NEWS
Microsoft has announced it will give security software makers technology to access the kernel of 64-bit versions of Vista for security-monitoring purposes. But its security rivals remain as yet unconvinced.
Redmond also said it will make it possible for security companies to disable certain parts of the Windows Security Center in Vista when a third-party security console is installed.
Microsoft made both changes in response to antitrust concerns from the European Commission. Led by Symantec, the world's largest antivirus software maker, security companies had publicly criticised Microsoft over both Vista features and also talked to European competition officials about their gripes.
A Symantec spokesman said: "We have not seen anything yet. These are technical issues. Until we actually see the APIs, all we know is what they have said in the media. So far they have not done anything."
APIs, or application program interfaces, are the actual parts of Vista that Microsoft said it would make available, so security companies can access the Vista kernel and disable parts of Windows Security Center.
The spokesman said: "If it is true, then it would be a step in the right direction for giving customers the choice to use whatever solutions they would like."
The technology to suppress Windows Security Center alerts should be available next week but APIs related to kernel protection still need to be developed and may not be ready before Microsoft ships Vista to PC makers and CD factories, said Adrien Robinson, a director in Microsoft's Security Technology Unit.
Robinson said: "We do not want vendors... accessing the kernel through unmodified approaches or modifying the kernel. We will not allow them to go on the fly and modify the kernel, basically circumventing PatchGuard. We need to work with them on the right approaches to work with PatchGuard."
McAfee and Check Point Software Technologies, maker of ZoneAlarm security software, welcomed Microsoft's announcement but, like Symantec, reserved judgment.
A McAfee spokeswoman said: "We are encouraged by Microsoft's recognition that there is a problem. However, we do not have specific information on the nature of these changes, or their timing. As more information becomes available, we will study it carefully before forming a view on whether Microsoft's plans provide a reasonable basis for addressing these issues."
Timing is of the essence. Security providers, including Symantec and McAfee, want to have products available that work with Vista the moment it is released. The long-awaited successor to Windows XP is slated to be available to large business users next month and the general public in January.
The Symantec's spokesman said: "If the APIs exist, then Microsoft should make them available to the security industry immediately. We will have Vista-compatible solutions when the operating system is finally available for consumers. Last we heard, that was going to be January; therefore, we need these APIs yesterday."
Joris Evers writes for CNET News.com
Comments
There are 2 comments. Join the discussion
1. anonymous
I don't want an API to disable security...
... what would stop a virus/trojan/etc calling it?
Security disabling MUST remain the remit of a logged-on administrator.
No exceptions
2. Joe Whitehead
The general idea is that you have to log into your administrator account (or have the antivirus installer request a non-stored password in order to get permission from the OS) in order to install your security programs. There is no reason to have a way around the administrator account without the password. This is the only way that a disabling API should be able to work.
Once the program is installed it should not need the password again as it uses it's own (protected by OS)
DLL.
Rather or not the DLL is secure is another matter...