Computerworld

Symantec goes on the attack over Vista security

Microsoft 'leveraging monopolistic position', Symantec says

When Windows Vista ships next year, customers might have a tougher time getting their security software to work properly, executives from Symantec say.

At issue are two new features being introduced with Vista: an enhanced Windows Security Centre as well as a feature in the 64-bit version of Vista called PatchGuard. Microsoft says it is adding these features to lock down the operating system, but Symantec believes they will harm customers by making it harder for them to use third-party software.

“There’s no question that they’re leveraging a monopolistic position [so as] to limit customer choice,” says Chris Paden, a Symantec spokesman.

While Symantec has accused Microsoft of being more difficult to work with on Vista than with previous operating system introductions, it has stopped short of accusing Microsoft of antitrust violations. “It’s not anti-competitive behaviour, because Vista hasn’t even hit the market yet, “ Paden says.

Security vendors like Symantec are in a state of heightened sensitivity these days as they’ve begun to compete with Microsoft head-on, and the spectre of further antitrust actions looms over Microsoft’s every move in the security space. Last week the European Union’s spokesman on competition, Jonathan Todd, warned that the market could be threatened if Microsoft doesn’t allow security vendors a fair chance of competing.

Symantec and other security vendors dislike PatchGuard because it prevents them from accessing the Windows kernel. They say it will stop them from delivering important features like Symantec’s “anti-tampering” technology, which prevents malicious programs from modifying Symantec’s own software.

PatchGuard will also make it more difficult for security vendors to protect against malicious software that takes advantage of kernel-level bugs, says Eric Sites, vice president of research and development with Sunbelt Software.

“There are a lot of new exploits coming out that exploit kernel-level drivers,” he says. “If we’re able to get into the kernel, we can watch for things like that, but with what Microsoft is doing we can’t do that.”

Microsoft declined to be interviewed for this article, but in an interview with IDG News last week a Microsoft executive said that PatchGuard was simply an effort to prevent the kernel from being misused.

“We think that there’s a significant amount of confusion around... certain security features in the product that we think raise the foundation,” says Stephen Toulouse a senior product manager in the Security Technology Unit. “What we’re doing is walling off the kernel from attackers, because the functionality that is currently there was never meant to be used by anybody — by software vendors or attackers.”

But PatchGuard is enabled only in the 64-bit version of Windows. Because there are few 64-bit applications written for Vista, most of Vista’s initial users are expected to run the operating system in 32-bit mode, and their security software will still be able to access the kernel.

A more immediate issue for Symantec is that many Vista users will find that both the Windows Security Centre and Symantec warnings will pop up simultaneously.

This doesn’t happen with Windows XP because Symantec’s software is able to automatically disable the Windows warnings, but with Vista, users will have to turn off the Security Centre themselves.

This will make things unnecessarily complicated for many customers, says Rowan Trollope, Symantec’s vice president of consumer engineering. “Most users can’t figure out how to do that,” he says.

With two warnings popping up, each with different wording, users will be confused at best, and may simply begin ignoring security warnings altogether, says Sites.

Some observers have speculated that Symantec may press the EU for action against Microsoft in this matter, but Trollope and Paden wouldn’t say what Symantec planned to do to address these problems.

“We’re looking at all the possibilities now,” says Trollope, “And none of them are good for customers.”