Microsoft: McAfee's criticism of Vista inaccurate and inflammatory
The rhetoric in the dispute between McAfee and Microsoft regarding the integration of security solutions into Vista is still heating up. In reports published in the American media, the Redmond company accuses McAfee of inaccurate and inflammatory criticism. In the light of the concerns of the EU Commission, Microsoft announced plans to add an additional API into Vista. This API will allow security firms to monitor the state of the kernel in the 64-bit version and access it securely. Until such an API is available, Vista's kernel protection functions like PatchGuard would prevent such access, claims McAfee and several other security vendors.
McAfee appears not to trust Microsoft's announcement and is continuing its barrage against the company. It remains to be seen whether the announcement is nothing but hollow assurances or whether Microsoft will actually live up to them, the security vendor maintains. Statements of that kind are regrettable and inappropriate, finds Ben Fathi, corporate vice president for security technology at Microsoft. The API is under construction, although it is not yet clear when vendors will have access to it. It will certainly not be included in the first version of Vista but will instead be delivered afterward as an update. Firewall maker Agnitum fears that could take between 12 and 18 months. Customers are the losers here, since they would be without proper protection for months, Agnitum explains in its weblog.
The analysts at the Gartner Group released a report on Vista security last week. It also sees significant problems with the interplay between security software and Vista. They will not be effective given the current conditions in place for Vista. The consulting firm therefore recommends that customers exert pressure on Microsoft: no switching to Vista until the first version of the announced API is available. That could be as late as 2008 in Gartner's estimation.