October 21, 2006

Microsoft says to McAfee: Stop lying to public..

A statement released to the press very early this morning from Ben Fathi, Microsoft's corporate vice president for security technology, gives some subtle but clear indications that, if McAfee wants to take its claims against Windows Vista security features off the streets and into a more formal setting, Microsoft might be willing to make a battle of it.

"It's unfortunate that McAfee's lawyers are making these kinds of inaccurate and inflammatory statements," Fathi's statement opens, apparently referring specifically to claims made against Microsoft's forthcoming 64-bit kernel protection scheme before the European Commission, and not to open letters from McAfee executives published by the Financial Times and ZDNet.

While McAfee and Symantec have been complaining publicly that Microsoft's new architectural choices lock them out of being able to provide heuristic security features for anti-virus and anti-malware products, privately, McAfee's complaint is that Microsoft is failing to provide its partners with the information necessary to enable them to alert users to vulnerabilities using their own tools, rather than Microsoft's.

European news sources this morning cite McAfee attorneys in Brussels as saying that Microsoft has failed to live up to its "hollow assurances" of providing this information to security partners.

Fathi's statement continues with a timeline, down to the minute, of delivery times when McAfee received documentation and sample code from Microsoft last Monday and Tuesday. This code apparently gives vendors new APIs for providing users with their own security alerts, in place of Microsoft's. A new build of Vista, Fathi said, which incorporates this third-party alert system, was delivered to McAfee last Wednesday, and a tutorial briefing was given Thursday at noon.

McAfee's original complaints before the EC, however, pre-date this timeline by weeks.