Microsoft Agrees to Changes in Vista Security

An anonymous reader writes "Bowing to pressure from European antitrust regulators and rival security vendors, Microsoft has agreed to modify Windows Vista to better accommodate third-party security software makers. In a press conference Friday, Microsoft said it would configure Vista to let third-party anti-virus and other security software makers bypass 'PatchGuard,' a feature in 64-bit versions of Windows Vista designed to bar access to the Windows kernel. Microsoft said it would create an API to let third-party vendors access the kernel and to disable the Windows Security Center so that users would not be prompted by multiple alerts about operating system security. In addition, Redmond said it would modify the welcome screen presented to Vista users to include links to other security software other than Microsoft's own OneCare suite. From the article: 'It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet.'"

testing the waters?

[yagu]

From the article (and /. summary):

It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet," Northcutt said. "That's a good thing, because it's just too easy for mistakes to happen when you are only left with a single security provider."

It's only an author's surmise, but as I understand and interpret Microsoft's position, there is no line they will be able to cross ever while they are still a monopoly. Microsoft enjoys (immensely) their monopoly position in PC OSes, and as long as they do (immensely), they will continue to be proscribed from using their monopoly to leverage, influence, and otherwise compete unfairly with any other of their products.

There is no line to test.

Re:testing the waters?

[Guppy06]

"Microsoft isn't a monopoly though. There is absolutely nothing stopping anyone from using any number of other x86 operating systems on their PC. Don't like Windows? Fine, install Linux, FreeBSD, NetBSD, OpenBSD, etc. Hell, buy a Mac and use MacOS X."

We've all been over this before...

1. Computer manfuacturers are bent over a barrel to include an OEM Windows install on every machine they sell. The only realistic way for a user to get a computer without Windows is to build one themself.
2. Since everybody is already getting a copy of Windows, what incentinve is there for the end user to try an alternative OS? Better yet, even if they do, they've already paid for Windows and Microsoft still has their money and their "installed base" numbers
3. People write software for the dominant OS rather than invest even more money into R&D for multiple OSes. Meaning that most applications (read "games") out there are designed for Windows

The 95% of end users out there who don't build their own PCs from scratch are left with choosing to continue running the Windows their machine came with, or to take on the Sisyphusean challenge of working to install their own OS and tailoring their software shopping (if not their life in general) around that OS instead of simply using what they already paid for.

"You know why people use Microsoft Windows? Because they like it."

Microsoft will never allow anybody to test that hypothesis in any meaningful way. You can't say that with any certainty until Dell and HP start saying "Would you like Vista or Fedora with your new computer?"

And how does Microsoft do this? By abusing their monopoly power.

I don't get it.

[Shivetya]

Sorry but I think the kernel should be off limits. Leave that to Microsoft and hold them wholly accountable to preventing issues with it.

On one hand people bitch about MS's lack of security yet when they do essentially what is asked it is claimed they only did it to be uncompetitive.

Make up your mind. Or is just permanent open season on MS?

Re:I don't get it.

[UnknowingFool]

Here's the crux of the complaint: In Windows, to combat viruses and add security like firewalls, these programs need kernel level access (as many APIs unfortunately do). Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer). To some that is abusing their monopoly. It would one thing if they closed it totally because of security and that nothing but the OS could access it. But they had set it up to where only their MS programs could access it. It would be no different if Vista had made changes that would allow MS Money to work but not Quicken.

Re:I don't get it.

[jb.hl.com]

MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer)

Lies. Trend and Avast have apparently been able to run on Vista without any problems. They knuckled down and wrote code so they worked on Vista, and indeed Vista has an API called Windows Filtering Platform, which allows anti-virus makers to monitor file activity. Symantec and McAfee, on the other hand, threw a hissy fit.

Microsoft is, for once, clearly in the right.

Re:Are the alerts perhaps the problem?

You must restart your computer. Would you like to do it now, or would you like me to display this same dialog 30 seconds from now, while you're doing something else like typing a slashdot comm

Most important question

[also-rr]

Is this going to be a backdoor into the protected parts of the kernel that also handle media protection?

It would be nice if one batch of companies out to screw you over had accidentally been defeated by another batch of companies out to screw you over. Sort of collateral rebuilding, if you like.

I find it kind of interesting...

[dghcasp]

Companies like Symantec (aka Norton) have profited immensely from an industry created because Windows wasn't secure.

Now they're upset because Microsoft wants that piece of that market; in other words, Microsoft wants to profit from the fact that Windows isn't secure.

Yet in pretty much every other operating system, the solution is simply to make the darned thing secure.

Now, I realize that the issues are a bit larger than this, but I do wonder: IF Microsoft ever released a truly secure operating system, thus making Symantec and other such companies as relevant as the buggy whip, would they then sue to prevent the release of the O/S?

NO NO NO.

[jb.hl.com]

Trend Micro's anti-virus and Avast both work on Vista, because their respective developers spent time developing new software to work with it.

Symantec and McAfee on the other hand, rather than invest money in development for a version of their programs which fits Vista's new security model, decided to bitch and whine loudly about Microsoft's new security in Vista while doing nothing of any value. In a sane and equitable world, Microsoft would have offered to aid them in building their new anti-virus products for Vista, and McAfee and Symantec would have agreed. Instead, probably with the threat of a lawsuit from the two companies, and because of the two launching attack ads, they let them bypass their new security features.

This should not be happening. This is BAD for security, as once you let one program bypass security barriers it's only a matter of time before others do, not all of them friendly. This is STUPID because Microsoft has kowtowed to pressure from two companies far more focused on saving money on developing their shitty, shitty antivirus programs than actually providing any more security.

Fuck Symantec, fuck McAfee.

blah, EU went too far

[jorghis]

I could understand why the EU was upset about the media player bundling. I can understand them being upset about the splash screen for MSs AV stuff. I dont agree with them forcing MS to get rid of those things, but I understand where they are coming from.

Forcing MS to weaken Vista's security and reliability to accomodate these AV companies sucks though.

This is a -bad- thing. Why are we applauding it on slashdot? Are we so caught up in MS hate that we want the government to force them to weaken their product from a technical standpoint?

Maybe this is an example of how having a reputation for lying will make people think you are being dishonest even when you are telling the truth. I know a lot of people on this website dont totally understand the technical issues involved. But doesnt the EU commission have any experts that can explain to them that they are weakening Vista by forcing this on MS?

Microsoft has NO CLUE AT all regarding security.

[Cap'n+Crax]

And I will tell you why. I actually like the NT kernel and architecture. I think it is well designed, and works great when built upon properly. I think Windows 2000 is the probably the best consumer OS ever made, even though Microsoft pointed it at business users. It's what I run, and likely will not switch from, except for (maybe) running XP in a VM to run some games.

    But even with 2000, MS had to insert their boneheaded ideas in it. For example, with "Windows File Protection," which is really the sfc.exe ("System FIle Checker") and sfcfiles.dll (The actual list of files to be protected, stuck in a DLL) it gives an Admin NO WAY to add to or change which files are protected. And it includes things like PINBALL.EXE!!! in the list of protected, undeletable system files. And creates stupid things like "C:\Program Files\microsoft frontpage" when I DO NOT even have Frontpage or IIS installed. And unless you disable SFC (which I did) it will re-create the stupid directory on every re-boot. So what COULD HAVE BEEN a useful feature is more like a "let MS Admin your computer for you" feature, because there is no way for the owner of the computer to manage which files are protected under "Windows File Protection." And guess what, on COMPUTERS I OWN, **I** like to control what directories are created and where they are placed. It's MY computer!!!

    Now I have read, from a recent article by Mary Jo Foley, ZDNET, that some of the new security in Vista will come from "Code protection technologies such as tamper resistance, code obfuscation, and anti-reverse engineering measures..." THIS IS NOT SECURITY. This is HIDING YOUR BUGS. Instead of actually fixing the bugs, or not having them to begin with, they are actively trying to just make them harder to find. But they are still IN THERE!! This is just simply boneheaded. This is not the way to develop an OS.

    With this new WGA crap, they are trying to FORCE users to install (and keep installed) components that NO ONE WANTS (except MS, of course). But guess what, any decent computer Admin **MUST** have the ability to accept or deny ANY update to the OS and have the ability to rollback changes if they cause problems. Just Google for wgatray.exe for many fine examples of the horrible problems their crap is causing.

    With Win 2000 at least, MS created a good OS, once you fix the initial problems. But for me at least, there is NO WAY I will "upgrade" to this Vista shit with requiring signed drivers (what about independent hardware hackers/developers?) or XP with "Activation" (what, I can't swap out my motherboard without CALLING and RE-ACTIVATING?) They have just gone too far with this DRM and Anti-Piracy shit. NOT IN MY OPERATING SYSTEM.

    I need to move to Linux. Kubuntu is looking really good now. If I can just get the couple of games I like working under WINE or Cedega, then F*** MS. It's just too much. I've had enough.

Crax

P.S. The Mary Jo Foley article I quoted from is located at:
http://blogs.zdnet.com/microsoft/?cat=18