Patch/Configuration Management, Vulnerability Management

Sophos, eEye favor Microsoft’s PatchGuard

While the largest IT security vendors continue to attack Microsoft for the new kernel patch protection in its Vista operating system, many of their competitors are coming forward to defend the software giant.

Both Symantec and McAfee have been vociferous about their objections to being locked out of the kernel code in Microsoft's 64-bit version of Vista through its new PatchGuard feature.

Microsoft says the feature is designed to protect against rootkit, but Symantec and McAfee argue it is the Redmond, Wash.-company's way of putting up a roadblock for security vendors as it prepares to compete in the market with its new Windows Live OneCare service.

Microsoft said last week that it will open up a limited amount of kernel code to competitors.

Now other IT security vendors are coming out of the woodwork to lash out against the two security market leaders for sensationalism and laziness. In a prepared statement to the press, a Sophos executive today said that McAfee and Symantec's inability to create protection in concert with PatchGuard is not Microsoft's fault, but their own.

"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with 64-bit Vista in mind," said Richard Jacobs, Sophos CTO, who emphasized that some companies like his own are still able to protect consumers with the new limitations.

Microsoft executives hope that many more security companies are in line with Sophos. According to Scott Charney, vice president of Trustworthy Computing for Microsoft, the addition of PatchGuard is simply a shift to adapt to a changing threat landscape. While it might create some pain points in the short run, he said it is in the users' best interests to make that shift now.

"Do you leave it open and leave the world at risk or do you make one of these fundamental shifts in security, recognizing that there will be some backwards compatibility issues and that the ecosystem will have to adjust?" said Charney. "It seems to me that just leaving everyone at risk isn't the answer. At the end of the day, we have a fundamental choice and it doesn't seem (Symantec and McAfee) are thinking about how the security model has to change to reflect the threat models."

Even those from security vendors that frequently criticize Microsoft are coming to the company's defense on this topic. In an interview with SC Magazine, Ross Brown, CEO for eEye Digital Security — a company that often hammers Microsoft during zero-day incidents — said that Redmond is simply delivering extra value with PatchGuard. He believes that McAfee and Symantec not only need to learn to deal with the new system that Microsoft is delivering, but that their old methods of protection were never delivered the right way in the first place.

"They cheated with their anti-virus because they used kernel hooking," Brown said. "That's not the way to do it. They have to go wide and figure out how to add value, not sit around and complain about antitrust implications."

Click here to email Ericka Chickowski.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.