Microsoft hands Vista code to security vendors
Complaints over Security Center console bear fruit
IDG News Service - Microsoft has taken the first step toward addressing complaints made by security vendors Symantec Corp. and McAfee Inc., which had feared that the software giant's upcoming Vista operating system would harm their customers.
On Monday, Microsoft released API (application programming interface) code that will allow security vendors to disable the Security Center management console that will ship with Vista. Symantec and McAfee had complained that without the ability to disable this software, Vista users who had purchased their products would receive duplicate and confusing security messages.
The APIs are being released via several of Microsoft's security partner programs, including the SecureIT Alliance and the Microsoft Security Response Alliance, said Adrien Robinson, a director with Microsoft's Security Technology Unit.
Symantec had brought this and other complaints to the European press recently and was clearly hoping to pressure the European Commission into forcing Microsoft into changes.
On Friday, Microsoft announced that it would make the changes that McAfee and Symantec had been seeking. Monday's API release is the first step in this direction.
However, it appears that it may be as long as a year before Microsoft addresses a second concern, relating to a technology called PatchGuard that Symantec and McAfee say will make their products less secure on some Windows systems.
PatchGuard is designed to prevent software from accessing the core of the Windows operating system, called the kernel.
Although PatchGuard is not used by Vista when it is running in 32-bit mode, it will lock many types of software, including Symantec's, out of the kernel on 64-bit versions of the operating system. The security vendors wanted Microsoft to give them some way to access the 64-bit kernel, saying that this high-level access was required in order to activate critical security features.
Most Vista users are expected to run Vista in 32-bit mode when it first ships, but the 64-bit version is expected to eventually become more widely adopted because its ability to process data in larger, 64-bit chunks will give it a performance edge.
Microsoft has now pledged to create new APIs for Vista that will allow vendors like Symantec to get around PatchGuard.
Those APIs will be complex, however, and it will take time for them to be developed, Robinson said. Microsoft expects to roll out this functionality in the first major "service pack" update to Vista. No timeline has been set for Vista SP 1, but if history is a guide, it could be a year away. Microsoft rolled out its first service pack for Vista's predecessor, Windows XP, nearly one year after the software's introduction.
Robinson left open the possibility that the kernel APIs could also be released ahead of Vista SP 1. "If we can do something sooner, then we'd like to do that as well," she said.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts