RSSVista SP1 to Include Common Security APIs for Partners
By Scott M. Fulton, III | Published October 19, 2006, 10:18 PM
A spokesperson for Microsoft Thursday evening characterized as "grossly inaccurate" reports from earlier in the day, including from Reuters, stating that a technical glitch in the company's Live Meeting services led to a dissolution of a meeting between Microsoft and security products vendors.
These stories were wrong, said the spokesperson, on three major counts: 1) the exclusivity and number of vendors attending the meeting (20 security vendors participated in this one meeting, possibly including Symantec and McAfee, though this was one of several such meetings); 2) the subject of the meeting (it did not involve a possible revelation or licensing of PatchGuard code or methods); 3) the damage caused by the technical glitch (it only delayed the meeting for 15 minutes, after which, representatives from all 20 companies remained on the call).
The actual subject of this afternoon's Internet conference, the spokesperson told BetaNews, is Microsoft's intention to invite nearly 150 security products vendors to join it in the development of an open security services API for Windows.
Such an API would not open up PatchGuard, the kernel protection system the company currently plans for Windows Vista, the spokesperson pointed out emphatically several times during our discussion, nor does Microsoft have any plans to ever open up PatchGuard.
"Microsoft continues to believe the kernel must be protected from unauthorized access," BetaNews was told. To that end, the company proposes "a process for developing methods for software that works alongside PatchGuard."
Such a process, if initiated, could take several months, by Microsoft estimates, with the goal being to produce the results of this initiative in time for the release of Vista Service Pack 1. Though the spokesperson used the phrase "the SP1 timeframe" to refer to the release of these services, Microsoft declined to attach a time to that timeframe.
However, the spokesperson responded with an emphatic "No!" to suggestions raised yesterday by Gartner analyst Neil MacDonald that the process could consume years of Microsoft's time.
The challenge before participating security partners, BetaNews was told, is to develop a common list of requirements for the type of protection they want to be able to include with their own products. With that list in hand, the vendors could work along with Microsoft to develop an API that would enable them to achieve their individual goals.
Assuming the first stages of negotiations are successful, vendors and Microsoft could conceivably negotiate a timetable for implementing new security functionality, perhaps rolling out service extensions in beta form as they are completed.
The spokesperson declined comment on vendors' relative openness to the idea of revealing their respective product goals and plans, in the interest of developing a common API. Comment was also declined regarding whether vendors may be preparing to make a joint statement following the end of negotiations on this effort, or whether Microsoft plans to make a unilateral statement.
This afternoon's meeting -- the one with the now-celebrated Live Meeting glitch -- was merely one of several such meetings which were scheduled to take place between October 19 and October 23, just prior to Microsoft's involvement in an upcoming RSA security conference.
In all, the majority, if not the entirety, of Microsoft's slate of security partners were invited to participate, apparently weeks ago. This scheduling has been known for some time, the spokesperson said, and was not at all specifically intended to address recent complaints from Symantec and McAfee - again, contrary to reports. In fact, those complaints may not even have been on the agenda.
At the end of Thursday, representatives from all invited security vendors on today's docket were able to attend, BetaNews was told, and no company was locked out, although individual members of some companies may have continued experiencing glitches. A timetable for the patching of Live Meeting, one might suggest, could be the subject of a new round of meetings entirely.
Do not microsoft on sp1 or ad infiniteum sps,allow acces to the kernel,as many have been saying there are many anti-virus apps working happily with vista.I have been using CA on rc2 for 2 weeks,running seemlesly.MO
Score: 0
|Great news on the service pack, this can be added to the installation anyway so no biggie.
The Big AV companys bickering about kernel access is dumb issue. Most Viri knock out the AV protection anyway, and so they should be concentrating on watching and monitoring the PatchGuard code to see if its intact and functioning. This way they can market and sell this feature instead of bleating about loss of business. This will ensure 2 forms of protection, with 3rd party utils watching Ms's a$$. If they stopped Viri from running in the first place, then all they have to do is monitor attempts to circumvent PatchGuard to warn the user, making the system work.
Score: 0
|If they give the AV companies access to the kernel with SP1, it will be an SP that I will definitely not be using.
Score: 0
|"i think its kinda dumb that microsoft is already planning a service pack before Vista is even released..."
Not at all when you consider the rep Vista is getting in the IT professional trade press for problems with the system! There are fundamental problems in many places that will not be addressed before the pressure and subsequent rush to ship results in it being released.
From my personal perspective I would prefer to see them wait and ship a refined product, but hey, a fellow can dream, can't he!?
The retailers are clamoring for the release as they are needing it to drive sales. I suspect that this market pressure will take preceidence over other considerations.
Score: 0
|well how can you ever find every bug when you arent testing in real world applications. or with real world idiot users.
Score: 0
|Somebody is going to start?? ;-)
We've had 6 years of XP and people are still wondering that... ;-)
Score: 0
|i think its kinda dumb that microsoft is already planning a service pack before Vista is even realeased... sure RC2 is a huge improvement but i think they should have at least 1 more RC before releasing Vista to manufacturing...
what's the rush? they took 6 years... another couple months wont change anything (except they will make less money but then again who is really gonna go out and buy Vista the day it is launched???) most corporations are still finalizing the move from Win2K to XP.... i think Vista is still a couple years away from widespread use and instead of planning Service Packs, they should just improve the OS as much as possible and receive more feedback in order to release something that might not need a service pack so soon...
Score: 0
|Dude, they're in development of their next OS already. Post Vista.
Service packs are developed the same way. Features are scheduled and worked *way* in advance.
This is how it works. Get over it.
Score: 0
|Why is a Service Pack, a negative thing?
Sure bugs will be fixed, but all software has bugs even OS X has bugs, and they release patches also. With that said I think Microsoft is doing the right thng, they are going to work with the security firms to develop a method to work with this new system.
I have said this before, if Microsoft can write a program to work with PatchGuard so can other companies if they want to, which is what they should do.
Score: 0
|It shouldnt be a negative thing. Heck, the main diff between apple and microsoft's SP's are that Microsoft's are free and Apple's are payware (10.1, 10.2, 10.3, 10.4, etc)
Score: 0
|Granted it may be a bit silly to talk about SP1 at this point, however, in a way, I am glad they are not going to allow them to have access to the kernel.
I think that Symantec and McAfee need to revise there software so they are not a hog on resources. I also look at other antivirus companies that are not putting up a stink about all this patch guard and kernel issues. Personally, I like Avast on Vista. I do not see them crying to have access to the kernel.
Score: 0
|This is silly. So 3rd party products software houses will have to wait a year until SP1 gets released to offer their new product versions for Vista?
After 5 years and so many delays with Vista it comes out that Microsoft couldn't add a common API in the system for security features and the SP1 will be needed for this to appear...
Well.. if Microsoft didn't spend time and resources on lame, pathetic, disgusting anti-customers stronger WGA, phone-home, spy-on-user services and locks everywhere inside Vista then they could have delivered what it's really needed including an API that works for other software houses to use.
Score: 0
|"lame, pathetic, disgusting anti-customers stronger WGA, phone-home, spy-on-user services and locks everywhere inside Vista"
Nice way to sum up the feature set. ;o)
Score: 0
|So 3rd party products software houses will have to wait a year until SP1 gets released to offer their new product versions for Vista?
No, you brainless troll. They will have to wait until SP3 to break the windows kernel with their own horrible patching. They can still offer AV and AS solutions all they want.
They just can't hack the kernel until then.
I'm heartbroken.
Score: 0
|already talking about Service pack 1? shame on you microsoft !!!!
Score: 0
|Yeah! Vista is not even released to the "general" public.
Score: 0
|It's not as if everyone didn't know it was coming. I want to upgrade to Vista, but I refuse to do so until SP1 is available. I hope it's out by next June.
Score: 0
|