Feeds

Ballmer: Microsoft helped security partners on Windows Vista

Lack of knowledge

Protecting users from Firesheep and other Sidejacking attacks with SSL

Steve Ballmer has pitched into the row over Microsoft's willingness to cough up vital Windows Vista APIs for partners to lock down the operating system against attack.

The Microsoft CEO said his company had done everything necessary to help security partners and to get Windows Vista out on time in Europe next month. He added he doesn't know anything about specific allegations made by vendors such as McAfee.

His words come as McAfee and Symantc, both said Microsoft had not gone far enough in releasing Windows Vista security APIs. Symantec claims the problem lies in defining which Windows Vista APIs are exactly ”available.”

With the clock ticking on Windows Vista's release, McAfee, Symantec and others have gone public in airing their grievances, saying that Microsoft has denied full access to the Windows Vista kernel. Instead, they must work though PatchGuard, which grants only partial access.

Last week, Microsoft announced two updates to Windows Vista's security in response to prodding from European Union anti-trust officials concerned about the operating system's potential effect on the competition. The Windows Vista Security Center will now not send security alerts to users who have installed security consoles from rivial security companies. Additionally, Microsoft claimed to have devised a "new security approach", allowing access to the kernel but retaining PatchGuard.

These changes, plus concessions in the browser upgrade process and an agreement to submit Microsoft's Adobe PDF rival XML Paper to a standards body (our money’s on Microsoft favorite - the European Computer Users Association) led Microsoft's top legal eagle Brad Smith to conclude: "We feel that we can move forward [with Windows Vista] in compliance with EU law."

Microsoft watchers, though, will be more than familiar with the company's policy of taking a drip-drip approach to releasing clear documentation on Windows APIs, with information only released either as a last resort or under pressure from judges.®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.