Security threats Toolkit

Microsoft feuds with rivals over Vista security

Tags:
Security,
Symantec,
Windows Vista,
Microsoft

Joris Evers CNET News

Published: 20 Sep 2006 09:00 BST

…could update antivirus definitions or disable a firewall directly from the Windows Security Center, according to a recently published Microsoft document on the feature.

This could give rivals the opportunity to change tack and focus on developing products that plug into Microsoft's security dashboard, rather than continuing to produce their own, Toulouse suggested. "They might not need to have their own security centre any more," he said. "It is our hope that they build products that connect into Windows Security Center."

Microsoft agreed that multiple security consoles on a single PC could confuse users, especially different information is displayed, but said that this is an argument in favour of funnelling all security software management via the Windows Security Center.

"It is a fundamental lack of clarity for the user," Toulouse said. Microsoft's dashboard is "neutral" and "vendor agnostic", Toulouse added.

But Symantec and Check Point chuckle at the notion that Microsoft is neutral. For example, both companies doubt it is a coincidence that the company added an anti-spyware category to the Windows Security Center only after it introduced Windows Defender, an anti-spyware tool that will ship as part of Vista.

"Who is Microsoft to define the right way to think about security?" asked Laura Yecies, general manager of Check Point's ZoneAlarm division. "Microsoft does not have the track record or expertise in this space. They have not earned it."

Best view
McCorkendale said Symantec's own security centre will give its customers the best view of the status of Symantec products, so people should have the option to use the Symantec dashboard instead of Microsoft's. "Customers should be allowed to choose their security product suites and therefore the security console to go with them," he said.

Symantec's console is called the "Norton Protection Center", and Check Point has a management console in ZoneAlarm Internet Security Suite. McAfee, one of the top players in the consumer security space, also has a security console. Trend Micro and CA declined to comment.

Michael Cherry, an analyst at Directions on Microsoft, also questioned the software maker's neutrality when it comes to Windows Security Center, wondering whether Microsoft's developers would respond quicker to a request from the OneCare team then to Symantec's Norton AntiVirus team.

"I am not comfortable yet that that information is being shared equally and that all partners are equal partners," Cherry said. "It is only neutral when they can prove that OneCare, or Windows Firewall, or Windows Defender does not get a more favourable review or more favourable access to technology."

There is something to be said for a central point in Windows that has security information, Cherry added. But if a user picks a third-party security suite, that product should be able to turn off Windows Security Center, he said.

"If I choose to use a third party's tools, then I would want to use a security centre from them. So I'd be much more comfortable if Microsoft's could be uninstalled in favour of the one I want to use," he said.

Restricted Vista?
Symantec, Check Point and McAfee also argued that Microsoft's Windows Security Center risks giving consumers a limited view of security.

"If we were to just cede the dashboard console view of security to Microsoft, we could only talk to users about firewalls, antivirus and anti-spyware," Symantec's McCorkendale said.

Check Point's Yecies said that Microsoft's console looks at security with blinkers that are surprisingly convenient to its own product lineup.

"The modules, as Microsoft has currently defined them, are incomplete in an environment of zero-day exploits," she said. "Setting up those terms really limits the view consumers have about what is possible and potentially what they need. It might lead a consumer to think that they are fully protected, when in fact they are far from it."

But Natalie Lambert, an analyst at Forrester Research, argued that Microsoft is helping PC users. "The Windows Security Center is helpful, it really does provide a quick view into security," she said. "Consumers need to have security handed to them on a silver platter."

Vista is the first major update to Windows since Microsoft shipped XP in 2001. Back then, Microsoft was not a player in the security arena, and things went much more smoothly, McCorkendale said

"It is really hard work and we have had to be very, very persistent and over a very long period of time, which is different from how we used to work with Microsoft before they got into the security space. They have really changed the rules of the game; we used to have a lot more pleasant dialogue," he said.

Ultimately, Symantec hopes all the differences can be resolved civilly, McCorkendale said.

"All our concerns are about consumer choice. Consumer should be allowed to choose their security solution and if they are not allowed to make that choice… you risk a monoculture in security, which reduces innovation and diversity."