Relations between Microsoft and the large security vendors deteriorated late last week, when the software giant accused McAfee of making misleading claims over its Vista operating system.
In a statement, Microsoft said McAfee was wrong to claim the software giant was failing to deliver on recent promises to work with the security industry.
"It's unfortunate that McAfee's lawyers are making these kinds of inaccurate and inflammatory statements," said Ben Fathi, corporate vice president of Microsoft's security technology unit.
Fathi was responding to comments made by Christopher Thomas, a partner at legal firm Lovells which is being employed by McAfee.
"Despite pledges, press conference and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week," said Thomas.
"We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week," Thomas added.
Thomas was referring to Microsoft's recent commitment to give security software makers technology to access the kernel of 64-bit versions of Vista for security-monitoring purposes, and allow them to disable certain parts of the Windows Security Center in Vista.Both McAfee and Symantec have claimed that Microsoft was endangering user security by blocking their access to Vista. Microsoft, though, argued that they were just concerned about losing market share to smaller rivals.
Technical discussions over access to the Vista kernel also got off to a bad start last Thursday. The first online conference between Microsoft and the security firms was a damp squib, with many vendors unable to join the discussion. Microsoft senior product manager, Stephen Toulouse, later admitted that participants were sent the wrong link.
"People joining using the link resulted in basically the first attempt at the meeting folding and we had to scramble to set it up again," admitted Toulouse in a blog posting.
The increasingly bitter dispute over Vista security may deter some users from upgrading. Analyst firm Gartner has recommended that companies who run some host intrusion-prevention systems (HIPS) should hold off from moving to 64-bit Vista for several years.
McAfee and Symantec's rivals, though, have little sympathy. Sophos claimed on Monday that they were to blame for not giving enough thought to Vista when developing their products.
"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with high-spec Vista in mind," said Richard Jacobs, chief technical officer of Sophos.
"We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them. That's why we're ready for 64-bit Vista, and others aren't."
Talkback
"Why Access to the Kernel is Crucial"
It is crucial that readers understand the difference between McAfee and those companies that focus on anti-virus software alone. Single-product vendors, like Sophos, may well not have an issue with Microsoft. However, for an innovative security risk management vendor like McAfee, that offers its customers comprehensive security protection, full and unfettered access to the kernel is vital if we are to protect users as they are currently protected with XP.
For years, independent security developers have partnered with Microsoft to ensure that customers have the safest computing environment. However, all that seems to have changed with Vista, because Microsoft is denying computer security companies access to Vista's underlying technology. Microsoft's flawed logic will only result in making computers more vulnerable to viruses and other attacks because we will not able to get into and monitor the kernel, which allows us to provide security at the operating system level.
To protect customers from the bad guys, you don't lock out the good guys. Internet security is everyone's business, and we hope that Microsoft will return to the collaborative approach that has served customers well in the past.
Given M$'s record on security, this is not a wise choice to make.
However isn't it Microsoft's OS? Doesn't that mean Microsoft can do what the hell they like with it, when they want how they want and if they want? Thusly you have no grounds for crying and complaining when MS change something? When you realise this you go crying to mummy down at the courts. However mummy is a bit stupid and blindly believes baby's story.
The sooner you guys quit the tears and move the linux the better!