Microsoft’s Refusal to Share Vista Kernel Still Drawing Fire

Third party antivirus vendors are becoming increasingly convinced that Microsoft’s rigorous security protocols for its forthcoming Windows Vista operating system are in effect a back-door effort to gain market share in the computer security space.

Symantec — and more recently, McAfee — have charged the Redmond, Wash.-based conglomerate with abusing its dominant position in the OS market by denying independent firms access to its security code. The firms have reportedly brought the issue to the attention of the Department of Justice and are increasingly voicing their opinions on the matter in public venues. Late last month, Rowan Trollope, Symantec’s vice president for consumer engineering, told the E-Commerce Times that Microsoft is attempting to “regulate what security can be provided on their system and how that security is provided.”

Shutting Independents Out

Now, in an open letter to customers, McAfee chairman and CEO George Samenuk is adding his own voice to the chorus.

“For the first time, Microsoft shut off security providers’ access to the core of its operatingsystem — what is known as the ‘kernel,'” he wrote.

“At the same time, Microsoft has firmly embedded in Vista its own Windows Security Center — a product that cannot be disabled even when the user purchases an alternative security solution. This approach results in confusion for customers and prevents genuine freedom of choice.”

Microsoft’s Mindset

In an earlier interview with the E-Commerce Times regarding Symantec’s complaints about Microsoft’s Vista security policies, Ron O’Brien, senior security analyst for Sophos, took a stab at explaining Microsoft’s mindset.

“What they are doing is, in order to avoid exploits to vulnerabilities, they are trying to lock down thekernel to make it less accessible,” he told the E-Commerce Times.

He added that Sophos was not worried about access to the kernel — for the moment — as there is no malware known to be in existence that impacts the kernel. If that changes, he says, Microsoft would provide access to Sophos, which is one of its partner companies.

Critics, however, are becoming more vehement in their demands for access to the Vista kernel.

In his letter, Samenuk said that customers should recognize that Microsoft is being completely unrealistic if it thinks that by locking security companies out of the kernel, hackers won’t crack it. Samenuk, in fact, claims that hackers already have the kernel.

Still, he acknowledges that few threats actually target the kernel itself. Rather, most malware is aimed at disabling applications or programs. “Yet the unfettered access previously enjoyed by security providers has been a key part of keeping those programs and applications safe from hackers and malicious software,” he said.

“If Microsoft succeeds in its latest effort to hamstring these competitors, computers everywherecould be less secure.”

Microsoft was unable to respond to this story in time for publication.