McAfee says Microsoft failing to live up to promises

Microsoft has promised to release code and instructions to access the core of the Windows Vista operating system, so that companies who make security products like anti-virus software are able to update their products for this new OS. A new feature called PatchGuard prevents code being added into the Windows kernel - this makes Vista supposedly more secure but companies like Symantec, McAfee and so forth will have to get access to core Vista APIs and other important information in order to keep their products compatible and useful.

McAfee has now claimed that Microsoft has not lived up to their promises to share code, documentation, APIs and so forth. They claim that this is in violation of Microsoft's agreement with the European Commission to share such information. This is now the second company to claim Microsoft is not providing the APIs needed by its security partners.

Seemingly, the real issue at heart is what specific APIs Microsoft is making available. Microsoft has promised that security products from other companies will be able to stop Microsoft's own security alerts in favour of their own - but these companies say that they need access to the Vista kernel itself to do their work, and that they are not getting it. McAfee also accuse Microsoft of being deliberately unhelpful. For example, a document on Windows Security Centre was recently released by Microsoft, but McAfee claims that their experts did not understand it, and that they have sent questions to Microsoft which have not been met with response. Microsoft has a different story, of course.

"In accordance with the commitments made last week, on Monday October 16th, at 6 a.m. Microsoft supplied the Windows Security Centre APIs for alerts to all our security partners," Stephen Toulouse, senior product manager for Microsoft's Security Technology Unit told BetaNews. "We're not aware of further questions from McAfee specifically regarding this communication but wish to make clear we are available to clarify the use of the API's through the channels we have provided to security vendors, such as the Microsoft Security Response Alliance."