Microsofts Fathi Responds to Vista Security Concerns
Email
Print
Q&A: The company's top security guru responds to complaints from EU regulators and several longtime ISV partners, including anti-virus market leaders Symantec and McAfee, over Microsoft's push into the security space.
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
Internally, our Windows Live OneCare security teams dont work any more closely [with] the Windows team than any other ISV teams. We have had representatives from every major Windows ISV in our buildings and they have same access that our own developers have to security experts on our team.
Right now were working with partners to get solutions to market in the next several weeks that will provide anti-virus protection for Vista supported on the current Release Client 1 version of the software.
Through all that work, it sounds like you feel that Microsoft has actually gone above and beyond the needs of its security developer partners in getting ready for Vista.
Yes, and its not just about security. We have companies including CA, Citrix and Qwest Software all working closely with us, and dozens of other partners. Some security vendors have said they didnt have the APIs they need to build their products, and thats simply not the case.
In fact, we set an e-mail out to all the members of the SecureIT Alliance in mid-September based on the feedback wed been getting from customers and partners, including those companies currently doing the complaining, to help meet their requests. Some of our partners told us that they wanted a programmatic way to disable the Windows Defender security application, and we added that in the RC1 release of Vista. We feel that weve been very responsive to their needs.
Click here to read more about antitrust concerns over Microsofts Vista security moves.
Based on all those efforts, does it surprise you that were now hearing these complaints that seem to accuse Microsoft of unfairly restricting access to Vista, and the kernel specifically?
Actually, its not a surprise. We have been talking to these companies about these issues for close to two years. The [thing that is] not coming across from their end is that features such as Windows Security Center and PatchGuard are not new in Vista. PatchGuard has already been shipping for two years on the 64-bit version of Windows XP and Windows 2000 Version 3.
Id really like people to think about the motives of these companies that are only now making a big fuss over something thats already being shipped to customers. We put these features in the products because customers asked us to secure the platform. Weve been working very hard to improve the security of all our products, and to provide a baseline of security within the platform, and making it an open platform for all companies to develop their products on.
So what is these companies motive when they say that were blocking them from competing with our technology? I fundamentally believe that we cannot do this work all alone, but we can build all the security technologies for the OS. These guys need to improve their products and solutions and we need to work with them to do that. Theyre asking us to ship a less secure operating system to keep the patients sick so they can keep serving up the medicine; but instead of doing that they need to innovate just like we have.
What about the general public? What are you hearing from users about all of this?
Were hearing a lot of good things. If you look at the [online message boards], whether people are generally pro-Microsoft or anti-Microsoft, their comments about Microsofts work to improve security in its products are very positive. These users are applauding us and truly want us to improve security in Windows. And thats what weve done.
Weve provided a safety net to ensure that our customers have adequate security, even if they dont choose to install third-party solutions; but we also recognize there are plenty of users who do want to use those tools and were supporting that as well.
Do you think its unfair that people are already speaking in terms of antitrust efforts based on the security work being done in Vista? Does Microsofts status in the operating system market put it in a impossible position in terms of moving further into new markets like security?
Its a hard position that weve been put in, but if you look at our prior efforts, we always have to choose the customer first. We must provide a baseline of security to the customer first, but that still leaves plenty of space for security partners to innovate.
What we havent heard is how those companies that are complaining will do that themselves, and raise bar to improve their own products. Basically they are saying they have had this market and their products, and that they want all that to stay the same. Im sorry, but the world has moved on and we now have a more secure platform; thats the way the computing world works.
Check out eWEEK.coms for Microsoft and Windows news, views and analysis. 
