I'm not sure that a company that has had as much trouble securing its users from malware as Microsoft should be going it alone.
--Lane Bess, general manager for consumer products and services for Trend Micro (source)
This is actually an interesting debate. Given the widespread use of online banking and shopping, the rapidly increasing use of the Internet to carry phone calls, and the ever-present trend to rely on computers for everything, I think it's also an important one. So as geeky as blogging about software disputes might be, I encourage you to think about this one.
I tend to have a kneejerk reaction against Microsoft whenever I hear about them being accused of anti-competitive practices. But in this case, the accusations are coming from makers of anti-virus and other anti-malware software, and to my mind, they don't sound completely credible.
Some of the complaints are legitimate. Apparently, Vista (the new version of Windows that's coming out any year now) will make it difficult for users to turn off the MS security console. This implies that users will find it hard to prefer a different security suite. It also smells a lot like the strategy that allowed Internet Explorer to kill Netscape.
On the other hand, one of the big complaints is that Microsoft is planning to block access to the kernel (the core of the operating system). I don't know enough about the low-level operations of a computer to be sure, but this sounds to me like a good design decision. As I understand secure computing, programs are supposed to run on top of the operating system, and interact with it by sending requests. They shouldn't be making modifications to the OS itself. Put another way: In general, leave my kernel alone. It's private.
Trend Micro, Symantec, McAfee, and others want access to the kernel for "trusted" applications, so they can be "innovative." This tempts me to ask: What could possibly go wrong with that?
It's clear that the makers of all those third-party apps are fretting about the potential loss of business. The question is one of degree: How much is Microsoft unfairly locking them out, and how much of this is whining from people who have been dining out on the inherent insecurity of all previous versions of Windows?
It's also fair to ask, how much do we want to trust that Microsoft will get it right, all by themselves, this time? MS has never -- not once -- demonstrated that it can secure its products by itself. When Vista is released, there will doubtless be a massive effort on the part of the black hats to crack it. McAfee claims that this has already occurred. It took out a full page ad in the Financial Times, which said, in part, "Microsoft is being completely unrealistic if, by locking security companies out of the kernel, it thinks hackers won't crack Vista's kernel. In fact, they already have."
Add to that Microsoft's occasional history of being sluggish in response to known security flaws, and its frequent history of opening security holes, on purpose, just to make their own applications do something gee-whizzy. Two words: Outlook Express.
I'm also dubious about Microsoft's ability to provide a sensible user interface for their security console. I run Windows 2000 on my main PC, partly because Windows XP's notion of enhanced security seems mostly to involve a plethora of pop-up windows, each filled with cryptic but ominous-sounding messages. This is the company, remember, that brought you the talking paper clip, and who wants you to click the Start button to stop your computer.
Diversity always builds strength, and we all know the line about eggs and a basket. McAfee's ad again: "Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops."
Ultimately, I think Lane Bess's line has a lot of resonance.
iTWire has an article that presents McAfee's side of the debate in more detail.
1 comment:
My friend, Carlos, sent me this link. It may be where you got the Vista info, but if not here's more about it.
>>Looks like the computer wars just went up a notch. Carlos. (link)
Post a Comment