Sophos, eEye in favor of Microsoft's PatchGuard

By on

While the largest IT security vendors continue to attack Microsoft on the new kernel patch protection in its Vista operating system, many of their competitors are coming forward to defend the software giant.

Both Symantec and McAfee have been vociferous about their objections to being locked out of the kernel code in Microsoft's 64-bit version of Vista through its new PatchGuard feature.

Microsoft says the feature is designed to protect against rootkit, but Symantec and McAfee argue it is the Redmond, Wash.-company's way of putting up a roadblock for security vendors as it prepares to compete in the market with its new Windows Live OneCare service.

Now other IT security vendors are coming out of the woodwork to lash out against the two security market leaders for sensationalism and laziness. In a prepared statement to the press an executive with Sophos today said that McAfee and Symantec's inability to create protection in concert with PatchGuard is not Microsoft's fault, but their own.

"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with 64-bit Vista in mind," said Richard Jacobs, chief technology officer of Sophos, who emphasised that some companies like his own are still able to protect consumers with the new limitations.

Microsoft executives hope that many more security companies are in line with Sophos line of thinking. According to Scott Charney, vice president of Trustworthy Computing for Microsoft, the addition of PatchGuard is simply a shift to adapt to a changing threat landscape. While it might create some pain points in the short run, he said that he believes it is in the users' best interests to make that shift now.

"Do you leave it open and leave the world at risk or do you make one of these fundamental shifts in security, recognising that there will be some backwards compatibility issues and that the ecosystem will have to adjust?" Charney said.

"It seems to me that just leaving everyone at risk isn't the answer. At the end of the day, we have a fundamental choice and it doesn't seem (Symantec and McAfee) are thinking about how the security model has to change to reflect the threat models."

Even those from security vendors that frequently criticise Microsoft are coming to the company's defense on this topic. In an interview with SC Magazine, Ross Brown, the CEO for eEye Digital Security—a company that often hammers Microsoft during Zero Day incidents—said that Microsoft is simply delivering extra value with PatchGuard.

He believes that McAfee and Symantec not only need to learn to deal with the new system that Microsoft is delivering, but that their old methods of protection were never delivered the right way in the first place.

"They cheated with their antivirus because they used kernel hooking," Brown said. "That's not the way to do it. They have to go wide and figure out how to add value, not sit around and complain about antitrust implications."
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?