 |
Ted Kummert, Microsoft’s Corporate Vice President, Security, Access and Solutions Division:
Today we are announcing key security products across the client, server and network edge, which map to our customer promise to help protect information and control access. First, we are excited to announce the public beta for Microsoft Forefront Client Security, a new product that helps protect business desktops, laptops, and server operating systems from viruses, spyware, and other threats. Second, we are announcing two new server security products, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint, which are currently in public beta, and will be available to volume-licensing customers in December. Finally, today we are unveiling new Application Optimization features for the Intelligent Application Gateway, a product included in Microsoft’s acquisition of Whale Communications this year.
While all are of importance, Microsoft Forefront Client Security is drawing the most buzz since it’s a stake pointed right at the heart of the lucrative corporate security market which has heretofore been dominated by Symantec, McAfee, and other third party ISV’s whose relationship with Microsoft has grown so rancorous lately. More information and the Client Security beta download are here.
It was easy enough for Microsoft to promise the EU that they would provide Vista security APIs to competing security software vendors, but delivering on that promise has turned into a real melee.
Microsoft did deliver some Security Center documentation on Monday, but was stung by complaints from McAfee and Symantec that it was inadequate and had scheduled a conference call yesterday to clarify matters. Unfortunately, the call did not go smoothly:
This meeting was under NDA, so what was actually discussed I can’t say.
However, the not-secret part of it was that someone at Microsoft accidentally sent out the LiveMeeting presentation invites as “presenter”, which if you’ve ever used LiveMeeting, is an invitation to chaos. Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally setup to end at 12:30, so we were promptly all kicked off. Finally at 12:45 EDT the meeting went as planned. Those who missed this meeting will have the ability to view another later today.
While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance. It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress. No big deal people.
OK, but then Microsoft clarified the purpose of the meeting which they felt was “Microsoft’s intention to invite nearly 150 security products vendors to join it in the development of an open security services API for Windows,” and emphasized the fact that:
Such an API would not open up PatchGuard, the kernel protection system the company currently plans for Windows Vista, the spokesperson pointed out emphatically several times during our discussion, nor does Microsoft have any plans to ever open up PatchGuard.
“Microsoft continues to believe the kernel must be protected from unauthorized access,” BetaNews was told. To that end, the company proposes “a process for developing methods for software that works alongside PatchGuard.”
Such a process, if initiated, could take several months, by Microsoft estimates, with the goal being to produce the results of this initiative in time for the release of Vista Service Pack 1. Though the spokesperson used the phrase “the SP1 timeframe” to refer to the release of these services, Microsoft declined to attach a time to that timeframe.
This was all too much for McAfee which blasted Microsoft:
“Despite pledges, press conferences and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week,” McAfee attorney Christopher Thomas said in a statement.
“We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by its top management last week.”
and, of course, Microsoft returned the compliment:
It’s unfortunate that McAfee’s lawyers are making these kinds of inaccurate and inflammatory statements,” said Ben Fathi, corporate vice president of Microsoft’s security technology unit.
He said Microsoft was being even-handed in developing the needed software, which would happen “in the months ahead”.
It doesn’t take an international antitrust lawyer to see the problem here, just someone with a recollection of recent events:
In the past, the Commission has expressed concerns about delays by Microsoft in providing information to other companies because during that time, those firms have lost market share and eventually been sidetracked.
Then there’s the whopping supplemental fine that the European Commission slapped on Microsoft for the sluggish delay in delivering interoperability information the last time around. Why does Microsoft persist in playing the same old tune? Do they think the regulatory reaction is going to be any better this time? If they really like waving a red flag at Neelie Kroes, they shouldn’t be surprised when she shows up snorting and pawing the ground.
Update: In fairness to Microsoft, they do contend that they have provided extensive Security Center API info on and since Monday.
Microsoft’s partial delivery of EU placating Vista security APIs is drawing fire from competitors McAfee and Symantec:
A statement from McAfee worldwide corporate communications vice president Siobhan MacDermott said:
We did receive a document from Microsoft yesterday that contained the SDK for Windows Security Centre only. We continue to have questions pertaining to this document and have asked Microsoft for meetings and/or additional clarification about what MS has sent us. To date, we have not had any cooperation from MS and no response on McAfee’s repeated requests to review the information.
Contrary to what it says publicly, Microsoft has not cooperated with the leading security providers. In fact, we have not received anything at all from Microsoft concerning PatchGuard. …
And Symantec:
With regards to Microsoft and their announcement regarding security provisions in the Windows Vista operating system, Symantec has yet to actually see the final detailed information needed to address our concerns regarding Windows Security Centre or PatchGuard. While we are encouraged by their statements and are hopeful their actions will indeed lead to customers being allowed to use whatever security solutions they would like on the Vista operating system, the operative question is exactly when will the final detailed information be made available to security providers?
It is important to note that the Vista operating system is slated to ship to OEM within the next few weeks. Therefore, security providers would need to have the final detailed information to address their concerns about Windows Security Centre and PatchGuard provided to them in a timely manner.
You have to admit that it’s rather a dirty trick on Microsoft’s part to announce on Oct. 13 that they have resolved the issue, deliver part of the promised APIs on Oct. 16, and then expect the security vendors to rework their products in timely fashion when Vista RTM is now generally expected to be on Oct. 25.
Meanwhile, Microsoft CEO Steve Ballmer returned fire:
“I don’t know anything about allegations of McAfee. We have gone ahead with the release of APIs consistent with the directions we have taken to put Windows (Vista) in the marketplace on schedule and we are absolutely executing on all of the plans properly,” he said.
More broadly, Ballmer said of complaints by security companies: “We are through that … We’re prepared to release our product.”
Uh Oh! I think someone just paged European Competition Commissioner Neelie Kroes, but then her appearance is inevitable anyhow.
Update: That was quick:
Microsoft will brief security software companies on-line on Thursday, after firms McAfee and Symantec complained it was delaying promised cooperation about their security concerns.
As part of its Vista promise to the EU, Microsoft said last week that it would be delivering some new security APIs to third party vendors of security product. Part of the package was delivered today:
Microsoft Corp. said Monday it has given security vendors Symantec Corp. and McAfee Inc. some of the information they want to make their products work with Microsoft’s new operating system, Vista.
Microsoft spokesman Tom Brookes said the software interfaces for the Windows Security Center — Vista’s new “security dashboard” — were uploaded to a Web site for software developers.
…
“We still don’t know if we have everything we need or not,” Symantec spokesman Cris Paden said. Phone messages left with McAfee weren’t immediately returned.
Microsoft also said it planned to talk to both Symantec and McAfee to discuss changes they want made to Microsoft’s anti-hacking tool, Patchguard. Symantec wanted its software to be excluded from Patchguard’s scope so it would not be wrongly identified as a threat to the system.
Symantec, McAfee, and the other vendors are going to have to work fast to be ready when Vista is released for businesses in November. We can argue about business Vista adoption rates, but there’s no argument that the business part of the security business is the most lucrative and they’ll all want to put on their best display of proficiency.
