Vista security talks off to a shaky start

Security vendors looking to gain insight into Microsoft’s plans for opening up the Vista operating system kernel were frustrated Thursday morning when a technical glitch kept many from joining the first online discussion of this issue.

“Oops,” wrote Microsoft Senior Product Manager Stephen Toulouse in a blog posting on the subject. “We had a glitch where we sent out a messed up link. … We’re very sorry about that, it certainly was not intentional and we definitely see that was not a good thing for people to experience on such an important topic.” His blog post can be found at this Web site.

Microsoft set up the meeting to talk about how it plans to give security vendors access to Vista’s kernel on 64-bit systems. This has been a contentious issue, as Microsoft had initially planned to lock software vendors such as Symantec Corp. and McAfee Inc. out of the kernel, claiming that this would make Vista more secure. The security vendors said this would harm their products, and Microsoft finally capitulated, after first being warned by European Union regulators.

Microsoft rescheduled its Thursday morning Web conference after it realized it had sent out a bad LiveMeeting link to participants, but in the end some security vendors were shut out of the meeting.

Most of Symantec’s team, for example, was unable to attend. “It turned out that everybody on our team was not able to make the first meeting but one guy,” said Cris Paden, a Symantec spokesman.

Microsoft has set up a second meeting for later in the day Thursday to take questions from those who missed the first, Paden said. A further meeting is also planned for Monday, according to Toulouse.

Late Thursday, McAfee said there was “little indication” that Microsoft planned to live up to its promise, made late last week, to work with security vendors on several issues relating to Vista. “We have been greatly disappointed by the lack of action by the company so far and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management,” said Christopher Thomas, McAfee’s outside legal counsel in Brussels, in a statement. Thomas is a partner with the Lovells law firm.

Sunbelt Software Inc. President Alex Eckelberry said that the mix-up was due to an honest mistake with Microsoft’s conferencing software. “Someone at Microsoft accidentally sent out the LiveMeeting presentation invites as “presenter,” which if you’ve ever used LiveMeeting, is an invitation to chaos,” he said in a blog posting. “Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally setup to end at 12:30, [Eastern time] so we were promptly all kicked off.”

“While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance,” he added. “It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress.” Eckelberry’s blog posting can be found at this Web site.

Microsoft has said it expects to make new kernel APIs (application programming interfaces) for security products available as part of the first major, “service pack,” update to Vista. Security vendors are pushing to have them included sooner.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now