Security Vendors Reject Microsoft's Call for InnovationBy Matt Hines | Posted 2006-10-06 Email Print
WEBINAR: Event Date: Tues, December 5, 2017 at 1:00 p.m. ET/10:00 a.m. PT
How Real-World Numbers Make the Case for SSDs in the Data Center REGISTER >
While Microsoft maintains that its partners should look at the security work being done in its Vista OS as a starting point for future innovation, executives from Symantec and McAfee say the mandate rings hollow.
Microsoft contends that its partners should embrace the security features being added to its Vista operating system instead of complaining about them, but software makers including Symantec and McAfee said that the company's mandate for new product innovation only benefits its own interests.
At the crux of the dispute is Microsoft's contention that controversial security features included in Vista, its next-generation Windows OS, have been added merely to provide an adequate "baseline" of protection for users.
Meanwhile, its oldest and largest security software partners, including Symantec and McAfee, said that the tools have been designed to put their products at a disadvantage and give favor to rival technologies made by Microsoft.
When presented with the security companies' issues, Microsoft defends that it has taken the opportunity with Vista to blend much needed security protection into Windows, which has long been the primary target of virus writers and other hackers.
The features may make it harder for its partners to build new products that work with Vista, but the addition of security features is an evolutionary development demanded by users' need for onboard OS protection, Microsoft leaders said.
Rather than protesting that its work has made new product development more difficult, Symantec and McAfee need to think of new ways to build their applications to build off of innovations offered in Vista, which is due out in November 2006, said Ben Fathi, corporate vice president of the Microsoft's Security Technology Unit.
"What we haven't heard is how those companies that are complaining will do that themselves, and raise the bar to improve their own products," said Fathi.
"Basically they are saying they have had this market and their products, and that they want all that to stay the same. I'm sorry, but the world has moved on and we now have a more secure platform; that's the way the computing world works."
Pushed further, Fathi makes no secret of his belief that the security vendors are merely trying to defend revenue streams that may be threatened by the features added in Vista, which include the addition of anti-malware tools to fight spyware and phishing that have typically been provided by aftermarket companies such as Symantec and McAfee.
"They're asking us to ship a less secure operating system to keep the patients sick so they can keep serving up the medicine; but instead of doing that they need to innovate just like we have," Fathi said.
The dispute revolves specifically around Microsoft's use of its PatchGuard and Windows Security Center features in Vista, both of which have already been offered by the software giant in other versions of its products, Fathi points out.
PatchGuard, which forbids Windows applications from accessing the Vista kernel in the 64-bit iteration of the OS, will keep security technologies such as behavior monitoring systems from working as well as they have in the past, when they have been allowed to touch the kernel, claim the security vendors.
Microsoft, based in Redmond, Wash., maintains that locking down the kernel is a necessity to fight malware such as rootkits, and that its own security technologies won't access the kernel either.
Windows Security Centermeant to help consumers ensure they have necessary software patches in place and keep their security applications updated, and maintain valid licenses for the programswill block similar features offered in existing anti-virus packages from Symantec and McAfee, executives from those companies said.
Microsoft contends that the tool, which includes links to those companies' products, along with displaying their corporate logos, proves they're not trying to use the system to steal customers away from its partners.
In both cases, the security vendors claim that Microsoft has failed to provide them with the programming interfaces that will help them integrate products with PatchGuard and Windows Security Center.
Microsoft maintains its partners have those tools, and that it has been more forthcoming than ever before in trying to help such ISVs built products that interoperate with a new OS.
Representatives from Symantec and McAfee said Fathi's sentiments illustrate that Microsoft is attempting to steal some of their business, rather than allow them to integrate their products with Vista as closely as in earlier versions of Windows.
Microsoft may claim that its innovations are meant only to protect customers, but its lack of cooperation with its longtime partners has little to do with a need for product innovation, versus an appetite for new revenue sources of its own, Symantec and McAfee officials said.
Next Page: Both sides make good points.
"On the issue of innovation, were basically saying the same thing, but in the other direction," said Sarah Hicks, vice president of consumer product management at Symantec, based in Cupertino, Calif.
"When we talk about PatchGuard, third-party software companies are at a disadvantage when it comes to innovating because it's like a lock box [denying kernel access]. But yet its already been hacked, and the only way to fix PatchGuard is to patch it, which is the old way to secure software."
Hicks said that in effect, by taking Symantec's ability to monitor the kernel for virus behavior away, it is setting the security software industry back, and making it easier for hackers to attack the new OS.
Behavior monitoring technologies that use kernel monitoring to fight virus activity are the cutting edge in product innovation, while using security patches, as Microsoft has to update PatchGuard, is an outdated approach, she said.
Symantec would like to see Microsoft lower its restrictions on accessing the kernel to allow its technologies and those of other vendors to continue operating as they do today.
"We're not saying open it up to everyone; open it up in a certified way. Tell security vendors that they can build behaviorally-based technologies to help us protect the kernel," said Hicks.
"We're all for a better, more hardened OS, that's not the issue. We want them to let us do our job and innovate on the ways that we protect; don't take us back four years and tell us we can't play there because they're the only ones that can write the patches."
Industry analysts find strong points in both companies' arguments, but observe that the problem could be solved easily if Microsoft decides to relax its policies and allow trusted security vendors to circumvent PatchGuard specifically.
As many enterprises already employ host-based IPS (intrusion protection systems) that access the kernel, and Microsoft itself will retain some ability to manipulate the Vista kernel, there is a need for the warring parties to find common ground, said John Pescatore, analyst with Gartner, based in Stamford, Conn.
"Microsoft will still be able to modify the kernel as part of its Windows update process, so they're not really saying it never needs to be modified, they will need to do so and will have a mechanism to do that," Pescatore said.
"Locking down the kernel is a badly needed technology that should have been done years ago, but the issue there is still a need to allow good programs to hook into the kernel too."
Pescatore said that by not allowing kernel access right away, Microsoft will likely be forced to offer it in service pack updates to Vista. It will then need to ensure that whatever methods it provides to security companies to do so can't be used as a method of attack by hackers, which would defeat the purpose of the system in the first place.
As much as the software giant maintains it will not allow PatchGuard exceptions at any point, Microsoft may need to change its tune to keep enterprise customers happy, he said.
Another issue to consider is Microsoft's leap into the security segment with other standalone products, although the company has not launched products that would compete directly with IPS systems, or other behavior-based technologies.
Based on its monopoly status in the operating system sector, the company must be doubly careful to appear that it is not trying to negatively affect competition in that market via its work in Vista, according to Pescatore.
The analyst added that enterprises should have the choice to say they don't want anything modifying the kernel or that they want to allow it, and that PatchGuard could be made into a systems administrator-level choice for enterprise PCs and servers.
"If Microsoft didn't sell any security products, everyone would think they did a great thing with PatchGuard, and that there's no bigger story, but since they're selling products and only they can touch the kernel, that's not a level playing field," he said.
"At the end of the day, Microsoft isn't doing anything to give its existing security products an advantage, but they are changing the game for the other players. They are removing some choice, especially where many enterprises will feel they do want to use host-based IPS."
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.