Symantec, Microsoft cooperate on security

Antivirus specialist Symantec has joined a security organization alongside Microsoft, despite having previously come to very public blows with the software giant over its willingness to share security information on Vista.

Symantec and Microsoft announced Tuesday at the RSA Conference Europe 2007 that they will join the Software Assurance Forum for Excellence in Code (SafeCode), a not-for-profit organization aimed at increasing trust around IT. Other members include EMC, SAP and Juniper Networks.

Commenting on questions about the recent argument between his company and Microsoft over Vista application programming interfaces (APIs), Ilias Chantzos, Symantec's government relations manager for EMEA, said that the two organizations would cooperate in SafeCode to benefit customers.

"We have a multifaced relationship with Microsoft, and we are keen to work with them. That will ultimately benefit our customers. I see this relationship as complementary rather than competitive," Chantzos said.

Last year, security companies, including Symantec and McAfee, complained that Microsoft had locked them out of the Windows kernel. The security companies claimed that a kernel shield developed by Microsoft, called "PatchGuard" and intended to stop hackers attacking 64-bit versions of Vista, blocked their security products too.

Microsoft eventually agreed to provide security companies with access to the 64-bit APIs but didn't actually provide access until two months after it had officially relented.

Microsoft had long maintained that a complete lock on the kernel would provide the best operating system security and stability, but it made concessions in response to antitrust concerns raised by officials in Europe and Korea.

SafeCode is being headed up by cybersecurity expert Paul Kurtz, who was one of the founding members of the Cyber Security Industry Alliance and a former White House National Security Council and Homeland Security Council member under Presidents Bush and Clinton.

Kurtz said that the organization is the first global industry-led body aimed at the development and delivery of more secure and reliable hardware software and services.

"Where are the best practices? Everyone talks about them, but how do you find them? SafeCode is going to bring those best practices into one place so that government, consumers and businesses can make best use of them," Kurtz said.

Kurtz added that SafeCode will be assembling an advisory group of government leaders and critical infrastructure operators from around the world to help with its mission.

The organization will be funded via a $50,000 membership fee levied on each of the members, Kurtz added.

"We want to be seen as an organization that government and industry can turn to and say: 'Can you help us with this?'" Kurtz said.

Andrew Donoghue of ZDNet UK reported from London.

[Dragon Forge]

Well at least it keeps them off the streets at night

And to what great benefit...

Once upon a time norton/symantec could be the fall back standard to ensure pc protection, something that they have steadily "evolved" away from.

Once upon a time microsoft was secure and not the target it is today, something that they have never looked after properly.

Given that vistaless is not a new o/s built from the ground up as professed, and actually is weaker security wise, all components factored in, and that they sell a 'premium'[less] security service at extra cost that has never done much of anything to benefit the user - where in the heck did anyone ever get the idea that microlimp ever knew anything about security??

So 2 witless hulks groping each other blindly for a marketing strategy to convince someone they have a clue - makes me run headlong to anyone but those 2 poor purveyors of puffy programs.

[technewsjunkie]

Like Symantec had a CHOICE

Same old History, repeating itself.

[jerrymerfeld]

How valuable will SafeCode be?

I don't really agree with the following comment Kurtz made:

"Where are the best practices? Everyone talks about them, but how do you find them? SafeCode is going to bring those best practices into one place so that government, consumers and businesses can make best use of them," Kurtz said.

I expected more from a well known security expert. Since he didn't say it, I will. No one should ever rely on one single source of information, especially when it comes to information security. Research must be done, and tests must be conducted to validate research.

SafeCode may become a very valuable addition to our resource libraries but it should never be a replacement.