MS's 'hollow assurances' rile McAfee

updated | Intentionally or not, Microsoft's making life a bit difficult, and stressful, for third-party security software vendors.

Addressing concerns from companies such as McAfee and Symantec who assert that 64-bit Vista won't support their security wares, the Big Redmondian Machine today said that it would make necessary changes to the OS -- eventually, according to reports.

The non-committal timetable can't be too heartening to the desktop-security industry as Vista's release date draws ever closer.

In fact, McAfee today released the following statement: "Despite pledges, press conference and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week," said Christopher Thomas, a partner at Lovells which is presently serving as McAfee's outside litigation counsel in Brussels.

"We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week," Thomas said.

The statement came out the same day Microsoft attempted to host an online briefing for security ISVs, the purpose of which was to respond to complaints from Symantec and McAfee about 64-bit Vista's protective PatchGuard kernel that keeps the OS from playing nicely with third-party malware-fighting arsenals. But some vendors who attempted to participate were inadvertently locked out, according to BetaNews -- including the aforementioned Symantec and McAfee. Microsoft took responsibility for the glitch, though, and the meeting was rescheduled.

Notably, Microsoft has handed over API code to security vendors, which would allow them to disable the Security Center management console that will ship with Vista. But that doesn't address the problems with PatchGuard.

"Although PatchGuard is not used by Vista when it is running in 32-bit mode, it will lock many types of software, including Symantec's, out of the kernel on 64-bit versions of the operating system. The security vendors wanted Microsoft to give them some way to access the 64-bit kernel, saying that this high-level access was required in order to activate critical security features," IDG News Service writes.

This turn of events is at least scoff-worthy to the average tech cynic and great fodder for a conspiracy theorist. What if Microsoft was intentionally dragging its feet here so as to give itself an advantage by forcing its suite to be the desktop security tool of "choice" for its own operating system? That would certainly negatively impact the bottom lines of third-party vendors. Not that Microsoft would engage in arguably monopolistic behavior, of course. What's with these conspiracy theorists? Still, Microsoft could see an advantage in all this.

Then again, these events may very well give organizations further reason to delay Vista deployment. Yes, Microsoft has made a number of grandiose promises about Vista's enhanced security, but given the company's shoddy security track record, some shops may want to put Vista on hold until they can install anti-malware offerings from a more trusted vendor.

And speaking of Microsoft security, a vulnerability has already been found in Internet Explorer 7, which was released yesterday.

I'm just sayin'.

What do you think? Is Microsoft playing fairly? Will you deploy Vista before the company fixes PatchGuard to work well with third-party security tools?