Peter Christy

For some time now we've been counseling our clients (haranguing they would probably say) to deal with Microsoft's $2B/an incremental investment in security and its possible impact on the security ecology. As Vista rattles toward release, some of these issues are coming to a more visible head. Taking full advantage of Microsoft's EU anti-trust problems, McAfee published a letter in the Financial Times noting Microsoft's Vista security actions "unfair" and customer harmful (remember that the sine qua non anti-trust issue is whether the customer is harmed). The question is whether Microsoft's deprecation in Vista of the undocumented interfaces used historically to inject security hooks into Windows is good design (Microsoft's view) or a predatory business act that weaken security for the customer (McAfee's view). Right now, only Microsoft is in a position to objectively argue the case. They claim to have ample evidence of the system instability issues caused by kernel patching. The rest of us will just have to wait. If Microsoft achieves anything like their goal of a factor of 10 platform security improvement for Vista over XP SP2, then the facts will probably speak for themselves.