Storm clouds on AV horizon

Leave it to the world’s biggest software maker to bust up a good party. Every year for more than a decade the world’s top virus and malicious code experts have gathered for the Virus Bulletin conference to talk about what’s hot in the world of computer threats.

The small, clubby atmosphere at Virus Bulletin is as much a product of necessity as it is of choice; AV (anti-virus) companies that compete against one another in the marketplace have to cooperate closely behind the scenes to prevent widespread infections.

But Microsoft’s emergence as a major security vendor in the past two years is causing tension, even within the insular world of AV researchers.

In recent weeks, Microsoft and Symantec have engaged in a tit for tat over features in Windows Vista that Symantec claims will stifle competition and innovation in the security industry, giving Microsoft the upper hand in selling its security wares to consumers.

At the heart of that dispute are disagreements over features such as Microsoft PatchGuard, a kernel security module that is specific to 64-bit Windows and that prevents modifications to the Vista kernel during operation — aka “kernel patching.” Symantec claims that kernel patching is critical for detecting malicious code, even if it opens the door to threats such as rootkits, said Symantec spokesman Chris Paden.

Microsoft strongly disagrees.

“We want to work with them in a safe way. They want to be able to do what they used to do even though it’s unsafe,” said Stephen Toulouse, senior product manager at Microsoft’s security technology unit.

Other AV vendors aren’t necessarily falling in behind Symantec.

“What we want is for Microsoft to play fair. If they don’t give us the same benefits and openness they give their own security team, that’s a problem,” said Graham Cluley, senior technology consultant at Sophos. 

But there’s more here than just a dispute about kernel security.

With Vista out the door, Microsoft will shift its attention to building out its security practice even more. The company recently recruited Vincent Gullotto, once head of McAfee’s Antivirus Research Team (AVERT), and lately of Symantec, to head up its own Security Research and Response organization. Other researchers, including McAfee’s Jimmy Kuo, have also decamped to Microsoft.

Gullotto and Kuo told InfoWorld that they were prevented, legally, from recruiting talent but were “ready to talk” to researchers who approached them. Gullotto also acknowledged that trips to the European Union and Asia were in the works, as Microsoft begins to build out a global AV and malware research capability.

In the end, companies such as Sophos, Symantec, and Trend Micro will try to distance themselves from Microsoft, delving into areas that Microsoft is unlikely to follow, attendees at Virus Bulletin agreed.

The dispute over Microsoft’s security products may come down to a court challenge. Symantec is already raising the specter of anti-competitive behavior, citing links in the Vista Welcome Center to OneCare that it claims obscure the availability of third-party security products.

Paden wouldn’t use the m word — as in monopoly — but said that all options are on the table.