Microsoft may have agreed to provide security vendors with additional software interfaces for its next-generation Vista operating system, but analysts maintain that any delay on the part of the software giant to distribute the code, or to repair its damaged relationship with partners, could lead to future headaches.
The Redmond, Wash.-based software maker promised to hand over new APIs to its partners on Oct. 16 in a move to quell concerns expressed publicly by major security companies, and the European Union, over two features being included in Vista.
Microsoft specifically agreed to provide its partners with the ability to disable its Windows Security Center dashboard, and to offer new methods for companies to interact with its PatchGuard kernel protection technology, to help put issues regarding the features to rest.
However, despite Microsofts move to address the concerns raised with Vistas security features, industry analysts and spokespeople for the companys largest security partners said that the software giants ability to follow through on its promises, and the speed with which it distributes the APIs, will ultimately decide whether the controversy continues.
If Microsoft does not give its partners everything it has guaranteed, and do so quickly enough to allow security software makers to build their own applications for Vista, which is slated to arrive on the market in November 2006, analysts contend the companys problems will not go away.
Microsofts partners have been asking for the APIs for as long as two years, despite the software giants contention that it was only recently asked for the code by its partners, said John Pescatore, analyst with Stamford, Conn.-based Gartner.
If the company takes as long to produce the right tools to allow for new levels of product integration, he said, more complaints will likely be heard from the security market, and also from Microsofts customers.
“The market will need to see that these problems have been resolved within less than a year, by roughly the second half of 2007, because if Microsoft and the security vendors are still at an impasse at that point it will be too late to do anything for customers,” Pescatore said.
“If that happens, the EU and others will likely re-evaluate what they want to do, and customers will be upset if future security improvements to Vista, and other companies security applications, are further delayed by any lingering controversy.”
Pescatore is calling for Microsoft and its security partners to establish a firm date by which to resolve all of their concerns over interoperability with Vista, allowing customers to plan ahead accordingly for their own timetables in adopting the OS.
And despite Microsofts recent move to appease its partners concerns, the analyst said he remains unconvinced that the situation will be remedied.
Time Frames
If the existing problems are not solved within a relatively short time frame, it will be based on competitive issues emerging between the players involved as Microsoft pushes into the security market, and not related to technological issues, he said.
“The odds that all these companies will be able to play nicely together are not that high, based on what weve seen to this point,” said Pescatore.
“Solutions can be reached that meet [customers] needs; if not, it wont be because of technical issues, but competitive forces, and both camps could be guilty of dragging their feet to make it seem as if the other is causing the delays.”
According to Symantec officials, the company has already received the APIs that Microsoft claims will allow it to disable Windows Security Center, which was designed to help users keep desktop security tools up-to-date.
However, the company has not been given any time frame for receiving the PatchGuard-related programming tools, leaving the vendor uncertain about Microsofts intention to do so.
PatchGuard has become controversial because it blocks security applications from accessing Vistas software kernel. Without the ability to do so, say major vendors including Symantec and McAfee, cutting-edge intrusion detection and behavior monitoring technologies cannot operate properly.
“We havent seen anything yet, we havent heard from Microsoft and have been given no timetable for the PatchGuard API,” said Chris Paden, a spokesperson for Cupertino, Calif.-based Symantec.
“Its a step in the right direction for Microsoft to be committed publicly to helping us, but what the industry wants to know is when well receive these APIs; if theyre serious about doing so, given the timetable of Vistas release, we need that information pretty quickly.”
What concerns Symantec most is its belief that Microsoft has had the APIs for disabling Windows Security Center in its hands for some time, based on the fact that it already allows the feature to be turned off by programs that integrate with its existing Windows XP software.
Microsoft only handed over the APIs after Symantec had been requesting them for two years, Paden said, and following a similar schedule for the PatchGuard tools would leave his company in a lurch.
“With Windows Security Center, weve always known theyve had those APIs because it can be disabled right now in XP,” Paden said.
“So, to have only received those APIs now, after asking for them for two years, begs the question, what do they already have for PatchGaurd and when will they share it?”
“Were very concerned about having a realistic timeframe for our own product development,” he said. “Right now all theyve done is announced something, which doesnt really help us at all.”
Microsoft maintains that it never held back the APIs for Windows Security Center, and that it has no plans to do so for PatchGuard.
According to Stephen Toulouse, security program manager with Redmond, Wash.-based Microsofts security response center, partners such as Symantec may be using the issue of timing to discredit the work the company has already done to allay concerns with its partners, such as allowing them to shut off Windows Security Center, and another Vista security feature known as Windows Defender.
As Microsoft has defended throughout the storm of criticism leveled at it over Vistas security measures, the company has been more open and willing to work with its ISV partners than during the development of any previous version of Windows, he said.
“Were not delaying this process, sitting on APIs makes no sense, we only just came up with them as a result of feedback weve received in recent weeks from our partners,” Toulouse said.
“Windows Security Center is already on the market, and we havent been hearing these concerns for two years; theres been a variety of feedback, in regards to these specific concerns, theyve only been brought up recently, thus our addressing those concerns with the new APIs.”
Toulouse said that Microsoft believes that when distributed, all of its new APIs will solve the issues raised by its partners and the EU, but he said the company must be given a fair chance to respond.
“We do we think it will quell concerns; the ISVs have given us feedback, and weve responded, our intent to is to allow them to build great products and allow our customers to choose whatever products they want,” he said.
“But people also need to remember that [Vista] is not done yet, and that this is all part of the process of software development; even if people give us feedback, we cant take action immediately, sometimes it takes a little time.”