Sonia Arrison

Microsoft’s New Security Problem: McAfee

For years, Microsoft has come under heavy fire for not making its systems secure enough. Now, with the upcoming release of its new operating system (OS), Windows Vista, the company is being unfairly attacked by self-interested competitors for adding more security to protect consumers.

Back in 2002, when Microsoft co-founder Bill Gates announced that the company would be making security a priority, the computing industry responded with a collective, “Finally.” Thomas Greene, writing for the Register, reported at the time that “Bill finally admits that the company has wrongly emphasized whistles and bells over security, and decrees that this shall change.” He went on to say, “Hallelujah. He’s finally arrived on the same page as the rest of the computing world.”

Greene’s analysis would have been more accurate if he had written, “the rest of the computing world except for those who will lose business when consumers’ computing lives become more secure.” But Greene wrote long before McAfee decided to place a full-page advertisement in the Financial Times predicting doom and gloom if Microsoft is allowed to make its own product more secure.

[:]

Read more here.

October 9, 2006 | Comments |

Viewing 6 Comments

    • ^
    • v
    I'm not familiar with the substance of McAfee's complaint (since you don't give any ;) but it strikes me that any security professional, not to mention anyone who claims to believe in markets, should agree that more competition in the security tools space will make us more secure; likewise, less competition (or high barriers to competition) will make us less secure. I'm not familiar with the substance of McAfee's complaint, but if Vista truly locks out competition (and not merely competes by providing a better, cheaper product) then yes, this will of course make us less secure.
    • ^
    • v
    Luis, I'm also not following MSFT's security woes, but I don't believe the security features of Vista will prevent users from downloading and running third party security programs from McAfee, Norton, etc. Thus, there should not be a "lock out" of competition.
    • ^
    • v
    Sonia, When you say Microsoft did not make its system secureenough, I agree, They were not in the security business. For years over 90% of security for microsoft was furnished by two companies, McAfee and Symantec. I think Microsoft decided that if McAfee and Symantec could not protect thir customers then they would.McAfee and Symantec should have no complaints. End of story
    • ^
    • v
    Claude, you raise a good point. MSFT has been threatened for security flaw liability and criticized for years. I always wondered why BillG and company were getting the heat from consumers, with McAfee and Norton left on the sidelines. Certainly any hacker attacking an MSFT product would have in mind how to bypass McAfee and Norton.
    • ^
    • v
    From a technical perspective, antivirus products like McAfee and Norton are no substitute for secure construction of the underlying OS. At best, antivirus products can partially plug some of the vulnerabilities in the underlying OS. What people were criticizing Microsoft for back in 2002, and what Microsoft started trying hard to change, was the prevalence of holes in Windows.

    The original post seems to just assume that Microsoft's questioned actions will make Windows more secure. If Microsoft's actions do lock out some antivirus products or constrain their ability to protect users, then security may suffer. (Whether third-party programs can download and run is only part of the question. Once they're downloaded and running, how much latitude do they have to protect the user?) Only a detailed, technically sophisticated examination of what Microsoft is doing can tell us whether the company's actions will improve security. To just assume the result of that analysis is to ignore the most important question here.
    • ^
    • v
    Ed Foster has an intertesting post concerning problems with Symantic's Norton antivirus product.
    http://www.gripe2ed.com/scoop/story/2006/10/10/...

    The reader submitting to Ed Foster wrote "Since NAV 2006 had coexisted with Spy Sweeper and Zone Alarm Pro without a problem, the reader wondered whether the NAV installation message was correct. "I tried ignoring the warning message, but the installation wouldn't proceed," the reader wrote. "The obvious solution, as Symantec's reps explained it when I called them, would be for me to abandon both of my non-Symantec stalwarts in favor of their bloated Internet Security package. The first rep simply said that the message was accurate and that Zone Alarm and Spy Sweeper would have to go. The second told me that the two programs would conflict with the spyware protection and firewall that were part of Norton AV 2007. I assumed that to be wrong, because if it were true, what would be the point of spending more money for Norton Internet Security?"

    This of course raises the possiblity that these programs are purposely being designed to disable a competitors program from operating.

Trackbacks

blog comments powered by Disqus