July 24, 2006 4:00 AM PDT

Chills at Microsoft's security huddle

Microsoft likes to keep its friends close--and now that security companies are its foes, it may well want to keep those even closer.

The software maker has traditionally held powwows with partners to explore common ground. Security has been one area of activity: For almost 10 years, it has quietly held annual meetings with top researchers from antivirus companies such as McAfee and Symantec. This year, however, Microsoft decided to merge a couple of security get-togethers, as it found it was repeating itself over multiple meetings.

But that wasn't the big difference for the companies at the June meeting. Microsoft, and its $34 billion war chest, is now a competitor in the antivirus market. With its huge presence on desktops, the software giant has a built-in advantage--and that is making some collaborators nervous about sharing information. It's especially a concern that Microsoft requires attendees to sign a document that allows the company to use anything that anyone says at the event.

"Having been put into that situation, people will feel more inhibited to say things," said Jimmy Kuo, a McAfee fellow and a veteran of the Microsoft events. "They ask us to sign a nondisclosure agreement, and if we say anything in those meetings that Microsoft is able to use, they have the right to do so." The agreement was introduced in recent years, he said.

Microsoft gathers the antivirus experts to discuss Windows security. The event is meant to give them ideas about what kinds of products would be of most value to Windows users and to help Microsoft strengthen its operating system. But now that the company is a security rival, it might not want to reveal some Windows details.

The newly merged Microsoft Security Response and Safety Summit was held late last month at the software maker's Redmond, Wash., headquarters. The two-day meeting was not publicized and attracted about 150 representatives from about 80 security companies and Internet service providers, said Mark Griesi, a senior business development manager at Microsoft.

The event mostly provided a primer on security in Windows Vista, which led to a discussion on how attendees' products might work with the Windows XP successor. Microsoft has touted Vista, slated for broad release in January, as its most secure operating system ever.

"The key messages for the folks was about the new technologies in Vista, how they interact with those technologies, how to use that to better protect the consumer," Griesi said. "There are a lot of great things that they can use. We want to make sure that everybody is 100 percent aware of what is available."

But several of the attendees told CNET News.com that they had learned little. "They talked mostly about Vista and security initiatives," said Hiep Dang, director of threat research and engineering at Aluria Software, an anti-spyware specialist that is a subsidiary of EarthLink. "I was hoping they would go a lot more granular than they did. A lot of the information they gave was information we probably could have gotten online."

Another attendee agreed that previous meetings had provided many more technical details. "This year they presented things that we already know," said this antivirus researcher, who asked not to be named.

Going in for the kill
That individual expressed concern about the purpose of the event, in light of the new rivalry. Perhaps Microsoft used the event to gather information that could help its security products and beat out the incumbents, the researcher suggested. "Is this brain-picking?" the researcher asked. "Microsoft is slowly moving towards the kill."

The software maker is walking a fine line between being a partner and a competitor to security companies. In late May, it introduced Windows Live OneCare, a consumer security package. It is now preparing a product to protect business PCs and servers, a move that will put it head-to-head with industry stalwarts such as Symantec, McAfee and Trend Micro.

It has been down similar roads in other areas. It is making a push with systems management software, as well as in business intelligence and content management, for example. It competes with incumbents in those markets, but it wants to partner with them at the same time, because it wants third-party products to work well with Microsoft products.

"The fact that we now offer security products does not change our commitment to work collaboratively with all of our security partners," Griesi said. "It's also important to note that while we encourage members to engage, all feedback is voluntary and does not impact the extent of information that Microsoft provides to partners."

CONTINUED: "All on the same side"?…
Page 1 | 2

See more CNET content tagged:
attendee, meeting, researcher, McAfee Inc., software company

18 comments

Join the conversation!
Add your comment
LOL!
Microsoft's getting into the protection racket - um, I mean security
- and now they're going to make mp3 players. All of their partners
have good reason to worry. What's next? Will they decide to make
PCs too?
Posted by Macsaresafer (802 comments )
Reply Link Flag
Yes
If Apple becomes the number 1 PC vendor and starts selling more PC's than Dell--very unlikely and I don't think that's their goal--you can count on Microsoft entering into that market.
Posted by nmcphers (261 comments )
Link Flag
Stab stab, back stab stab....
Stab you in the back, that's what MS will do, to everyone one, eventually. I would never reveal too much to MS, even if I was their best Vendor.

No way! :- )
Posted by rmiecznik (224 comments )
Reply Link Flag
What is all this about stabbing?
If you have been stabbed by Microsoft, you should go to the police. Microsoft did not just evolve to a large company of no reason. Microsoft is not forcing, you or anyone else, in buying their software´s. People do not buy things they do not like. If they did, there would be no reason for anyone to propagate for something else that they would like. All this is very silly!
Björn Lundahl, Göteborg, Sweden
Posted by Björn Lundahl (253 comments )
Link Flag
Nice way to cripple win32 security overall...
Seriously - what was once an atmosphere of trust is now going to be a miasma of mistrust and competition... it's only going to hurt MSFT and the AV companies in the end, by making them less able to adapt and respond to new threats. Where there was once collaboration among peers w/ the OS maker, I believe that I'll see less and less of it now.

Glad I don't use Windows for anything I hold important...
Posted by Penguinisto (5042 comments )
Reply Link Flag
killing the golden goose
MS is killing it's partners every chance it has. It won't be happy until they have everybody's business. And it's clear their partners are pretty gullible, since they attended this conference. Stupid.
Posted by solomonrex (112 comments )
Reply Link Flag
The past holds the future...
...and the past would tell you that Microsoft started out as a DOS program that was bought and then resold on a licensing level. From that point on Widows was created. Not to mention that Microsoft just recently came out with Antispyware software that is nonchalantly loaded onto to people's computers via Automatic Updates.

So this is my question to all you VP's that attended this years meetings; are you actually that ignorant that you don't understand that the wolf allowed you into his den for a reason!

Not only am I a super tech guru, but I can smell a hustler a mile away. Microsoft consist of the largest organization of hustlers in the world!

So my advice to all of you in the security sector, maybe it's time to take a second look at Apple and increasing the security tools there, God only knows that Steve Jobs is busy working on a New Web Browser for Tiger and doesn't currently have the time for this feat!

~Justin
Tech01
Posted by OneWithTech (196 comments )
Reply Link Flag
They've already tried!
"So my advice to all of you in the security sector, maybe it's time to
take a second look at Apple and increasing the security tools there"

Mac users routinely laugh at their efforts. Right now, and for the
last five years, there have only been theoretical vulnerabilities for
OS X. Some day, there may be a real virus threat to Macs out there,
but until and unless that day comes, there's no point in spending
money on antivirus for your Mac.
Posted by Macsaresafer (802 comments )
Link Flag
Share so long as it's convenient for all of us....
I don't see what the big deal is... So Microsoft decided that it doesn't want to share any more internal secrets with security companies big deal... It's not convenient anymore there's nothing for Microsoft to gain financially from sharing so the partnership is broken. Every business in their right mind would do the same thing if they could to make a buck. I would not be surprised to see Google pull something similar once every website on the plant is lined with ad words and any other cool api they come out with. The fact that you base your entire business model on one company this being Microsoft was stupid to begin with.
Posted by brian.lee (548 comments )
Reply Link Flag
10 years from now
Anyone want to bet, 10 years from now they'll only be 1 Security company left along with Microsoft from today's confab? Any takers?
Posted by KTWinATL (10 comments )
Reply Link Flag
lol, 10 years
Apple will be here, no sure about MS.
Posted by rmiecznik (224 comments )
Link Flag
Microsoft: World Domination Inevitable...
Ah yes... Microsoft to rule the software industry...it is invevitable...
Posted by registereduser (175 comments )
Reply Link Flag
Fight hard Microsoft!
Fight hard Microsoft so we can buy effective security softwares. That is what we really want when we are not debating but going shopping. I understand that you have this insight.
Björn Lundahl, göteborg, Sweden
Posted by Björn Lundahl (253 comments )
Reply Link Flag
FUD FUD FUD
this story is nothing but FUD. Microsoft didn't have anything new to share since Vista is pretty much finished and they're very early in the planning stages for the next product.

Let's be clear: AV vendors are not exactly our best friends as consumers - doesn't it seem odd to anyone that the companies screaming loudest about the next "imminent threat" also stand to benefit the most when we renew our licenses for their software? AV companies have failed to innovate in this area, forcing Microsoft to step up and do so.

Weird how the Apple and Linux folks are so critical about Windows vulnerabilities and then so critical about Microsoft trying to do something about them.

-btw - load MAC OS or your favorite *nix distro on 90% of the pc's in the world and you'll find they have a few vulnerabilities too. Leaving your car parked in the garage and then claiming it never breaks down is a little disingenuous.
Posted by Hardrada (359 comments )
Reply Link Flag
Err, huh?
"[i]Weird how the Apple and Linux folks are so critical about Windows vulnerabilities and then so critical about Microsoft trying to do something about them.[/i]"

Such a blanket statement that turns out to be, well... wrong.

The Vulns? Yeah - but we're just as hard (actually, harder) about any found on OSX or Linux - esp. those which would be as earth-shakingly stupid as the boners that we've seen surface in Windows.

OTOH, hey - if MSFT wants to actually do something ab't it, great. OTOH, if they do it by alienating their own partners, well...

And if Vista is "pretty much finished" to the point where security discussions between MSFT and vendors are next-to-zero, then I fear for the data of millions of new Vista users - because from the looks of it, they will be rather ripe for the impending on-line raping.

[i]"AV vendors are not exactly our best friends as consumers - doesn't it seem odd to anyone that the companies screaming loudest about the next "imminent threat" also stand to benefit the most when we renew our licenses for their software? AV companies have failed to innovate in this area, forcing Microsoft to step up and do so. "[/i]

No argument on the first part - vested interest is vested interest. OTOH, the very existence of A/V companies shows that it MSFT who failed to innovate in the field of security, no?

[i]"-btw - load MAC OS or your favorite *nix distro on 90% of the pc's in the world and you'll find they have a few vulnerabilities too."[/i]

Funny, but Apache holds 80%+ of the Webserver market, and yet the majority of the vulnerable/compromised webservers were using IIS... In other words: QED, your argument doesn't hold water.

"[i]Leaving your car parked in the garage and then claiming it never breaks down is a little disingenuous.[/i]"

Again, I refer you to Apache vs. IIS.

/P
Posted by Penguinisto (5042 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.