Microsoft hands Vista code to security vendors
Complaints over Security Center console bear fruit
IDG News Service - Microsoft has taken the first step toward addressing complaints made by security vendors Symantec Corp. and McAfee Inc., which had feared that the software giant's upcoming Vista operating system would harm their customers.
On Monday, Microsoft released API (application programming interface) code that will allow security vendors to disable the Security Center management console that will ship with Vista. Symantec and McAfee had complained that without the ability to disable this software, Vista users who had purchased their products would receive duplicate and confusing security messages.
The APIs are being released via several of Microsoft's security partner programs, including the SecureIT Alliance and the Microsoft Security Response Alliance, said Adrien Robinson, a director with Microsoft's Security Technology Unit.
Symantec had brought this and other complaints to the European press recently and was clearly hoping to pressure the European Commission into forcing Microsoft into changes.
On Friday, Microsoft announced that it would make the changes that McAfee and Symantec had been seeking. Monday's API release is the first step in this direction.
However, it appears that it may be as long as a year before Microsoft addresses a second concern, relating to a technology called PatchGuard that Symantec and McAfee say will make their products less secure on some Windows systems.
PatchGuard is designed to prevent software from accessing the core of the Windows operating system, called the kernel.
Although PatchGuard is not used by Vista when it is running in 32-bit mode, it will lock many types of software, including Symantec's, out of the kernel on 64-bit versions of the operating system. The security vendors wanted Microsoft to give them some way to access the 64-bit kernel, saying that this high-level access was required in order to activate critical security features.
Most Vista users are expected to run Vista in 32-bit mode when it first ships, but the 64-bit version is expected to eventually become more widely adopted because its ability to process data in larger, 64-bit chunks will give it a performance edge.
Microsoft has now pledged to create new APIs for Vista that will allow vendors like Symantec to get around PatchGuard.
Those APIs will be complex, however, and it will take time for them to be developed, Robinson said. Microsoft expects to roll out this functionality in the first major "service pack" update to Vista. No timeline has been set for Vista SP 1, but if history is a guide, it could be a year away. Microsoft rolled out its first service pack for Vista's predecessor, Windows XP, nearly one year after the software's introduction.
Robinson left open the possibility that the kernel APIs could also be released ahead of Vista SP 1. "If we can do something sooner, then we'd like to do that as well," she said.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts