Symantec wants to lend a hand with Vista security

The Cupertino, Calif., company has plans to create a technology that makes security decisions for Vista owners dealing with User Account Control. This feature in the operating system asks for permission to lift security barriers to the inner workings of a PC whenever software tries to access these. But it makes too many requests to be effective, according to Symantec.

"I have been running Vista for a while, and UAC bugged the heck out of me--to the point where I tuned it out and, eventually, turned it off," Rowan Trollope, vice president of consumer products at Symantec, said in an interview. "If a company could do better, it would be one of us security companies."

While Trollope's comments may seem self-serving, Natalie Lambert, an analyst with Forrester Research, said the company has a valid point.

"UAC is a great step forward for computer security, in theory. The main problem is that it still leaves the power in the user's hands. As we know, security technologies are only as strong as (their) weakest link, and in this case, that is the user," Lambert said. "Symantec's plan to enhance UAC is a much-needed complement."

The Vista feature lets people run a computer with fewer user privileges, which dictate how far they can interact with the software on it. It's designed to prevent malicious code from being able to do as much damage as it would on a machine running in administrator mode--a typical setting on Windows XP. In Vista, users now have to grant permission each time full access to a PC is required, for example, when installing a program or changing a setting.

Vista is the first major new PC operating system release from Microsoft since XP in 2001. Microsoft made the Windows update available to business customers in November and broad availability is slated for the end of this month.

Symantec's plan to overlay Microsoft's tool with its own technology is one example of how it hopes to turn the security in Vista from a business challenge into a business opportunity. Until now, the company had mostly talked about how the new operating system's built-in security features could hurt its bottom line.

"We have had a team looking at ways to enhance the built-in features of Vista, and UAC was one of the very first we identified," Trollope said. "We have not announced any specific feature, but we are researching it...We have a couple of researchers building prototypes."

Useful or not?
Such technology would be welcome, said Brian Lambert, a student at Southern Illinois University (and not related to Forrester's Natalie Lambert). While UAC is not difficult to understand, it is very noisy and bothersome and users might ignore it as a result, he said.

"I think third-party applications should take the decision out of the user's hands. Anything to reduce the number of nagging windows will be appreciated," he said. "I always welcome more security, but there has to be a balance between security and usability. UAC borders on being intrusive."

But not everyone believes handing off the Vista UAC controls to anyone else is a good idea.

"UAC may be annoying at first--heck, it is annoying for me as a power user--but people will get used to it," said Robert McLaws, who blogs about Microsoft. "If you're running Vista for a while, you don't see UAC prompts that often, and if you do, it is something you need to know about."

Microsoft for its part said that it had not heard of Symantec's plans and that customers have told it that UAC is a good way to help limit the impact of attacks by malicious software and unapproved system changes.

"We're certainly looking forward to hearing more from Symantec about the solutions they are building for Vista to help protect customers," Stephen Toulouse, security product manager at Microsoft, said in an e-mail interview.

The company does need to work with Microsoft to make sure its UAC-modifying technology performs as planned. Otherwise, the software giant might consider the product a hack, Toulouse said. "If a method to subvert or suppress it (UAC) was developed unknown to the user, as with all Microsoft software, we would initiate our security response process," he said.

In addition, if people decide they do not want to run UAC and they would rather run a third-party solution that provides similar functionality, they have the choice to disable it, a Microsoft representative pointed out in an e-mailed statement.

Opportunities in Vista
Other security components in Vista that Symantec thinks it could build upon are the Windows firewall and data execution protection, Trollope said. It also envisions using Vista's plumbing to create tools that protect against drive-by downloads and JavaScript exploits, he added.

The Windows update includes a host of changes designed to safeguard the PC. It also packs a number of security tools, including an improved firewall and a spyware shield. Symantec, McAfee and other security companies have accused Microsoft of anticompetitive practices over the operating system. In response, Microsoft agreed to make some changes.

"My outlook is positive on the changes that have been made for Vista," Trollope said.

Around the same time Vista becomes available to the masses, Symantec plans to release Norton 360, its new flagship consumer security product, the company said. Norton 360 will include a new detection mechanism for malicious software: it looks at the behavior of code on a PC to determine whether it is malicious, rather than using signatures--a kind of "fingerprint" of known bad code. The same feature will be enabled in the 2007 editions of Norton AntiVirus and Norton Internet Security, Symantec said.

Symantec does still have one concern, though, Trollope said. It is worried that Microsoft's message that Vista is the most secure version of Windows yet will lead consumers to believe that they no longer need any additional security tools.

"It would be bad for customers if they got that idea," Trollope said. "Not to mention our business."