Microsoft did deliver some Security Center documentation on Monday, but was stung by complaints from McAfee and Symantec that it was inadequate and had scheduled a conference call yesterday to clarify matters. Unfortunately, the call did not go smoothly:
This meeting was under NDA, so what was actually discussed I can’t say.
However, the not-secret part of it was that someone at Microsoft accidentally sent out the LiveMeeting presentation invites as “presenter”, which if you’ve ever used LiveMeeting, is an invitation to chaos. Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally setup to end at 12:30, so we were promptly all kicked off. Finally at 12:45 EDT the meeting went as planned. Those who missed this meeting will have the ability to view another later today.
While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance. It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress. No big deal people.
OK, but then Microsoft clarified the purpose of the meeting which they felt was “Microsoft’s intention to invite nearly 150 security products vendors to join it in the development of an open security services API for Windows,” and emphasized the fact that:
Such an API would not open up PatchGuard, the kernel protection system the company currently plans for Windows Vista, the spokesperson pointed out emphatically several times during our discussion, nor does Microsoft have any plans to ever open up PatchGuard.
“Microsoft continues to believe the kernel must be protected from unauthorized access,” BetaNews was told. To that end, the company proposes “a process for developing methods for software that works alongside PatchGuard.”
Such a process, if initiated, could take several months, by Microsoft estimates, with the goal being to produce the results of this initiative in time for the release of Vista Service Pack 1. Though the spokesperson used the phrase “the SP1 timeframe” to refer to the release of these services, Microsoft declined to attach a time to that timeframe.
This was all too much for McAfee which blasted Microsoft:
“Despite pledges, press conferences and speeches by Microsoft, the community of independent security companies that consumers rely on for computer protection has seen little indication that Microsoft intends to live up to the promises it made last week,” McAfee attorney Christopher Thomas said in a statement.
“We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by its top management last week.”
and, of course, Microsoft returned the compliment:
It’s unfortunate that McAfee’s lawyers are making these kinds of inaccurate and inflammatory statements,” said Ben Fathi, corporate vice president of Microsoft’s security technology unit.
He said Microsoft was being even-handed in developing the needed software, which would happen “in the months ahead”.
It doesn’t take an international antitrust lawyer to see the problem here, just someone with a recollection of recent events:
In the past, the Commission has expressed concerns about delays by Microsoft in providing information to other companies because during that time, those firms have lost market share and eventually been sidetracked.
Then there’s the whopping supplemental fine that the European Commission slapped on Microsoft for the sluggish delay in delivering interoperability information the last time around. Why does Microsoft persist in playing the same old tune? Do they think the regulatory reaction is going to be any better this time? If they really like waving a red flag at Neelie Kroes, they shouldn’t be surprised when she shows up snorting and pawing the ground.
Update: In fairness to Microsoft, they do contend that they have provided extensive Security Center API info on and since Monday.