Microsoft sets Vista meeting with security firms

Powwow to discuss how to let security companies use core components of some versions of the Windows OS.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
3 min read
Microsoft plans to meet with security companies to discuss part of the changes it has promised to make to Windows Vista in response to competitive concerns.

The Redmond, Wash., software giant has planned an online briefing for security providers on Thursday, a company representative said late Wednesday in an e-mailed statement. The meeting is to discuss how third-party protective software can interact with the innards of 64-bit versions of Windows Vista, the representative said.

In response to antitrust concerns from the European Commission, Microsoft last week said third-party security software will be able to access the kernel of 64-bit versions of Vista and disable alerts sent out by the Windows Security Center. Both capabilities had been requested by security companies, but previously denied by Microsoft.

Symantec, McAfee and others have charged that Microsoft was hurting competition and creating an unfair advantage for its own products through the kernel protection and Windows Security Center features.

Microsoft on Monday supplied security companies with the technology to suppress Windows Security Center alerts. The company, however, had not yet communicated about the kernel protection features, called PatchGuard.

"We have not received anything at all from Microsoft concerning PatchGuard," McAfee spokeswoman Siobhan MacDermott said Tuesday. "We urge Microsoft to give security vendors this access as quickly as possible and not wait until the 11th hour so that we can offer our customers the best protection."

Symantec and Check Point Software Technologies also on Tuesday said that the companies had not yet heard from Microsoft on PatchGuard, even though the company had made promises in the media and to the European Commission.

"Even though Microsoft has announced that they are going to work with security vendors, that is all they have done," said Cris Paden, a Symantec spokesman. "We're in holding pattern."

In 64-bit versions of Vista, the kernel protection not only locked out hackers but also prevented some security software from running, security companies have said. They had asked for a way to access the kernel, which Microsoft insisted would hurt the security and stability of Windows. Microsoft now says it will provide that access.

The Thursday meeting will discuss scheduling for development of the technologies to work with the Vista kernel, Microsoft said. These APIs, or application program interfaces, will not be ready until after Microsoft releases Vista to PC makers and CD factories, which is called "release to manufacturing," or RTM, the representative said.

That timing means that security companies won't be able to ship certain products for 64-bit versions of Vista until later. Also, the kernel access features won't exist in the first release of the new operating system and will have to be added in an update, such as a service pack.

"From McAfee's perspective, it is not at all acceptable for Microsoft to wait until a service pack and not offer us kernel access until after the launch of Vista," MacDermott said.

Vista, the long-awaited successor to Windows XP, is slated to be available to large business users next month and to the general public in January. Microsoft has promoted Vista as the most secure version of Windows yet.