Microsoft Increasing Security Risk with Vista

Dear computer users around the world

By on October 3rd, 2006 10:08 GMT
This is how George Samenuk, Chairman and CEO of McAfee, Inc. addresses McAfee's audience in an open letter posted on the company's official Website. There is a strong opposition among security solutions developers against Microsoft and the protective measures the Redmond Company has implemented in Windows Vista's kernel, locking third party software out of the operating system's core. In this context, McAfee has joined Symantec and the security chorus lashing out at Microsoft. Here is George Samenuk's complete letter:

"Dear computer users around the world,

Over the years, the most reliable defenders against the many, many vulnerabilities in the Microsoft operating systems have been the independent security companies such as McAfee. Yet, if Microsoft succeeds in its latest effort to hamstring these competitors, computers everywhere could be less secure. Computers are more secure today, thanks to relentless innovations by the security providers. Microsoft also has helped by allowing these companies' products full access to system resources-this has enabled the security products to better "see" threats and deploy defenses against viruses and other attacks.

With its upcoming Vista operating system, Microsoft is embracing the flawed logic that computers will be more secure if it stops cooperating with the independent security firms. For the first time, Microsoft shut off security providers' access to the core of its operating system-what is known as the "kernel".

At the same time, Microsoft has firmly embedded in Vista its own Windows Security Center-a product that cannot be disabled even when the user purchases an alternative security solution. This approach results in confusion for customers and prevents genuine freedom of choice. Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and
other online threats. Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops.

McAfee has a different vision.

We think customers large and small are right to rely on the innovation arising from the intense competition between diverse and independent security companies. Companies like McAfee have none of the conflicts of interest deriving from ownership of the operating system. We focus purely on security.

Independent security developers have proven to be the most powerful weapon in the struggle against those who prey on weak computers. Computer users around the globe recognize that the most serious threats to security exist because of inherent weaknesses in the Microsoft operating system. We believe they should demand better of Microsoft.

For starters, customers should recognize that Microsoft is being completely unrealistic if, by locking security companies out of the kernel, it thinks hackers won't crack Vista's kernel. In fact, they already have. What's more, few threats actually target the kernel-they target programs or applications. Yet the unfettered access previously enjoyed by security providers has been a key part of keeping those programs and applications safe from hackers and malicious software. Total access for developers has meant better protection for customers.

Let's be clear: McAfee is fully committed to innovating on behalf of its customers. McAfee has the resources and resourcefulness to remain a leader in computer security, despite Microsoft's new obstacles. McAfee's sights are set on future security battles far beyond where Microsoft is spending its time. We will support the new Vista operating system and we plan to launch ever more sophisticated security innovations. But we won't remain silent as Microsoft imposes unnecessary security risks. Microsoft's new approach is misguided in principle, bad for innovation and competition. Above all, it's bad for users. We urge Microsoft to return to the historically collaborative approach it has taken in providing security companies with full access to system resources and allowing customers genuine freedom of choice in security.

George Samenuk
Chairman and CEO
McAfee, Inc."

Comments