Microsoft says McAfee 'inaccurate, inflammatory'

Wanting details on Vista security, McAfee says Microsoft is stalling. Microsoft says it has its own timetable.

The story "Microsoft says McAfee 'inaccurate, inflammatory'" published October 20, 2006 at 4:53 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

[extinctone]

Sooo

So what's new - bastards behaving like they always behaved.

[alan_06]

comment

Quote:
" Microsoft has put up a wall called "PatchGuard" to protect the 64-bit kernel from hackers. Security software firms say that keeps them out, too. "
So what the security firms are trying to say? Open the kernel to them and that would also open to the hackers???
I would say close all the doors to kernel. That's a better way to protect the system.

Recent security firms demands on Vista are all pointing to one aim. - "Dont make Vista secure. We can't do business."

[ralfthedog]

You can't close the door to hackers.

You can't close the door to hackers. You patch one way in one week, they will find another the next. Locking the police out just gives the thieves more time to pack up the silver.

Note: When I am talking about the thieves I am talking about hackers, not Microsoft, however, locking Microsoft out of the kernel might not be a bad idea.

[Maxwell Studly]

I wish Gartner Employed People who Understood the Entire Situation

"Gartner, a research and consultancy group, recommended that companies tell Microsoft they would not make a commitment to 64-bit Vista until a firm release date was set for the first set of kernel-control software."

It would be nice if Gartner understood the market they research and consult on. Gartner makes it seem as if the entire AV industry is up in arms about Vista 64 bit. The only companies making noise and complaining are McAfee and Symantec... long criticized for making absolutely horrid/bloated/unstable consumer version AV applications.

Every other respectable and highly regarded AV company, like Kaspersky, Eset, Avast, Sophos, etc all apparently have no issue with Vista 64 bit.

So what's Gartner's suggestion? Why it's for AV companies to NOT make a commitment to 64-bit Vista. Apparently Gartner didn't take into account what that would do to AV makers revenue. What Gartner should have suggested is," No other reputable AV maker has an issue with not having access to the kernel....McAfee and Symantec should get in line and make truly Vista compatible software or concede that they've fallen too far behind the competition to maintain their lead in the market."

[thedreaming]

What's really interesting...

What I find really interesting is that the patchguard is only available for the 64bit version of vista and not the 32bit. So my question is this: Why is Microsoft trying to keep out Symantec and Mcafee out of the 64bit version of windows? They seem to have no problem with them protecting the 32bit version, but the 64bit version is out of bounds? Why? Why not make the 32bit just as secure? Keep everyone out of the kernel! Make windows the most secure OS possible!

[ralfthedog]

legacy software.

Patch guard breaks too much software (Mostly drivers). Microsoft decided that they must leave 32 bit software open so people can run legacy software.

[jrbrewin]

drm

additionally, 64bit is out of bounds for drm protection purposes. Microsoft deems there to be no need for people to hook in to every part of the operating system, and they say that this is for security reasons. DRM is filed under security too.

[jabbotts]

if AV companies functioned in other industries

AV companies telling an OS developer to loosen security in the OS is like:

Fire Departments using contract firestarters to premote business in there industry.

Paramedics lobbying for legislation requiring all vehicles run with loosened wheel bolts to premote business in there industry.

Tobacco companies lobbying for "early branding" programs with primary schools to get the next generation hooked early.

AV to Microsoft: "We really love what you've done with Dos and everything up to DosXP but your Dos2007 is just too secrure for us. Could you build in some backdoors so our poor products and computer criminals can continue in the style we're accustommed?"

[jrbrewin]

a good comment...

...until the dosXP part.

[danm49]

Just say choice

Why not 'allow' Microsoft to offer a secure kernel version for organizations that don't want McAfee or Symantec here in the US or.... no, I got it, let the US Congress get together with the EU and write the specifications for Windows...wait, even better, let's ask France what to do and if we lose data we can blame de Villepin and eat freedom fries.

[Chung Leong]

Idiotic PR people

Do McAfee and Symantec have monkeys working in their Public Relations department? I mean even their concerns are legitimate, there is no reason to make them so public. Security firms, more than any other in the software business, trade on their image and reputation. People seek protection from those who're perceived to be strong. Whining in public is certainly not the way to project that image.

Your average Joe won't understand the technical nuances of this story. The message he'll get is that McAfee and Symantec products won't fully protect his Vista system. Great job, monkeys!

[chrismgtis]

No Kernel Access

Either way Mcafee nor anyone else needs access to the kernel. If MS is making steps to protect the kernel than no one needs access to it. Mcafee and Symantec will only need to change their strategies for protection. The kernel will not be a factor anymore if it is "protected".

I've had no respect for Mcafee or alternatives in years. I haven't used Mcafee in probably 10 years. When you can download free software that does a more efficient job, uses less resources, is less intrusive and annoying and doesn't force you to pay an update subscription (not counting the retail cost of the software) every year, you realize how very bad and low quality Mcafee software is.

[FutureGuy]

If I were MS..

I would cut the prices of Microsoft's AV offering to a price at with McAfee would go out of business. McAfee has got corrupt to its core I would not at all be surprised if they actually finance the virus writers.

[Sboston]

Not a good idea I think.

You think the AV childern are crying now? Just see waht happens if MS tries that.

When my norton av expires this time, I'm going elsewhere and it won't be McCaffe.

[john55440]

McAfee In Disarray

McAfee is in the middle of a stock options scandal, the company President was fired, the company CEO retired before he could be fired, and the McAfee 07 line of consumer products was a bugfest-disaster.

It's all Microsoft's fault! -lol

[larrymadill]

Mac OS X Comparison

From my understanding Mac OS X's kernel has been locked down since the software came out. Yet Symantec still makes AV software for OS X and Mac OS X still remain secure...Although doubtful if they sell that many units.

So what's the problem? Other than Symantec and McAfee are actually going to have to redesign their software for the first time since maybe 2001? And that (however unlikely) virus attacks on Windows might decrease, decreasing the need for AV programs in general?

[Sboston]

Thanks!

That was refreshing Larry. :)

[thecatch]

IT WILL BE HACKED...

I work in the buss. of core products. I asked my systems guy,
(because I have been following this issue closely and I was very
curious), how long it would take to hack the Vista kernel. He told
me, a few hours and no less then and 8 hr. working day.

He's one of the best kernel programmers in the world. I know
this because I did due diligence on him six years ago, when I
took the job of becoming his boss. Yet he's not the only great
kernel programmer in the world.

Microsoft is flawed, because they didn't start out with much
concern surrounding security & design. So they bloated out.
They are basically a GUI software corporation, not a kernel, or
for that matter any other computing programming feature type
of operation. They just don't design or program well in
Redmond.

But since they want to get into the business of security, which is
insanely astonishing being that they produced the unsecure
commodity, they need to have the advantage to market. And
they are taking that advantage by locking out not just the little
competitors, but the big guys as well. And the big guys are
********, because they represent billion dollar public
corporations with shareholders to answer too.

It will be hacked. The competitions gripe is sound, regardless if
it's all about the bottom line in the first place. Reality is the
software should have been secure from day one, MS open the
door a long time ago, so their defense is very weaken.

[Seaspray0]

The beta is available, Give a try

Actions do speak louder than words. The beta is available now. Please download it and have your systems guy hack it for us. It will only take a few hours, right? If not yours, then someone please download it and hack the core. And sitting at the console with admin rights isn't how an internet hacker would do it; hack it remotely without being given the password to an admin account. Given that it will only take a few hours, you should easily have it hacked a week from now, right? You have been challenged.

[Pauldsu]

Trust Microsoft!

Microsoft will be hack reguardless and their security is a joke.... It's more like they're trying to get the upper hand on security market with the new OS. In the end customer lost because they have less to choose.

[LKLINE432]

Anti-Virus software as a whole...

Sorry, but from my 30 years of system level development, every piece of software produced is "broke", I don't care if it's written in Algol, Snobol, Cobol, C#, Java, Ruby-Rails, whatever, it is flawed and will be hacked.

Microsoft, Linux, Mac OS, whatever, have the above problem. I don't care who the "best" in the game, they all can be hacked, when someone decides to get around to it.

Microsoft's major problem is FEATURE BLOAT, they just can't say NO to each and every new widgit, piece of crap technology that comes out of a college/university or business office. 95% of the stuff produced today is crap and outdated within 3 months.

The concept of a true micro-kernel that locks everything out with all drivces and applications runing in a true protected area, is the only solution I can think of. But it won't happen, people get stupid and hire the next goof ball who wants to put a new feature into the kernel to support the next bullet idea from marketing and there it goes down the drain.

[thecatch]

We are not in the business to HACK..

but believe me my guy could do it, and so can many others.

And like LKLINE suggested, having a nicely designed micro-
kernel is a good start, but Redmond won't pull it off.

YOU CAN NOT CREATE A MASTER-PIECE WITH 5-10 THOUSAND
PROGRAMMERS WORKING ON THE SAME PROJECT. This is MS's,
and for that matter, all the big players problem back at the shop.

It really is that simple to understand, if you had 5000 chefs
make you dinner, there is a good chance it would come out cold
& suck. Cold because they all wouldn't agree it was done
properly. Lousy tasting, because 5000 people tried to put their
own special spin on it.

To many cooks in the kitchen spoils the broth, to many
programmers in the lab creates bloat. And MS is a GUI shop,
that's their claim to fame. A few years back they should have
brought in Wolfgang, Alice, Mario, Jague and even an Emeril
level of a programmer to help them with the kernel.

But they didn't, they just let it grow and grow. Have you ever
checked out the amount of code that goes into a patch? An
insane strategy that they know has to stop.

When you program with the thousands you get bloat & poorly
written code, a clay model clumped together. And worst yet,
even if you try to make safeguards in the process, you can never
go back and easily fix the wrongs in design. And Micro-kernel
for multi-core play is serious stuff.

Microsoft will not do it. We are not in the business of hacking,
but we are in the business of creating UNDERWARE SOFTWARE.
You read it here first, it will bring to the party everything that
was missing the first time around, some 30 years ago when this
all got started.

A lot is going on right now, and when chip-makers start making
more software then the software guys, it gets pretty obvious that
things are finally meshing together, UNDERWARE.