Chills at Microsoft's security huddle

Microsoft has quietly held meetings with top antivirus researchers for almost 10 years, but there's some unease now that Redmond is a rival.

Microsoft likes to keep its friends close--and now that security companies are its foes, it may well want to keep those even closer.

The software maker has traditionally held powwows with partners to explore common ground. Security has been one area of activity: For almost 10 years, it has quietly held annual meetings with top researchers from antivirus companies such as McAfee and Symantec. This year, however, Microsoft decided to merge a couple of security get-togethers, as it found it was repeating itself over multiple meetings.

But that wasn't the big difference for the companies at the June meeting. Microsoft, and its $34 billion war chest, is now a competitor in the antivirus market. With its huge presence on desktops, the software giant has a built-in advantage--and that is making some collaborators nervous about sharing information. It's especially a concern that Microsoft requires attendees to sign a document that allows the company to use anything that anyone says at the event.

"Having been put into that situation, people will feel more inhibited to say things," said Jimmy Kuo, a McAfee fellow and a veteran of the Microsoft events. "They ask us to sign a nondisclosure agreement, and if we say anything in those meetings that Microsoft is able to use, they have the right to do so." The agreement was introduced in recent years, he said.

Microsoft gathers the antivirus experts to discuss Windows security. The event is meant to give them ideas about what kinds of products would be of most value to Windows users and to help Microsoft strengthen its operating system. But now that the company is a security rival, it might not want to reveal some Windows details.

The newly merged Microsoft Security Response and Safety Summit was held late last month at the software maker's Redmond, Wash., headquarters. The two-day meeting was not publicized and attracted about 150 representatives from about 80 security companies and Internet service providers, said Mark Griesi, a senior business development manager at Microsoft.

The event mostly provided a primer on security in Windows Vista, which led to a discussion on how attendees' products might work with the Windows XP successor. Microsoft has touted Vista, slated for broad release in January, as its most secure operating system ever.

"The key messages for the folks was about the new technologies in Vista, how they interact with those technologies, how to use that to better protect the consumer," Griesi said. "There are a lot of great things that they can use. We want to make sure that everybody is 100 percent aware of what is available."

But several of the attendees told CNET that they had learned little. "They talked mostly about Vista and security initiatives," said Hiep Dang, director of threat research and engineering at Aluria Software, an anti-spyware specialist that is a subsidiary of EarthLink. "I was hoping they would go a lot more granular than they did. A lot of the information they gave was information we probably could have gotten online."

Another attendee agreed that previous meetings had provided many more technical details. "This year they presented things that we already know," said this antivirus researcher, who asked not to be named.

Going in for the kill
That individual expressed concern about the purpose of the event, in light of the new rivalry. Perhaps Microsoft used the event to gather information that could help its security products and beat out the incumbents, the researcher suggested. "Is this brain-picking?" the researcher asked. "Microsoft is slowly moving towards the kill."

The software maker is walking a fine line between being a partner and a competitor to security companies. In late May, it introduced Windows Live OneCare, a consumer security package. It is now preparing a product to protect business PCs and servers, a move that will put it head-to-head with industry stalwarts such as Symantec, McAfee and Trend Micro.

It has been down similar roads in other areas. It is making a push with systems management software, as well as in business intelligence and content management, for example. It competes with incumbents in those markets, but it wants to partner with them at the same time, because it wants third-party products to work well with Microsoft products.

"The fact that we now offer security products does not change our commitment to work collaboratively with all of our security partners," Griesi said. "It's also important to note that while we encourage members to engage, all feedback is voluntary and does not impact the extent of information that Microsoft provides to partners."

Featured Video