The Netscaping of Symantec and McAfee: Insight - Security

Vendors Symantec and McAfee have looked into the future and don't want to become the next Netscapes.

In 1994 there was one very good Internet browser: Netscape. Created by several members of the team who gave us Mosaic, one of the first browsers, Netscape was immediately successful as a commercial enterprise. Microsoft, realising late that it had failed to seize upon this thing called the Internet, hastily created the Internet Explorer browser and began bundling it with later editions of Windows 95 and, subsequently, with all versions of Windows.

Steadily, Internet Explorer came out of nowhere to dominate the browser landscape. It did so not through innovation but by recognising that people are lazy -- IE came bundled within the OS, so no downloading was required. And as organisations worldwide adopted Windows 98 for the office, workers grew used to seeing internal Web sites developed for IE, and people simply started using IE at home. (Okay, there are many more reasons why IE ultimately beat Netscape, but bear with me...)

I mention Netscape because, if you believe Symantec and McAfee, a similar situation is about to unfold within the security industry. Microsoft, again recognising late that it had failed to seize upon this thing called security, is now about to bundle its own security solutions within Windows Vista and further enforce new security policies that lock out some third-party security solutions altogether.

Vendors Symantec and McAfee have looked into the future and realised that people may one day speak of them in the way that we now speak reverently of the early builds of Netscape. This time, history's on their side; court cases and commissions have found Microsoft guilty of antitrust violations, and the security vendors are now using these to argue their point. Unfortunately for Symantec and McAfee, time may have already run out; Microsoft is ready to ship Vista to manufacturers within the next few weeks.

Petitioning the EU
In recent weeks, vendors Symantec and McAfee have gone public with what they've been saying in private for months: that Microsoft deliberately withheld information about its new security features to put the vendors at a disadvantage. In a recent full-page ad in the Financial Times, McAfee laid out its specific complaints. Last week, representatives of both Symantec and McAfee were in Europe to argue their cases in person.

In recent weeks, vendors Symantec and McAfee have gone public with what they've been saying in private for months: that Microsoft deliberately withheld information about its new security features to put the vendors at a disadvantage.

Why Europe? The historic US antitrust decision against Microsoft in 2000 was largely watered down by a 2004 Justice Department final settlement that did not break up the company (as originally requested) but did ask that Microsoft make the APIs (Application Programming Interface) for its Internet Explorer browser available to rivals. By then, Netscape had already been sold to AOL and its team of programmers more or less gutted.

Thus, the EU is perceived to be a much friendlier environment for security vendors. In Europe now, Microsoft is battling the EU commission empowered to monitor the company's current activities. The EU commission says that Microsoft needs to address some 79 questions the commission has regarding Windows Vista, but Microsoft claims it needs more specifics from the commission before it can answer -- likely a stalling tactic. The EU has already slapped Microsoft with a US$375 million fine for not following its historic 2004 antitrust ruling regarding Windows XP. Symantec and McAfee are hoping that the EU sides with them on Windows Vista.

Windows Defender
As recently as last week, McAfee and Symantec said that they haven't received the APIs for Windows Defender, Microsoft's free antispyware application. At issue here is whether Symantec and McAfee can turn off Windows Defender in favour of their own antispyware technology. I don't really see a problem here because, while there is no agreement among the security vendors as to what is and is not spyware, I recommend having at least two antispyware applications running on your PC, one being the free version of Windows Defender. But the issue is larger than this single application.

Symantec privately alleges that Microsoft is with holding API information to delay its own Release to Manufacture versions of their software. If Microsoft ships Vista code to hardware vendors at the end of November, then Symantec and others must have their own Vista-ready security products ready to ship to their OEM hardware vendors at the same time. Without the APIs, that's impossible.

Symantec and McAfee are hoping that the EU sides with them on Windows Vista.

Security Center
The core issue, however, is over which security centre should dominate your PC. Currently, Windows XP provides its one-stop Security Center for configuring your Windows Updates, antivirus, firewall, and antispyware, informing you in a pop-up message or a taskbar icon if one or more of these has been disabled or is out of date. Symantec and McAfee also offer users a snapshot security status, but the end user doesn't have much control over whose messages are dominant. Thus, in the lower-right corner of your screen, you're likely to see messages from the security centres of both Windows and a third party. To a novice, this information overload could be very confusing.

McAfee and Symantec are asking Microsoft to allow users (and, more importantly, the lucrative OEM hardware manufacturers) the ability to disable the Microsoft Security Center and run third-party security centres instead. That sounds reasonable, except Microsoft isn't playing; turning off the Microsoft security undermines the new security model within Vista that locks down and enforces security throughout the new OS.

PatchGuard
McAfee and Symantec are also upset about PatchGuard, a Microsoft technology that locks the Windows system kernel to all outside vendors. The arguments regarding PatchGuard are about the future; today most people don't have the x64 machines that take advantage of the technology, but when they do security vendors want to be a part. Down the road, new computers will be 64-bit and Vista is already designed to run on this new hardware. Microsoft claims that by locking the kernel to outside vendors, it'll eliminate most of the causes of the Blue Screen of Death, as well as prevent rootkits from installing. Unfortunately, it'll also eliminate most third-party firewalls.

Current firewall technology involves hooking the NDIS (Network Driver Interface Specification), which exists only in the system kernel. Even with the advance notice (vendors have known about PatchGuard for a while; it's within the Windows XP x64 edition, for example), it's too late for firewall vendors to create a new methodology, but Microsoft is adamant in not allowing third parties inside the x64 kernel.

Why only Symantec and McAfee?
Although the headlines read Symantec and McAfee, you could easily substitute your personal favourite security vendor instead. The issues mentioned above affect almost all third-party security vendors. The reality is, most security vendors can't afford to mount a long, sustained fight against the giant that is Microsoft; McAfee and Symantec have those resources. That said, neither McAfee or Symantec has filed for a formal decision against Microsoft, nor has either company broken off talks with the software giant.

Presently all signs point to Microsoft having a Release to Manufacture edition of Vista available by the end of November; if that happens, we'll then see a retail product on store shelves at the end of January 2007. The only wrinkle might come if Symantec and McAfee somehow manage to hold things up for Europe (and Europe only) where the European Commission could block the release of Vista. Personally, I don't think the EU will block Vista's release.