McAfee Lauds Microsofts
Vista SP1 Security Overhaul “> Back in the fall of 2006, McAfee, Symantec and Check Point fumed as Microsoft Vistas Security Center hid their products where only sophisticated and dedicated customers could dig them out.
Not only that, Microsoft in effect hid its x64 kernel as well, putting it beyond the reach of advanced security products.
The issue was twofold: First, security vendors contended, there wasnt good communication between Vista interfaces and their existing security products, and second, security products couldnt effectively interface with the Vista kernel.
Now that Microsoft has shared the Vista SP1 release timetable plus a few details about what it will be packing, McAfee, for one, is happy at last. (Check Point Software Technologies and Symantec, two other security vendors who vented at Microsoft over these issues last fall, did not respond to requests for comment by the time this article was posted.)
“Microsoft had committed back at the turn of the year  that they would indeed address both issues, and they have done the job,” said George Heron, McAfees vice president and chief of research. “We [have seen early] versions of the interfaces, and as far as McAfee is concerned, were totally pleased with the direction [in which Microsoft is] going.”
Specifically regarding security, SP1 will include APIs through which third-party security and malicious software detection applications can work with kernel patch protection on Vista x64.
Whats the matter with Vista? Here are 12 reasons why its struggling, and five ways to get it back on its feet.
Also on the way is what Microsoft says will be a more secure way for Windows Security Center to communicate with third-party security software vendors.
As David Zipkin, Windows client senior product manager, told eWEEKs Joe Wilcox, Microsoft is making changes because it agrees with the security software developers who complained that the “channel” for communicating between Security Center and their software wasnt secure enough.
Microsofts solution: “Introduction of a more secure channel,” Zipkin told Wilcox. Two channels will operate “side by side” for several months, and then the older one “will just turn off,” he said.
Heron told eWEEK that SP1 will also present a more level playing field for third-party security products, giving customers more choice as they try to figure out how to secure their systems.
“So when its reported to the user that certain anti-spam technology is being used, its not biased reporting from Microsoft but accurately represents other technologies on systems, as well as giving users the ability to choose whatever technologies he or she desires,” Heron said.
Over time, Heron said, Microsoft user interfaces are going to be backing up further and further to make security vendors technologies more evident to Vista users.
Not that McAfees customers have been complaining of their experiences with Vista, but they have told the security vendor that theyd like to see McAfees products more evident in Vistas user interface, Heron said.
“Now were at the point where Microsoft has taken the blanket off things and really is making it generally available and making the user experience better, and in the process our customers are able to take McAfee security software present on a system and be able to choose in a more straightforward manner” to use it, he said.
Page 2: McAfee Lauds Microsofts Vista SP1 Security Overhaul
Consumer Security Worries
Of particular concern to security vendors are home users—those who arent savvy when it comes to figuring out what security options are on their systems nor about how to implement them.
“If somebody wanted something besides what Microsoft [offered upfront], it was a little circuitous to get to it,” Heron said. “For the home user, it was hard to select McAfee if they wanted.”
Eventually, Microsoft plans to ease Security Center into the background, Heron predicts, reducing its presence and allowing security vendors to have their technologies ever more upfront for users to select.
The Vista kernel has been dogged by bad drivers. Read more here.
But of even greater importance are improvements to kernel APIs. Last year at this time, this was part of the problem: Vistas PatchGuard kernel protection and other technologies were keeping security vendors from having their products work with the kernel.
“PatchGuard would be a big road sign saying, Stop,” Heron said.
To satisfy its critics, Microsoft over the last nine months has developed new kernel access APIs that allow security vendors to have greater visibility into the kernel and to provide self-protection for systems. Heron said he wasnt sure how much of this work will be evident in SP1, but at least some improvement to kernel API access is in fact coming in the service pack, he said.
How will this affect Vista users?
For one, the same products used today on Windows XP—for example, McAfees host intrusion system—will once again be able to work on x64 Vista systems.
“With SP1 technologies [Vista users] will be able to use, for the most part, all McAfee security technologies,” Heron said.
McAfee is, in fact, “very pleased” with the way Microsoft has been listening to security industry players, Heron said. “Weve been right upfront with them and given them our perspective on how to do security best in class,” he said.
That, in fact, is quite a turnaround, given the way Microsoft initially alienated those in the security industry. Heron said hed rather call it an “evolution.”
“As Microsoft gets smarter and smarter in the areas of operating system security, theyre using wisdom and advice” from those whove been in the industry long term, he said. “Its always a good idea to listen to the wisdom of others,” he said.
Other security goodies to come in Vista SP1, as quoted from Microsofts white paper on the upcoming release:
• SP1 will improve the security of running RemoteApp programs and desktops by allowing RDP (Remote Desktop Protocol) files to be signed. Customers can differentiate user experiences based on publisher identity.
• Adds an Elliptical Curve Cryptography PRNG (pseudo-random number generator) to the list of available PRNGs in Windows Vista.
• Enhances BitLocker Drive Encryption to offer an additional multifactor authentication method that combines a key protected by the Trusted Platform Module with a Startup key stored on a USB storage device and a user-generated PIN (personal identification number).
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.