McAfee Claims Foul on Vista Security Code

Microsoft last week said it is cooperating with anti-virus and security providers so that they can provide the same protection level as its own products, including OneCare Live. At least one big Microsoft partner and competitor, however, disputes those statements.

“Contrary to what it says publicly, Microsoft has not cooperated with the leading security providers,” Siobhan MacDermott, McAfee’s vice president of worldwide corporate communications, said in a statement. “To date, we have not had any cooperation from Microsoft and no response on McAfee's repeated requests to review the information.”

In a press briefing last Friday, Brad Smith, Microsoft senior vice president and general counsel announced that Windows Vista is on track to ship on schedule worldwide, beginning next month to corporate customers and in January for consumers.

Along with that, the company also said it was making changes in three key areas –- search features, the XML Paper Specification, and security -- to comply with requirements from the European Commission and South Korea.

High on the list, Microsoft said is providing a security API so that competing security vendors could bypass or disable certain Vista features including the Microsoft Security Center and a feature found only in the 64-bit editions of Vista called PatchGuard.

“With this new API, Windows Security Center will not send an alert to a computer user when there is an alternative security console installed on a PC, and when that security console is sending that same alert itself,” Smith added.

Originally introduced in the 64-bit editions of Windows Server 2003 Service Pack 1, and included in the x64 edition of XP Professional, PatchGuard blocks third-party software from modifying the Windows kernel, according to an article on Wikipedia. “This mitigates a common tactic used by rootkits to hide themselves from user-mode applications,” the article says.

The disagreements with partner-competitors generally devolve into a fight over who is allowed to write code that reaches into Vista’s kernel. For years, anti-virus and security vendors have had that capability. After spending the last five years trying to make Windows more secure in the face of scathing criticism all around, however, Microsoft maintains that, with Vista, nobody should be able to do that except via an API.

Not surprisingly, McAfee and others strongly disagree. (Perhaps a little ironically, those same firms were also among those criticizing Windows’ security problems.)

However, McAfee, for one, argues that being able to patch directly into the kernel enables them to get fixes out to users in the shortest time. Especially since information can be slow in coming from Microsoft, as McAfee claims was the case this week.

“We did receive a document from Microsoft on Monday that contained the [software developers kit] for Windows Security Center only . . . In fact, we have not received anything at all from Microsoft concerning PatchGuard,” MacDermott said. “From McAfee's perspective, it is not at all acceptable for Microsoft to wait until a service pack and not offer us kernel access until after the launch of Vista.”

About the Author

Stuart J. Johnston has covered technology, especially Microsoft, since February 1988 for InfoWorld, Computerworld, Information Week, and PC World, as well as for Enterprise Developer, XML & Web Services,, and .NET magazines. Contact him at [email protected].