14 DAY TRIAL // I was surprised at the level of diplomacy that Microsoft has exhibited in relation to its relationships with the members of the security industry. The fact of the matter is that security developers, including Sophos, Kaspersky, McAfee and Symantec, have all taken swings at Microsoft and Windows Vista. And Microsoft's public reaction has always been to support what it calls its security partners.
Stephen Toulouse, senior program manager for the Trustworthy Computing Group confirmed the fact that Microsoft's position is not one of isolation and that the Redmond Company relies on security developers to help with the protection of its customers.
"Microsoft views security partners as critical to our effort to protecting customers as we can't do this alone. In following the feedback from our customers that Windows Vista should dramatically increase the security of the computing experience, we recognized that existing security solution providers were a key resource in helping to ensure not only that Windows Vista is the most secure Windows version to date, but to help maintain the user choice in selecting security solutions that best meet their needs. In fact, the development of Windows Vista has offered an unprecedented level of access and input from security vendors," Toulouse explained.
More recently, Symantec has extensively attacked the User Account Control feature in Windows Vista, and has even revealed that the customers are susceptible to attacks via the same process that allows legacy Windows Control Panel plug-ins to run with full administrative privileges. Toulouse said that the final decision is that of the customer.
"Based on customer feedback, we believe UAC is a good solution to get users to easily run with a more restricted user account than in the past," he added. "Standard user restrictions will help limit the impact of malware attacks, installation of unauthorized software, and unapproved system changes by making it easier to use Windows without administrator privileges. But, if the user decides they do not want to run UAC and they would rather run a third party solution that provides similar functionality, they do have the choice to disable it."