays."

According to Symantec officials, the company has already received the APIs that Microsoft claims will allow it to disable Windows Security Center, which was designed to help users keep desktop security tools up-to-date. However, the company has not been given any time frame for receiving the PatchGuard-related programming tools, leaving the vendor uncertain about Microsofts intention to do so.

PatchGuard has become controversial because it blocks security applications from accessing Vistas software kernel. Without the ability to do so, say major vendors including Symantec and McAfee, cutting-edge intrusion detection and behavior monitoring technologies cannot operate properly.

Click here to read more about Vistas PatchGuard. "We havent seen anything yet, we havent heard from Microsoft and have been given no timetable for the PatchGuard API," said Chris Paden, a spokesperson for Cupertino, Calif.-based Symantec. "Its a step in the right direction for Microsoft to be committed publicly to helping us, but what the industry wants to know is when well receive these APIs; if theyre serious about doing so, given the timetable of Vistas release, we need that information pretty quickly."

What concerns Symantec most is its belief that Microsoft has had the APIs for disabling Windows Security Center in its hands for some time, based on the fact that it already allows the feature to be turned off by programs that integrate with its existing Windows XP software. Microsoft only handed over the APIs after Symantec had been requesting them for two years, Paden said, and following a similar schedule for the PatchGuard tools would leave his company in a lurch.

"With Windows Security Center, weve always known theyve had those APIs because it can be disabled right now in XP," Paden said. "So, to have only received those APIs now, after asking for them for two years, begs the question, what do they already have for PatchGaurd and when will they share it?"

"Were very concerned about having a realistic timeframe for our own product development," he said. "Right now all theyve done is announced something, which doesnt really help us at all."

Microsoft maintains that it never held back the APIs for Windows Security Center, and that it has no plans to do so for PatchGuard.

According to Stephen Toulouse, security program manager with Redmond, Wash.-based Microsofts security response center, partners such as Symantec may be using the issue of timing to discredit the work the company has already done to allay concerns with its partners, such as allowing them to shut off Windows Security Center, and another Vista security feature known as Windows Defender.

As Microsoft has defended throughout the storm of criticism leveled at it over Vistas security measures, the company has been more open and willing to work with its ISV partners than during the development of any previous version of Windows, he said.

"Were not delaying this process, sitting on APIs makes no sense, we only just came up with them as a result of feedback weve received in recent weeks from our partners," Toulouse said. "Windows Security Center is already on the market, and we havent been hearing these concerns for two years; theres been a variety of feedback, in regards to these specific concerns, theyve only been brought up recently, thus our addressing those concerns with the new APIs."

Toulouse said that Microsoft believes that when distributed, all of its new APIs will solve the issues raised by its partners and the EU, but he said the company must be given a fair chance to respond.

"We do we think it will quell concerns; the ISVs have given us feedback, and weve responded, our intent to is to allow them to build great products and allow our customers to choose whatever products they want," he said. "But people also need to remember that [Vista] is not done yet, and that this is all part of the process of software development; even if people give us feedback, we cant take action immediately, sometimes it takes a little time."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel