Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking
    • PC Hardware

    McAfee Lauds Microsofts Vista SP1 Security Overhaul

    By
    Lisa Vaas
    -
    August 30, 2007
    Share
    Facebook
    Twitter
    Linkedin

      McAfee Lauds Microsofts

      Vista SP1 Security Overhaul “> Back in the fall of 2006, McAfee, Symantec and Check Point fumed as Microsoft Vistas Security Center hid their products where only sophisticated and dedicated customers could dig them out.

      Not only that, Microsoft in effect hid its x64 kernel as well, putting it beyond the reach of advanced security products.

      The issue was twofold: First, security vendors contended, there wasnt good communication between Vista interfaces and their existing security products, and second, security products couldnt effectively interface with the Vista kernel.

      Microsoft listened.

      Now that Microsoft has shared the Vista SP1 release timetable plus a few details about what it will be packing, McAfee, for one, is happy at last. (Check Point Software Technologies and Symantec, two other security vendors who vented at Microsoft over these issues last fall, did not respond to requests for comment by the time this article was posted.)

      “Microsoft had committed back at the turn of the year [2007] that they would indeed address both issues, and they have done the job,” said George Heron, McAfees vice president and chief of research. “We [have seen early] versions of the interfaces, and as far as McAfee is concerned, were totally pleased with the direction [in which Microsoft is] going.”

      Specifically regarding security, SP1 will include APIs through which third-party security and malicious software detection applications can work with kernel patch protection on Vista x64.

      Whats the matter with Vista? Here are 12 reasons why its struggling, and five ways to get it back on its feet.

      Also on the way is what Microsoft says will be a more secure way for Windows Security Center to communicate with third-party security software vendors.

      As David Zipkin, Windows client senior product manager, told eWEEKs Joe Wilcox, Microsoft is making changes because it agrees with the security software developers who complained that the “channel” for communicating between Security Center and their software wasnt secure enough.

      Microsofts solution: “Introduction of a more secure channel,” Zipkin told Wilcox. Two channels will operate “side by side” for several months, and then the older one “will just turn off,” he said.

      Heron told eWEEK that SP1 will also present a more level playing field for third-party security products, giving customers more choice as they try to figure out how to secure their systems.

      “So when its reported to the user that certain anti-spam technology is being used, its not biased reporting from Microsoft but accurately represents other technologies on systems, as well as giving users the ability to choose whatever technologies he or she desires,” Heron said.

      Over time, Heron said, Microsoft user interfaces are going to be backing up further and further to make security vendors technologies more evident to Vista users.

      Not that McAfees customers have been complaining of their experiences with Vista, but they have told the security vendor that theyd like to see McAfees products more evident in Vistas user interface, Heron said.

      “Now were at the point where Microsoft has taken the blanket off things and really is making it generally available and making the user experience better, and in the process our customers are able to take McAfee security software present on a system and be able to choose in a more straightforward manner” to use it, he said.

      Page 2: McAfee Lauds Microsofts Vista SP1 Security Overhaul

      Consumer Security Worries

      Of particular concern to security vendors are home users—those who arent savvy when it comes to figuring out what security options are on their systems nor about how to implement them.

      “If somebody wanted something besides what Microsoft [offered upfront], it was a little circuitous to get to it,” Heron said. “For the home user, it was hard to select McAfee if they wanted.”

      Eventually, Microsoft plans to ease Security Center into the background, Heron predicts, reducing its presence and allowing security vendors to have their technologies ever more upfront for users to select.

      The Vista kernel has been dogged by bad drivers. Read more here.

      But of even greater importance are improvements to kernel APIs. Last year at this time, this was part of the problem: Vistas PatchGuard kernel protection and other technologies were keeping security vendors from having their products work with the kernel.

      “PatchGuard would be a big road sign saying, Stop,” Heron said.

      To satisfy its critics, Microsoft over the last nine months has developed new kernel access APIs that allow security vendors to have greater visibility into the kernel and to provide self-protection for systems. Heron said he wasnt sure how much of this work will be evident in SP1, but at least some improvement to kernel API access is in fact coming in the service pack, he said.

      How will this affect Vista users?

      For one, the same products used today on Windows XP—for example, McAfees host intrusion system—will once again be able to work on x64 Vista systems.

      “With SP1 technologies [Vista users] will be able to use, for the most part, all McAfee security technologies,” Heron said.

      McAfee is, in fact, “very pleased” with the way Microsoft has been listening to security industry players, Heron said. “Weve been right upfront with them and given them our perspective on how to do security best in class,” he said.

      That, in fact, is quite a turnaround, given the way Microsoft initially alienated those in the security industry. Heron said hed rather call it an “evolution.”

      “As Microsoft gets smarter and smarter in the areas of operating system security, theyre using wisdom and advice” from those whove been in the industry long term, he said. “Its always a good idea to listen to the wisdom of others,” he said.

      Other security goodies to come in Vista SP1, as quoted from Microsofts white paper on the upcoming release:

      • SP1 will improve the security of running RemoteApp programs and desktops by allowing RDP (Remote Desktop Protocol) files to be signed. Customers can differentiate user experiences based on publisher identity.

      • Adds an Elliptical Curve Cryptography PRNG (pseudo-random number generator) to the list of available PRNGs in Windows Vista.

      • Enhances BitLocker Drive Encryption to offer an additional multifactor authentication method that combines a key protected by the Trusted Platform Module with a Startup key stored on a USB storage device and a user-generated PIN (personal identification number).

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Lisa Vaas
      Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×