Friday, October 13, 2006

Changes at Microsoft - One leads to Another

It started with this reorganization announcement, as reported at Microsoft Watch, by Peter Galli in "Microsoft Gets a New Security Group ",
"Microsoft is bringing its security, Trustworthy Computing and Engineering Excellence teams together in one group, known as the Trustworthy Computing Team."
That was yesterday. Today it was reported that Ben Fathi, who had replaced Mike Nash, will be heading up development of the core components of the Windows operating system. The security unit that he had been runnig will be absorbed into the new Trustworthy Computing Team, reported above. Scot Charney will head up the Trustworthy Computing Team. (See "Microsoft Security Czar Fathi to Focus on Windows OS" for the complete story.)

Follow that reorganization with this announcement about Windows Vista at c|net, "Microsoft changes Vista over antitrust concerns":

"Microsoft had planned to lock down its Vista kernel in 64-bit systems, but will now allow other security developers to have access to the kernel via an API extension, Smith said. Additionally, Microsoft will make it possible for security companies to disable certain parts of the Windows Security Center when a third-party security console is installed, the company said.

Security companies had complained that a kernel protection feature called PatchGuard in 64-bit versions of Vista not only locked out hackers but also prevented some security software from running."

The lock-down was one of the major security features we have been hearing about for some time. Particularly, after reading "McAfee and Symantec get vocal about Vista - but do they *really* have our best interests at heart" co-authored by Microsoft MVPs Sandi and Walter Clayton, I am concerned about what certainly appears on the surface as caving in. As Sandi wrote:

"The bad guys are getting past McAfee and Symantec and others, and if the “Big Two” were *truly* concerned with user security, they would not be fighting this change, which is going to make such a big difference in the malware fight by stopping the bad guys *before* they can do some of their most damaging and difficult to remove tricks. They’d be working on changing their code to work with what is going to be a quantum leap forward in security improvement for users.

Prevention is better than cure. Signature based scanning, heuristics and adding detection for new malware *after* it has already been released and has started infecting machines around the world, isn’t working. I need help to stop the bad guys from getting their tendrils so deep into the OS that it is getting more and more difficult to remove. It is getting to the stage where reformatting is sometimes the only option for systems infected with the worst malware, even with McAfee, Symantec or other security vendor's products installed, and that is simply not good enough."

Consider this quote in Sandi and Walter's article by Jesper Johansson:

"In a sense, [McAfee and Symantec] have built their business on protecting users of Windows from Microsoft, and Microsoft healing the patient cuts into their business doing the same. As Microsoft's Security Chief Ben Fathi said, the security vendors want Microsoft to "keep the patient sick," and by extension, keep customers at risk, so that the security vendors can keep charging for the healing."

But Ben Fathi is no longer Microsoft's Security Chief. Seems like the security vendors will continue charging for the healing.

No comments: