Rivals skirmish with Microsoft over Vista security

(continued from previous page)

Microsoft agreed that multiple security consoles on a single PC could confuse users, especially different information is displayed, but said that this is an argument in favor of funneling all security software management via the Windows Security Center.

"It is a fundamental lack of clarity for the user," Toulouse said. Microsoft's dashboard is "neutral" and "vendor agnostic," Toulouse added.

But Symantec and Check Point chuckle at the notion that Microsoft is neutral. For example, both companies doubt it is a coincidence that the company added an anti-spyware category to the Windows Security Center only after it introduced Windows Defender, an anti-spyware tool that will ship as part of Vista.

"Who is Microsoft to define the right way to think about security?" asked Laura Yecies, general manager of Check Point's ZoneAlarm division. "Microsoft does not have the track record or expertise in this space. They have not earned it."

Best view
McCorkendale said Symantec's own security center will give its customers the best view of the status of Symantec products, so people should have the option to use the Symantec dashboard instead of Microsoft's. "Customers should be allowed to choose their security product suites and therefore the security console to go with them," he said.

Symantec's console is called the "Norton Protection Center," and Check Point has a management console in ZoneAlarm Internet Security Suite. McAfee, one of the top players in the consumer security space, also has a security console. Trend Micro and CA declined to comment.

Competing consoles

Microsoft's Windows Security Center will appear in the Vista update. Here's a list of rival technology, which ships in the maker's security suite product.

McAfee: McAfee SecurityCenter

Symantec: Norton Protection Center

Check Point: ZoneLabs' ZoneAlarm Security Suite management console

Trend Micro: PC-cillin Internet Security console

Michael Cherry, an analyst at Directions on Microsoft, also questioned the software maker's neutrality when it comes to Windows Security Center, wondering whether Microsoft's developers would respond quicker to a request from the OneCare team then to Symantec's Norton AntiVirus team.

"I am not comfortable yet that that information is being shared equally and that all partners are equal partners," Cherry said. "It is only neutral when they can prove that OneCare, or Windows Firewall, or Windows Defender does not get a more favorable review or a more favorable access to technology."

There is something to be said for a central point in Windows that has security information, Cherry added. But if a user picks a third-party security suite, that product should be able to turn off Windows Security Center, he said.

"If I choose to use a third party's tools, then I would want to use a security center from them. So I'd be much more comfortable if Microsoft's could be uninstalled in favor of the one I want to use," he said.

Restricted Vista?
Symantec, Check Point and McAfee also argued that Microsoft's Windows Security Center risks giving consumers a limited view of security.

"If we were to just cede the dashboard console view of security to Microsoft, we could only talk to users about firewalls, antivirus and anti-spyware," Symantec's McCorkendale said

Check Point's Yecies said that Microsoft's console looks at security with blinders that are surprisingly convenient to its own product lineup.

"The modules, as Microsoft has currently defined them, are incomplete in an environment of zero-day exploits," she said. "Setting up those terms really limits the view consumers have about what is possible and potentially what they need. It might lead a consumer to think that they are fully protected, when in fact they are far from it."

But Natalie Lambert, an analyst at Forrester Research, argued that Microsoft is helping PC users. "The Windows Security Center is helpful, it really does provide a quick view into security," she said. "Consumers need to have security handed to them on a silver platter."

Vista is the first major update to Windows since Microsoft shipped XP in 2001. Back then, Microsoft was not a player in the security arena, and things went much smoother, McCorkendale said

"It is really hard work and we have had to be very, very persistent and over a very long period of time, which is different from how we used to work with Microsoft before they got into the security space. They have really changed the rules of the game; we used to have a lot more pleasant dialogue," he said.

Ultimately, Symantec hopes all the differences can be resolved nicely, McCorkendale said.

"All our concerns are about consumer choice. Consumer should be allowed to choose their security solution and if they are not allowed to make that choice?you risk a monoculture in security, which reduces innovation and diversity."

[sanenazok]

Vendor "Agnostic" NEVER

The first thing the console will say is Windows (R) Security Center (TM) and both are registered marks of MSFT. If Norton or McAfee don't want that to be written on their product status pages then they should be able to. Forcing the consumer to turn off the MSFT stuff manually is just a pointless hassle.

[eBob1]

Not pointless

It is not a pointless hassle to force the consumer to turn off Security Center manually. What if I would rather use Windows Security Center over what Norton or McAfee provides? At a minimum, the option needs to be there. Personally, I prefer to use Windows Security Center over Norton's so that if NAV is compromised, the Security Center has a chance of catching it. The security center in Windows XP seems to integrate well with Norton and AVG. I am not sure why this is even an issue.

[bettencourtt]

Be Fair on this....

Why don't some of you approach Honda Motors, make sure you DEMAND that you be given a FREE way to put YOUR brands on it. Make bloody well sure you file lawsuits over their refusal to provide you, FOR FREE, with complete blueprints so that you can manufacture and replace all the locks, dials, wheels, etc. AND, to reject thier parts from the factory without giving your end-purchaser an option.

Seems to me that NO OTHER INDUSTRY is forced, under point of the judicial gun, to expose it's complete secrets, to give competing companies (AOL and/or Netscape on the desktop instread of MSN & IE.) the RIGHT to rip out parts of a product in favor of it's own, and to have to submit for jusdicial approval almost ANY additions/improvements to a product that may add value and convenience to the consumer.

I say we SUE General Motors tomorrow for refusing to allow me to replace their engines with FORD engines, and still DEMAND that they fully warranty the vehicle.

Sounds silly applied to other industries, yes?

[Captain_Spock]

Since....

... "Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate..."; keep this up and don't allow users to focus on the business at hand and all these companies (Microsoft, Symantec and all) will soon see how quickly "disgusted" users will find alternative solutions like IBM's OS/2 Warp and Linux. Duh!

[FutureGuy]

Yes, then my virus could also turn it off !!!

It?s over Symantec, pack up and go home. Symantec and other so called security firms are desperately trying to keep Vista unsafe. If MS open up an API to turn off security features it will not be too long before someone writes a virus that would do the same, which by the way is exactly what Symantec wants, more viruses more money. Looking at the way they are dealing with this I wouldn't be surprised if they actually sponsor those virus writers. This virus is brought to you by Symantec, pay us or get screwed!!!

[wbenton]

Make it sound like Symantec is the culprit?

>>>Symantec and other so called security firms are desperately trying to keep Vista unsafe.<<<

You make it sound like Symantec is the culprit here.

Sure you mentioned others, but you only named Symantec.

What about NetScape? What about Sun's Java, What about WinZIP? What about ZoneAlarm? And what about ALL THE OTHER products which Microsoft continues to trample on?

Are they ALL out to weaken Microsoft? (* ROFLOL *)

On the other hand, what about Apple? What about all the Linux flavors? What about Unix? What about all the other Operating Systems out there?

Are they LESS secure because they don't included other applications with thier operating system?

The inherient flaws in Micrsoft are not that the Operating System doesn't have pre-installed security on it... but the flaws are in the Operating System itself.

Even with Microsoft's Firewall and AntiVirus software and any other security contraption Microsoft wants to include... they still ahve a very security-wise weak operating system.

And every application they bundle on top of that insecure operating system just adds to the number of security flaws of their product.

The END USER should be allowed to determine what applications they want to run and what applications they don't want to run.

For the ones they want to run, they should purchase them separately and install them separately just like the rest of the world's oeprating systems!

Likewise, Microsoft's approach runs counter to C2 security which states that ALL unnecessary applications and protocols should be stopped. For those using NON-Microsoft security products... we must go in and uninstall all of Microsoft's pre-installed crappola to make our systems C2 security compliant!

So if you want to continue bashing Symantec... then (* LOL *) but you're barking up the wrong tree!!!

Walt

[mariusthull]

They should play MS's game

When a virus is found they shouldn't share any of the details to the fix with MS. If Microsoft what's the cure for the virus Symantec and McAfee should charge them for it.

[Heebee Jeebies]

Well personally...

I would rather see Microsoft stick to its guns so that no matter what system you work on with Vista running the security information and controls are the same. If Microsoft allows the other vendors to so what they want then each security program will do something different, clutter it, suck the life from your computer and all of the other things that will make it a living hell. We all know for example how poorly Norton's products work, we don't need them messing up the security center too.

Keep it simple, keep it similar and keep it from sucking the life from our system.

Robert

[Captain_Spock]

Since, according to this article....

... "Microsoft and its security rivals are feuding over a key piece of Windows Vista real estate..."; keep this up and don't allow users to focus on the business at hand and all these companies (Microsoft, Symantec and all) will soon see how quickly "disgusted" users will find alternative solutions like IBM's OS/2 Warp and Linux. Duh!

[gggg sssss]

OS 2 what

Not sure that you can still stick those 720 kb diskettes into anything that will be sold to run Vista.

[cary1]

What is OS/2 ??

never heard of it! is it an operating system?

[brian.lee]

This sounds familiar...

Oh right remember a company called Netscape??? "browser wars" all over again?

"software giant has a built-in advantage--one"

[aabcdefghij987654321]

Incompetance killed Netscape

Netscape had a mindshare that MS couldn't have broken with IE alone but by failing to update their browser for years and they let the market outrun them and lost their crown.

This is a product category that MS should have made their own a long time ago. Given that there are inevitable bugs in code, louts and unscrupulous people will write exploits and that regression testing a proper fix takes a lot of time MS should have been providing this kind of software to protect against known and unknown exploits years ago. Securing their own OS is a thing MS should be doing instead of leaving it to the user to find someone else to do it.

[NerdPatrolAJ]

The noose is tightening for Symantec

As a PC service professional...I welcome the demise of Symantec in their role as PC security provider. Its only my opinion, but Symantec is more of a problem than a solution. They've enjoyed the limelight, and rested on their laurels, letting their products become increasingly more problomatic, intrusive, and error prone than even file sharing clients. If I get a PC in the shop that doesnt start, and it has Nortons on it..99% of these problems are resolved by removing their(Symantecs) software, and miraculously..the PCs start fine. Some of their other products work fine..Ghost for example. I am a full time anti-Norton advocate...and have yet to have a customer complain when replacing Nortons with Kaspersky. And to take it even further..I have suggested to some of my attorney clients...that it isnt too far fetched to possibly seek punitive damages against Symantec to recoup repair bills caused by their products. Can anyone say "class-action"?

[Galt]

Not just Norton's

You may want to include McAfee as well. I for one am tired of all the apps needed to protect a customers system, and 90+% of those don't have a clue regardless. When Vista sets up, Virus protection is of course missing, and they recommend Trend Micro, however AVAST has just upgraded their FREE home version as well as the Professional Version to work flawlessly with Vista and that's with all 7 full shield protections, and Vista security intact.

[als]

Have to agree

Symantec products are pure crap, the worst written, worst designed, biggest steaming pile of crapware a user could ever install their pc.

[wbenton]

Problem is much bigger than Symantec

As a security professional, I despise Symantec's Norton security products, but I despise them less than Microsoft's security products.

The only reason Symantec became so popular with the CPU and memory hogging security tools they offer is because they were riding on the Microsoft bandwagon.

But as much as I dislike Symantec... they are a security provider. And they are no longer riding the Microsoft bandwagon because Microsoft has kicked them off just like they kicked McAfees off in the past.

Bottom Line: Riding Microsoft's Bandwagon relinquishes a vendor's need to stay sharp and keep towards competition because they're being delivered as a de-factor standard on all shipped Microsoft pre-installed products!

That is anti-competitive for those not riding the Microsoft Bandwagon.

Thus Microsoft stifles their competition by keeping the one's they're interested in close at hand for starters (while pulling them around on the Microsoft Bandwagon) long enough for Microsoft to wean off the information/technology they want/need to come out with their own competitive product. At such time, Microsoft kicks them off of the Microsoft Bandwagon and replaces their own product on that Bandwagon continuing to be anti-compatitive to those not on the Microsoft Bandwagon.

It's just a repeated repeated repeat of Microsoft history all over again, and again, and again.

Why people continue to put up with Microsoft's anti-competitiveness is totally beyond me.

Walt

[john55440]

Symantec, McAfee - Whining & Incompetence

Symantec's real problem, is that they have zero customer loyalty, due to the low quality of their products.

As for McAfee, a recent IDG News Service article states "McAfee has apologized to users for bugs in the company's new line of client protection software, released last month."

Do we really want these incompetent clowns screwing around with the Windows Vista Security Center?

[sandkicker]

let em whine

Agree, Symantec in the last 2 years with NIS2005 and NIS2006 suck. Issues caught by their built-in error reports have no solutions on their web site, yet you see people with the same issues on the usenet/newsgroups. Those of us still on dial-up spend hours reloading NIS to resolve issues.
McAfee which I haven't tried in 6 years was so bloated it slowed XP.
But I guess its to be expected, big companies with over paid execs and to few talented support staffs.
After 5 years of symantec its time to switch.
as to their complaint, a security system works with a op system, it doesnt control it. an example: if you need to do a restore on xp, you have to turn off the "symantec protection first"

Guess I just feel like complaing today

[p.shearer]

anyone want to buy a memory manager?

Where was the EU and antitrust people back during the early 90's. Due to their inattention consumers no longer have worry about purchases a memory manager seperate from the operating system!

[alegr]

Poor Trumpet Winsock

And remember that anti-competitive inclusion (for free!!) of TCP/IP to Windows 3.11 killed Trumpet Winsock.

[Seaspray0]

as well as

Lets not forget the addition of the following to the operating system... text editor, sound recorder, sound player, terminal program, calculator, web browser... all these items did not exist in the operating system at one time. Technically, you CAN call them applications since they have no direct bearing on what an operating system was originally intended to to. Today, every OS has them. It looks like microsoft is intent on integrating another application into the OS. McAffee and Norton are going to scream bloody murder because this is their lifeblood. Is it going to stop it? Not likely. How many companies exist today that write memory managers or text editors?

[technewsjunkie]

Trust Microsoft? Jumbo shrimp.

"By imposing the Windows Security Center on all Windows users,
"
That's Monopoly power, abuse of it, and not fair competition.
Wasn't this supposedly resolved in the Antitrust trial that
Microsoft lost? The remedy review/oversight was just renewed
for a few more years, right?

That first quote sounds like what Mac users have said for years.
When it hits your own home, that's when people get a different
perspective.

This is Antitrust all over. And we thought they were kinder and
gentler. Remember, they are responsible for a large part of the
security problem themselves. So now they !@#$* somebody else
to aleviate

[mcepat]

monopoly and security

sorry but trying to keep your software secure is not being a monopoly

Are you trying to say keep it unsecure to allow competition?

[kmashraf]

Windows? Security?

When has Windows been secure? No one has been able to make Windows secure not even Microsoft themselves. The problem is the Windows is a insecure 'product' from ground up. I believe 'Vista' would also follow the same tradition of Microsoft Windows products where users have to waste an enormous amount of time in making sure that their 'product' is not going to be taken down by viruses, worms, malware, spyware crackers etc.

[mcepat]

lets make it insecure then

by allowing them to open it up to crapware like norton and symantec

maybe if microsoft is allowed to fully control security we would get a secure product?

tell the other vendors sorry but no thanks we can handle it

[catch23]

I run secure Windows machines

Because while the defaults suck, it is actually fairly easy to lock down a Win2K or XP box. Because most don't bother, that means it is insecure 'from ground up'? Have you seen the source code? Have you ever taken a course in CS?
Thought not. Run along little child, stop spouting garbage that you don't understand

[aabcdefghij987654321]

Ignorance is not bliss

You said "The problem is the Windows is a insecure 'product' from ground up. "

That's flat wrong and only shows how little you know. Windows NT which all current versions of Windows were based on was written to be very secure from the ground up. It's not the underlying foundation which is insecure, it's all the myriad APIs and the rest which sit on that foundation which have provided so many areas to exploit. The underlying foundation for Windows was actually designed to be more secure than Unix and if they hadn't had to make the system backwards compatible with the older Dos based Windows that security could have been built on to make a truly secure OS. Think of it as lost potential.

[mcepat]

I don't blame Microsoft on this position at all

Most and I say most users do not care how eleborate the security features are, they just want to be protected, and the windows security center will provide this information.

Have the third party vendors just plug into that, thats really all that is needed?

Have you ever seen any of these product suites running fully on a system? Talk about crap bugging the user every 2 seconds saying you need to update or firewall risk please allow, firewall risk please allow.

Its all crap, most users just end up clicking anything that pops up.

Nope sorry but the future of windows security is to have it be simple, non obtrusive and just work.

Red is bad
Yellow is check
green is good

That is all that is needed

Please Microsoft, stand your ground on this and repel the crap overly controlling totally irrating way of handling security

simple is bliss

[cary1]

McAfee on my Dell

Two months ago, I purchased a Dell laptop for my cousin. I got a chance to use it for three weeks and those were the worst three weeks of my computing experience in last five years

This model came preinstalled with a trial version of McAfee security center. Every time I started the computer, it would show a startup screen, would take more than a minute just to load all it's services and would show a warning message every few minutes.

Every time I wanted to disable it, I got a message that I have to register on McAfee website first! Why? Will this give me personalised protection according to my surfing behaviour? I didn't register because it was not my laptop and I had it for few days only, but those popups became annoying day by day.

The worst part was that it managed to get infected by a trojan despite the elaborate services. Finally, I had to reimage it using Dell's built-in norton ghost image.

Whatever the software people use, it should be helpful, not obtrusive... It should not force people to register for no apparent reason, shouldn't slow down my system, during startup or otherwise.

I use a corporate edition of NAV 9 and didn't have a virus in three years since I started using it. I have seen pop-ups only 2-3 times till now, when it found some virus in email attachments. I'm not saying it's the best product to have, but it is much better compared to the fancy software that is sold for home users.

[H Voyager]

mono-genome, mono-pathogen

If everyone is the same, everyone gets the same flu. If Microsoft is the core provider of security software, then any hole it has, will be a hole everyone will have.

Simple as that.

Yea, I'll probably get Vista, and I'll probably use MS defender, once Zone Labs folds, just because I want a 64 bit system, though probably not on release day; to blasted expensive to afford it just yet.

[BigTreeMan]

No security

Of course it doesn't matter which security product you use the problem is the underlying operating system. And don't say XP say Win2000, you are still working on a 6 year old platform and dare I say there are now more problems than back then. The extra complexity and size statistically introduces more security holes. You are all trying to make money pulling the wool over the customers eyes. Get honest and port all the useful applications over to Unix based OS's http://www.codeweavers.com/support/ and we'll remember the "security" corporations as a joke of the past.

[solrosenberg]

Crapware be gone

One of the reasons Vista has been delayed is Microsoft completely re-architected their software engineering process around security. Anyone who thinks MSFT isn't taking security seriously isn't familiar with MSFT's SDL or lacks the technical expertise to understand it.

The bottom line is the vendor in the best position to secure the OS is the OS vendor. Now that MSFT has finally decided to do that, crapware security vendors need to find a new business model.

[stevejobless]

Lack of understanding...

"The bottom line is the vendor in the best position to secure the OS is the OS vendor. Now that MSFT has finally decided to do that, crapware security vendors need to find a new business model."

That statement just shouts out "I have no idea about security!!!"

One of the most basic ideas behind securing any system is that nothing is secure and everything changes. To harp on about how secure an OS and how "crapware security vendors need to find a new business model" before it has even been released shows a real lack of technical expertise.

A OS vendor who is serious about security would concentrate on securing their underlining OS before wasting time and resources duking it out on firefighting products and gimmicks such as their "Security Center".

[mcepat]

I second that crapware be gone!

stop confusing simple users with pop ups every 2 seconds, firewall decisions every 2 seconds and take up half the machines process

red is bad
yellow is check
green is good

Thats all we need, simple, simple

[stevejobless]

The bigger picture...

Good lord, this is more then about Microsoft V {insert hated/loved company name here}, this is about your rights as a consumer to choose to use what you wish to use with minimum effort.

Your average Joe wants to be able to install their preferred security software and have full access to its functionality with minimum effort.

If Microsoft force you as a user to use their interface then they are restricting your choice. You should be allowed to choose what you wish to use. I fully understand that companies such as McAfee et al are fighting for their corner and not us as the user, but if the end result is more choice for the consumer then that in my opinion is a good thing.

Before all of you {insert company name here} fan-boys/haters have a go at whats going on here think about yourself as the paying consumer first.

[Brian Grover]

You can turn it off

You can turn off the Microsoft Security Center if you want to. What the security companies are complaining about is that *they* can't turn it off.

[Seaspray0]

Well said

I agree whole heartedly.

[imacpwr]

It's Netscape all over again...!!!

May the antitrust suits commence..

[mcepat]

securing your OS is not a monopoly???

I said it before and will say it again

if security can be a monopoly by trying to make you OS as secure as possible by not letting crapware access to vital areas then are you suggesting Microsoft leave holes in there OS in order to be competitive?

Do you really think that if they did and a virus managed to get by and it was AV vendors fault that anyone would listen to that? They would not they would say Vista is insecure! When in reality its the AV

Both symantec and mcafee and trendmicro have let hundreds of viruses by there defenses, its well documented

[Bush.Sux]

Microsoft = Insecurity

MS operating systems are good, but they still SUCK at security. The more MS competes with security firms the less secure their operating systems will be. It's in the consumer's best interest not to let MS make that decision for them.

There are enough bugs in all MS software to feed every venus flytrap in the world for the next 100 years. Why would you want MS to protect your personal information from theives when all they do is buy out the court system and politicians everytime they have a legal dispute. Does that sound like security to you?!

[Seaspray0]

learning by doing

By doing security, perhaps they will learn better security. The are possibilities to be positive about. It would place microsoft employees on the front lines of the battlefront against viruses, spyware, etc., feedback from those employees to other aspects of microsoft (such as updates, patches) would be quick and direct, and microsoft might actually become more aware about security and do a better job of implimenting it in their new products. It also gives competition to the established security makers (competition=inovation).

On the downside, it could reduce consumer choices should it eliminate McAffee and Norton as security alternatives.

[Europodboy]

WHY??

Seriously guys....Why do you put up with all this crap?
I have used Macs for the past THIRTEEN YEARS (My company
employs 700 people - turnover £40M) and I have NEVER, repeat
NEVER, had a single virus or piece of malware.

When is enough enough?

[bettencourtt]

Read the Story..They DO provide a choice.

Siobhan MacDermott, a spokeswoman for McAfee. "Ultimately, it's something the consumer should decide, not Microsoft."

What a stinking hypocrite. He wants the ability to take my choice away by turning off MS's product, and turning his on. Probably, without teling me that they are going to.

Yes, you are absolutely right, Mr. MacDermott. THE CONSUMER should decide, not Microsoft, and NOT MCAFEE, and NOT SYMANTEC.

That is exactly why MS gave THE CONSUMER the ability to turn it off. ME, and ME ALONE. Not you. If you want to recommend that I use yours instead of the MS version, then ASK ME FIRST, and IF I click <YES> then, ever-so-helpfully, provide step-by-step instructions on how I might go turn it off, and yours ON.

By golly, that actually DOES provide us a choice, doesn't it? But Mr MacDermott would have that choice he is bleating over taken away from us. What a stinking, no-good, snake-in-the-grass, yellow-bellied, shiftless, beady-eyed, four-flushing, HYPOCRITE!!!!

[David Arbogast]

YeeeeeHaaw!!!

<<What a stinking, no-good, snake-in-the-grass, yellow-bellied, shiftless, beady-eyed, four-flushing, HYPOCRITE!!!!>>

By golly... if you are going to participate in name-calling, GIVE 'EM HELL!

LoL... that cracked me up... thanks.

(I do agree, BTW)

[Mendz]

100% Agree!!!

Says it all... Very well said... :)

[HecticDialectics]

Co-Sign

Agreed.

[news_reader]

This guy gets it.

Well said, and bonus points for comedy.