The simmering battle between Microsoft and the two biggest security software vendors is boiling over as Microsoft finalizes changes to the Windows Vista operating system that Symantec and McAfee say impede their productsOr an antitrust regulator.
. . . [I]n addition to bundling antivirus and anti-spyware software into Windows and limiting users' ability to install software, Microsoft has closed a loophole that gave products from Symantec, McAfee, and other makers of security software access to the Windows kernel, which controls the operating system's most basic functions. The vendors use that access to detect and block rootkits, keystroke-logging software, and worms.
Trouble is, malware writers exploit the same interfaces to access Windows' kernel, a threat that Microsoft says outweighs the benefits. Modifying the kernel also compromises Windows' performance, according to the company. Versions of Vista for 64- bit PCs will include technology called PatchGuard that prevents kernel modification. "Either everybody has access to the kernel," says Microsoft senior product manager Stephen Toulouse, "or nobody does."
Symantec and McAfee say the move undercuts their products at the very moment Microsoft is entering the $4 billion market for desktop security software. Microsoft "is putting the core of the operating system in a lock box," says a Symantec spokesman. Security vendors also are asking Microsoft to make it easier for users to uninstall Windows Security Center, a dashboard that controls security settings in Vista. "You almost need an IT help desk" to change the controls, a McAfee spokeswoman says.
Here we have a case of a business working to improve a long-standing problem with its product. Yes, the improvement would put third-party software providers in a spot. Yet how is it that Microsoft owes them their position? Where do they draw the moral right to access the Window's kernel, if Microsoft chooses that its interest lies in not granting them access?
Of course, Microsoft has long surrendered the moral high ground on antitrust, and in my book, the firm gets what it deserves for not attacking the premise behind antitrust itself. By Microsoft's implicit concession, it allows Symantec and McAfee to argue that they simply need access to the Window's kernel, and that their need takes precedence over any of Microsoft's rights, or the desire of Microsoft's customers for a more secure OS.