Security Strategy, Plan, Budget

McAfee takes shot at Vista security policies

Executives with McAfee today warned the public that Microsoft is putting consumers and business at risk with a change in the way it is handling relations with the security community for its upcoming Vista release.

Key higher-ups with security-firm McAfee are campaigning all this week about the issue, kicking the crusade off with an open letter contained within a full-page ad in the Financial Times that clearly states the company's beefs with Microsoft's Vista operating system and Microsoft policies.

At issue are two key points. First, is the fact that Microsoft has changed its years-long policy to allow security companies access to operating system kernel code in order to better design software that protects operating system users. Second is the Windows Security Center, which is embedded in Vista and extremely difficult for users to turn off.

"It just presents a lot of problems and confusion and conflict for the user," said George Heron, McAfee's chief scientist for the Security Center.

Microsoft blocked access to kernel code with a new feature the company has called PatchGuard, which ostensibly protects the kernel from being patched or rewritten by an external source such as a rootkit. Microsoft has not allowed security vendors under the hood of this new feature and the kernel it protects, a stance which McAfee has taken issue with.

"Security players such as McAfee are not able to get into and monitor the kernel and provide good security down at the low end of the operating system as we have been doing for years and years and years," Heron said. "Because we are not able to do that, that's going to provide a much less safe security solution for the users."

McAfee is not alone in their aggravation regarding kernel access, said George Samenuk, McAfee's chief executive officer.

"We've talked to a number of security companies and they share the same frustrations," he said.

In fact, McAfee's fiercest competitor, Symantec, stepped out publicly against PatchGuard last week. One of the company's key executives claimed then that PatchGuard is simply a veiled attempt for Microsoft to stifle third-party security vendors in order to pave the way for its own security products.

"Microsoft is using their dominant position to regulate what security can be provided on their system and how that security is provided," Symantec's vice president for consumer engineering, Rowan Trollope, told the Associated Press. "Microsoft has regulated what choices are there: 'You're going to have our stuff no matter what.'"

Heron said that enterprises should be especially concerned about Microsoft's closed-door policy regarding kernel code.

"In the enterprise scenario, PatchGuard ultimately prevents us from getting deep into the core of the operating system," Heron says. "By not being able to monitor some of the data in the critical memory areas and the operation of that core we're not able to detect a certain class of malware that Microsoft is frankly not able to do now."

Click here to email Ericka Chickowski.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.