Chills at Microsoft's security huddle

The software maker has traditionally held powwows with partners to explore common ground. Security has been one area of activity: For almost 10 years, it has quietly held annual meetings with top researchers from antivirus companies such as McAfee and Symantec. This year, however, Microsoft decided to merge a couple of security get-togethers, as it found it was repeating itself over multiple meetings.

But that wasn't the big difference for the companies at the June meeting. Microsoft, and its $34 billion war chest, is now a competitor in the antivirus market. With its huge presence on desktops, the software giant has a built-in advantage--and that is making some collaborators nervous about sharing information. It's especially a concern that Microsoft requires attendees to sign a document that allows the company to use anything that anyone says at the event.

"Having been put into that situation, people will feel more inhibited to say things," said Jimmy Kuo, a McAfee fellow and a veteran of the Microsoft events. "They ask us to sign a nondisclosure agreement, and if we say anything in those meetings that Microsoft is able to use, they have the right to do so." The agreement was introduced in recent years, he said.

Microsoft gathers the antivirus experts to discuss Windows security. The event is meant to give them ideas about what kinds of products would be of most value to Windows users and to help Microsoft strengthen its operating system. But now that the company is a security rival, it might not want to reveal some Windows details.

The newly merged Microsoft Security Response and Safety Summit was held late last month at the software maker's Redmond, Wash., headquarters. The two-day meeting was not publicized and attracted about 150 representatives from about 80 security companies and Internet service providers, said Mark Griesi, a senior business development manager at Microsoft.

The event mostly provided a primer on security in Windows Vista, which led to a discussion on how attendees' products might work with the Windows XP successor. Microsoft has touted Vista, slated for broad release in January, as its most secure operating system ever.

"The key messages for the folks was about the new technologies in Vista, how they interact with those technologies, how to use that to better protect the consumer," Griesi said. "There are a lot of great things that they can use. We want to make sure that everybody is 100 percent aware of what is available."

But several of the attendees told CNET News.com that they had learned little. "They talked mostly about Vista and security initiatives," said Hiep Dang, director of threat research and engineering at Aluria Software, an anti-spyware specialist that is a subsidiary of EarthLink. "I was hoping they would go a lot more granular than they did. A lot of the information they gave was information we probably could have gotten online."

Another attendee agreed that previous meetings had provided many more technical details. "This year they presented things that we already know," said this antivirus researcher, who asked not to be named.

Going in for the kill
That individual expressed concern about the purpose of the event, in light of the new rivalry. Perhaps Microsoft used the event to gather information that could help its security products and beat out the incumbents, the researcher suggested. "Is this brain-picking?" the researcher asked. "Microsoft is slowly moving towards the kill."

The software maker is walking a fine line between being a partner and a competitor to security companies. In late May, it introduced Windows Live OneCare, a consumer security package. It is now preparing a product to protect business PCs and servers, a move that will put it head-to-head with industry stalwarts such as Symantec, McAfee and Trend Micro.

It has been down similar roads in other areas. It is making a push with systems management software, as well as in business intelligence and content management, for example. It competes with incumbents in those markets, but it wants to partner with them at the same time, because it wants third-party products to work well with Microsoft products.

"The fact that we now offer security products does not change our commitment to work collaboratively with all of our security partners," Griesi said. "It's also important to note that while we encourage members to engage, all feedback is voluntary and does not impact the extent of information that Microsoft provides to partners."

Just last week, Microsoft said it was going to play nice and would abide by self-imposed rules aimed at bolstering choice and competition. The voluntary principles will come into play after court requirements related to the U.S. antitrust case against Microsoft expire next year.

The new Microsoft Security Response and Safety Summit is part of the Microsoft Security Response Alliance, an effort announced in June that aims to pull together various collaborative security initiatives at the company. It is also preparing to launch a response portal this week for its partners, Griesi said.

The software giant has been holding annual meetings with antivirus researchers since 1997. Initially, the confab was called Microsoft Macro Virus Initiative and later, the Microsoft Virus Initiative. On top of that, Microsoft has held twice-yearly get-togethers with Internet service providers since 2004, as part of its Global Infrastructure Alliance for Internet Safety. The Microsoft Security Response and Safety Summit brought together the antivirus and the ISP strands for the first time.

"We had separate events, but actually 80 percent of what we talked about was the same, so we decided to have one summit with different tracks," Griesi said. "We really wanted to give our various partners a chance to meet each other...The problems that ISPs and consumers face are the ones that the anti-malware makers are trying to address."

The merger was a good step, McAfee's Kuo said. "For us to attack some of these problems in a timely manner, we need to have close relationships with some of the ISPs," he said.

Security, response, safety
The Microsoft event had three tracks: security, response and safety. The first included sessions on secure software development at Microsoft, on the Windows Security Center (which tells users whether their security software is up to date) and on Vista features such as User Account Control (which enables restrictions on different users rights to prevent malicious software from installing).

The response section included sessions on Vista networking security, on trends in malicious software and on security in Internet Explorer 7, the next update to the Web browser. The safety track gave an overview of new safety features in Vista and the Windows Live family. These features included parental control and Vista extensibility, as well as Microsoft's phishing- and spam-fighting strategy.

One of the sessions was supposed to discuss WinFS, a new storage system for Vista. "We got in and sat down," Dang said. "The talk was over in five minutes, because Vista will be completely without WinFS." That same day Microsoft officially announced that WinFS will become part of the SQL Server database and will no longer be part of Windows.

Another session discussed how malicious software could leave traces on Vista PCs even after it is removed, McAfee's Kuo said. The trace is in the form of a so-called symbolic link, a technology introduced in Vista. These are designed to make it easier to locate items on a computer, and are somewhat similar to current shortcuts in Windows XP and to aliases in Mac OS systems.

"Symbolic links can clutter up your machine with lots and lots of links that point nowhere" after the malicious software is removed, Kuo said. Protective tools will probably end up doing the clean-up, he said. It's a sign that on Vista systems, security software has more work to do than on earlier versions of the operating system.

The goal of Microsoft's alliance program is to share information like this and to protect customers at large, Griesi said. Likewise, security companies like Aluria say they want to work with Microsoft for the same reason. But some note that the software giant has a history of pulverizing rivals. "Netscape is the renowned story," Dang said.

He did point out, though, that Microsoft hasn't always succeeded in imposing itself on the markets it enters. One example, he said, is Intuit, which is still a leader in accounting software, despite Microsoft's attempts to take it on.

"I commend Microsoft for listening to security vendors," Dang added. "Ultimately, we are all on the same side, which is the good guys versus the bad guys, and we're here to protect our customers. Microsoft playing in this is good for all parties--it keeps us on our toes and makes our products a lot better."

Kuo gives Microsoft the benefit of the doubt as to why it may be sharing fewer technical details than in previous years. It depends on the development lifecycle, he said. Vista is almost fully baked, so Microsoft hasn't got anything new to share. Two years ago, attendees did get a significant amount of technical information, he added.

"At this point, there is really nothing for them to tell us that we don't know," Kuo said. "The question will be what happens next year. How much discussion happens then? That will be how we measure the significance of Microsoft entering the market and how that affects these relationships."