Vista security finds defenders

There are divided views on Microsoft's Vista disclosure

More security vendors are complaining about Microsoft’s failure to properly disclose information regarding Windows Vista but opinion is divided as to where the current state of affairs leaves users’ protection under the forthcoming operating system.

On 13 October, Microsoft said it would reverse earlier plans by opening up the Vista 64bit kernel to security firms via an API interface and turn off alerts in Windows Security Centre when third-party consoles are already installed on PCs.

Since then, giants including Symantec and McAfee have complained about continuing lack of access to core tools and information, despite Vista being scheduled to go to business subscribers next month. They were joined last week by firewall maker Agnitum, which said it had not received code required to work with Vista.

“Microsoft has made a positive decision [with the 13 October promised changes] but we don’t have the API yet to analyse it,” Agnitum developers wrote in a blog. “Unless Microsoft makes good on its original announcement to make the APIs available, the likelihood is that Vista will ship with a ‘choice’ of security solutions from one vendor - Microsoft.”

However, Sophos said it had received all necessary help from Microsoft and said its antivirus product will have “full protection against malware threats on Vista”.

“Symantec and McAfee have recently made high-profile complaints that they are being ‘locked out’ of the Vista kernel,” the firm said in a statement. “They argue that this is preventing them from continuing to develop proactive protection against new malware, sometimes referred to as 'host intrusion prevention' or 'HIPS'. However, Sophos argues that its approach to HIPS technology has met with no problems on Vista.”

Richard Jacobs, chief technology officer of Sophos, said, “We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them. That's why we're ready for 64bit Vista, and others aren't."

Simon Barnard, sales and marketing manager at authentication firm Deepnet Security, said, “We don’t touch the kernel but we’ve always had full co-operation from Microsoft regarding APIs.”