Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Companies Tussle With MS Security Center

Posted by ryuzaki0 on from the antitrust-redux dept.

hey0you0guy writes, "The large security firms such as Symantec and McAfee want Microsoft to allow them to replace Microsoft's Windows Security Center. Microsoft is refusing these requests. 'By imposing the Windows Security Center on all Windows users, Microsoft is defining a template through which everybody looks at security,' Bruce McCorkendale, a chief engineer at Symantec, said in an interview. 'How do we trust that Microsoft knows what all the important things about security are to warn users about?' Given Microsoft's past, with vast piles of security flaws and patches, they should at least cooperate with these companies. A dispute still exists over PatchGuard, a security feature that Microsoft says is designed to guard core parts of the 64-bit version of Vista, but which critics say locks out helpful software from security rivals."

7 of 225 comments (clear)

  1. Bad track records all around by Nimey · · Score: 5, Insightful

    It's not as though Symantec and McAfee have spotless records on security and especially not fucking up your Windows installation. The more stuff that's in a sandbox the better.

    --
    Hail Eris, full of mischief...

    E pluribus sanguinem
    1. Re:Bad track records all around by betterunixthanunix · · Score: 5, Insightful
      And Windows should have been designed with security in mind since '95, when they integrated networking and web browsing. Symantec's MASSIVE business is the result of poor design on Microsoft's part, which is a shaky basis for a business. The fact that Microsoft is at least trying with security is making Symantec nervous...

      Of course, they said that about other things too...

      --
      Palm trees and 8
  2. Why you shouldn't give a shit. by argent · · Score: 5, Insightful

    Microsoft's whole approach to security is backwards. And so is the approach of Symantec and Macafee and the rest... not to mention the EC and everyone who thinks antitrust is even applicable to this whole commotion.

    They think they can add security on, like a product. You can't. You have to design it in. If you had a building with no locks on the doors you wouldn't keep casual visitors out by adding guards before you'd even tried adding locks, even if carrying cards or keys was "inconvenient". So why does Microsoft think they can add security to Internet Explorer that way?

    The whole basis of Microsoft's approach to the Internet is fundamentally wrong. They can't fix it by adding products. They can only fix it by ripping out most of the desktop-browser integration they fought the DoJ to a standstill over in the Clinton and first Bush administrations, and making the browser responsible for never allowing an untrusted object out of the sandbox, no matter what. Even if sandboxes are "slow" and installing plugins are "inconvenient".

    Same with Windows networking, CIFS, CIFS-authentication for HTTP, and everything else they've done to lower the barriers between local and remote resources. Those barriers, those locked doors, are there for a reason.

  3. Re:Vista is Dead by ppz003 · · Score: 5, Insightful
    Vista is dead before it even arrives. What would I possibly want it for that I don't already have?

    Tell this to everyone who will buy a new PC as their old one becomes so infested with malware that it slows to a crawl. I bet MS will make sure any new computer will come with Vista once (maybe never, I hope) it comes out.
  4. It's worse than that by Anonymous Coward · · Score: 5, Insightful
    It's in Symantec's interest that Windows *remain* insecure forever so they can keep selling workarounds to the broken OS.


    I wouldn't trust either side in this argument -- Micrsoft has long proven itself incapable of understanding comptuer security (at least compared to any other OS competitors), and the anti-virus guys have a business model that relies on Fear of Viruses.


    Neither is in a position to earn any trust from anyone.

  5. Silly question by Guppy06 · · Score: 5, Insightful

    If third-party software could automatically disable Microsoft's Security Center, couldn't malicious software do the same?

    From a busines perspective, this may be the same as bundling IE, but from a security perspective this is the exact opposite: removing security holes rather than adding them (in the name of "functionality").

    Yes, Microsoft is likely being monopolistic, but I think I'd rather worry about all the Windows zombies populating the web rather than the profit margin of particular security software companies, especially when said companies rely on the inherent insecurity of Windows installations for their income.

  6. Simple solution by ditoa · · Score: 5, Informative

    Don't replace, disable! Simply disable the Security Centre service, install your own and you're done. Infact this is exactly what we have done at work, the idea of a security centre is great however we wanted to add our own applications to the security centre. Sadly there is no way to do this with the default security centre in Windows XP SP2. So rather than try and extend it we simply disabled it and replaced it. Doing the job of the security centre is pretty simple as it is documented what applications have to do to be "seen" by the security centre so we just did the opposite to monitor them (Symantec is very difficult about this because it has anti-monitoring tech built in). I don't see why this is a big problem for Symantec. AFAIK there is no reason they cannot disable the security centre service when they install their application.