The debate surrounding Windows Security Center and PatchGuard has turned vicious, with McAfee and Microsoft both claiming that the other is motivated by commercial factors rather than security concerns.
McAfee launched its first salvo in the increasingly bitter battle between Microsoft and the security industry on Monday in the UK, taking out a full-page advertisement in the Financial Times.
The advertisement, entitled "Microsoft increasing security risk with Vista", claimed that the company's aim was to see "a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers... when it fails, it fails for 97 percent of the world's desktops".
In the advert, McAfee said that it had not been granted access to central portions of Vista, the next version of the Windows operating system, specifically to the kernel of the 64-bit version of Vista.
Mike Dalton, European president of McAfee, told ZDNet UK that this lack of access would "stop McAfee solutions working" on the 64-bit version of Vista, while leaving the door open for hackers to get past PatchGuard, the part of the operating system designed to prevent malicious attacks.
"If we can't see what's going on in the kernel, we can't see if there's an issue caused by malware," said Dalton. "The decision to build a wall around the kernel with the assumption it can't be breached is ridiculous. We know there are hacker documents out there on how to circumvent PatchGuard, and Microsoft has not had a good history of writing secure code."
In response, Microsoft claimed that PatchGuard, or Kernel Patch Protection, was "a critical step to making the kernel more secure".
"Kernel Patch Protection is not new to Vista; the technology has been shipping for more than three years and is currently available on XP 2003 and for Vista 64-bit shortly. McAfee's security solutions work on 64-bit systems. Customers can and will be protected by their solutions on 64-bit systems," a Microsoft spokesman said, adding that allowing third-party security vendors access to the kernel would cause "security, stability and integrity issues".
Dalton claimed Microsoft was trying to lock security vendors out of Vista so it could sell users its own security products such as OneCare.
"This is clearly an area where Microsoft is taking advantage of its position as vendor of 97 percent of the world's operating systems," said Dalton.
"Is Microsoft [locking vendors out] because the market will see other vendors are doing a better job at security? We may show them up as not having the greatest security product. I would say they're very worried [about that]," said Dalton. "You don't learn the technologies we've learnt overnight, and Microsoft's security attempts so far have been fraught with problems."
McAfee also claimed that Microsoft's refusal to allow its security console, Windows Security Center, to be turned off by vendors was a further attempt to sell more Microsoft products unfairly.
"Windows Security Center is always on, always running in the background, saying 'Hey, come and look at Microsoft products'. I find it alarming," said Dalton.
Windows Security Center, introduced with Windows XP Service Pack 2, pops up on desktops to alert PC owners if their firewall, virus protection and other security tools need attention. The version in the Vista update, set for broad release in January, will add new categories and management tools.
Tom Espiner reported for ZDNet UK from London
