Antitrust related changes to security in Windows Vista 64-bit will take years to complete and will cause compatibility trouble in the interim, according to Gartner.
Users of security technologies such as host intrusion-prevention systems, or HIPS, should postpone buying 64-bit versions of Vista, Gartner analyst Neil MacDonald wrote in a research note published on Wednesday. MacDonald also noted that many integrated security products today include HIPS functionality.
"Recognize that many of these products will not deliver full functionality using 64-bit Vista," MacDonald wrote. "Do not plan for initial use of 64-bit Vista if you are using incompatible products for which no suitable alternative exists."
People should ask their security vendor for Vista compatibility guarantees, he suggested.
In response to antitrust concerns from the European Commission, Microsoft last week said third-party security software will be able to interact with the kernel of 64-bit versions of Vista. Security companies had requested that capability, but Microsoft had denied it until it capitulated under pressure from regulators.
Security companies now have unfettered access to the core of 32-bit versions of Windows. But they complained that a kernel shield called PatchGuard in 64-bit versions of Vista, which is intended to stop hackers, blocks security products, too. 64-bit Windows is expected to eventually supplant 32-bit versions.
While Microsoft has promised to give its security rivals controlled access to the Vista kernel, the programming interfaces to do so still need to be developed.
"Our goal is to provide an initial set of documented, supported kernel interfaces in the Windows Vista SP1 (Service Pack 1) timeframe, recognising that this will require collaboration from our industry partners," Ben Fathi, the outgoing corporate vice president of Microsoft's Security Technology Unit said in a statement late Thursday.
Gartner expects SP1 to be released in early 2008 and predicts that more programming interfaces related to the kernel will be delivered with SP2 or later.
All these changes could have a negative effect on Vista, MacDonald wrote.
"Any kernel changes may have a 'ripple effect' up the software stack and will require retesting of all of Windows Vista applications," he wrote.
The timing is much to the dismay of some security companies, including McAfee.
"Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management last week," Christopher Thomas, a partner at McAfee's Brussels-based law firm Lovells, said in a statement Thursday.
Vista is scheduled for release to manufacturers in November and for sale to the public in January.
Access to the Vista kernel is one of two concessions Microsoft made. The software giant has already provided security companies with a way to disable alerts sent out by the Windows Security Center, if their third-party protective software is installed.
