Feeds

Ballmer: Microsoft helped security partners on Windows Vista

Lack of knowledge

3 Big data security analytics techniques

Steve Ballmer has pitched into the row over Microsoft's willingness to cough up vital Windows Vista APIs for partners to lock down the operating system against attack.

The Microsoft CEO said his company had done everything necessary to help security partners and to get Windows Vista out on time in Europe next month. He added he doesn't know anything about specific allegations made by vendors such as McAfee.

His words come as McAfee and Symantc, both said Microsoft had not gone far enough in releasing Windows Vista security APIs. Symantec claims the problem lies in defining which Windows Vista APIs are exactly ”available.”

With the clock ticking on Windows Vista's release, McAfee, Symantec and others have gone public in airing their grievances, saying that Microsoft has denied full access to the Windows Vista kernel. Instead, they must work though PatchGuard, which grants only partial access.

Last week, Microsoft announced two updates to Windows Vista's security in response to prodding from European Union anti-trust officials concerned about the operating system's potential effect on the competition. The Windows Vista Security Center will now not send security alerts to users who have installed security consoles from rivial security companies. Additionally, Microsoft claimed to have devised a "new security approach", allowing access to the kernel but retaining PatchGuard.

These changes, plus concessions in the browser upgrade process and an agreement to submit Microsoft's Adobe PDF rival XML Paper to a standards body (our money’s on Microsoft favorite - the European Computer Users Association) led Microsoft's top legal eagle Brad Smith to conclude: "We feel that we can move forward [with Windows Vista] in compliance with EU law."

Microsoft watchers, though, will be more than familiar with the company's policy of taking a drip-drip approach to releasing clear documentation on Windows APIs, with information only released either as a last resort or under pressure from judges.®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.