Security Vendors Reject Microsofts Call for Innovation

While Microsoft maintains that its partners should look at the security work being done in its Vista OS as a starting point for future innovation, executives from Symantec and McAfee say the mandate rings hollow.

Microsoft contends that its partners should embrace the security features being added to its Vista operating system instead of complaining about them, but software makers including Symantec and McAfee said that the companys mandate for new product innovation only benefits its own interests.

At the crux of the dispute is Microsofts contention that controversial security features included in Vista, its next-generation Windows OS, have been added merely to provide an adequate "baseline" of protection for users.

Meanwhile, its oldest and largest security software partners, including Symantec and McAfee, said that the tools have been designed to put their products at a disadvantage and give favor to rival technologies made by Microsoft.

When presented with the security companies issues, Microsoft defends that it has taken the opportunity with Vista to blend much needed security protection into Windows, which has long been the primary target of virus writers and other hackers.

The features may make it harder for its partners to build new products that work with Vista, but the addition of security features is an evolutionary development demanded by users need for onboard OS protection, Microsoft leaders said.

Rather than protesting that its work has made new product development more difficult, Symantec and McAfee need to think of new ways to build their applications to build off of innovations offered in Vista, which is due out in November 2006, said Ben Fathi, corporate vice president of the Microsofts Security Technology Unit.

"What we havent heard is how those companies that are complaining will do that themselves, and raise the bar to improve their own products," said Fathi.

"Basically they are saying they have had this market and their products, and that they want all that to stay the same. Im sorry, but the world has moved on and we now have a more secure platform; thats the way the computing world works."

Pushed further, Fathi makes no secret of his belief that the security vendors are merely trying to defend revenue streams that may be threatened by the features added in Vista, which include the addition of anti-malware tools to fight spyware and phishing that have typically been provided by aftermarket companies such as Symantec and McAfee.

"Theyre asking us to ship a less secure operating system to keep the patients sick so they can keep serving up the medicine; but instead of doing that they need to innovate just like we have," Fathi said.

The dispute revolves specifically around Microsofts use of its PatchGuard and Windows Security Center features in Vista, both of which have already been offered by the software giant in other versions of its products, Fathi points out.

PatchGuard, which forbids Windows applications from accessing the Vista kernel in the 64-bit iteration of the OS, will keep security technologies such as behavior monitoring systems from working as well as they have in the past, when they have been allowed to touch the kernel, claim the security vendors.

Microsoft, based in Redmond, Wash., maintains that locking down the kernel is a necessity to fight malware such as rootkits, and that its own security technologies wont access the kernel either.

Windows Security Center—meant to help consumers ensure they have necessary software patches in place and keep their security applications updated, and maintain valid licenses for the programs—will block similar features offered in existing anti-virus packages from Symantec and McAfee, executives from those companies said.

/zimages/2/28571.gifClick here to read about Microsofts most recent security patches.

Microsoft contends that the tool, which includes links to those companies products, along with displaying their corporate logos, proves theyre not trying to use the system to steal customers away from its partners.

In both cases, the security vendors claim that Microsoft has failed to provide them with the programming interfaces that will help them integrate products with PatchGuard and Windows Security Center.

Microsoft maintains its partners have those tools, and that it has been more forthcoming than ever before in trying to help such ISVs built products that interoperate with a new OS.

Representatives from Symantec and McAfee said Fathis sentiments illustrate that Microsoft is attempting to steal some of their business, rather than allow them to integrate their products with Vista as closely as in earlier versions of Windows.

Microsoft may claim that its innovations are meant only to protect customers, but its lack of cooperation with its longtime partners has little to do with a need for product innovation, versus an appetite for new revenue sources of its own, Symantec and McAfee officials said.

Next Page: Both sides make good points.