Microsoft Vista Security Discussions Start Badly

Security vendors looking to gain insight into Microsoft’s plans for opening up the Vista operating system kernel were frustrated Thursday morning when a technical glitch kept many from joining the first online discussion of this issue.

“Oops,” wrote Microsoft Senior Product Manager Stephen Toulouse in a blog posting on the subject. “We had a glitch where we sent out a messed up link. … We’re very sorry about that, it certainly was not intentional and we definitely see that was not a good thing for people to experience on such an important topic.” His blog post can be found here.

Microsoft set up the meeting to talk about how it plans to give security vendors access to Vista’s kernel on 64-bit systems. This has been a contentious issue, as Microsoft had initially planned to lock software vendors such as Symantec and McAfee out of the kernel, claiming this would make Vista more secure. The security vendors said this would harm their products, and Microsoft finally capitulated, after first being warned by European Union regulators.

Microsoft rescheduled its Thursday-morning Web conference after it realized it had sent out a bad LiveMeeting link to participants, but in the end some security vendors were shut out of the meeting.

Most of Symantec’s team, for example, was unable to attend. “It turned out that everybody on our team was not able to make the first meeting but one guy,” said Cris Paden, a Symantec spokesman.

Microsoft set up a second meeting for later in the day Thursday to take questions from those who missed the first, Paden said. A further meeting is also planned for Monday, according to Toulouse.

Late Thursday, McAfee said there was “little indication” that Microsoft planned to live up to its promise, made late last week, to work with security vendors on several issues relating to Vista. “We have been greatly disappointed by the lack of action by the company so far, and Microsoft has not lived up, either in detail or in spirit, to the hollow assurances offered by their top management,” said Christopher Thomas, McAfee’s outside legal counsel in Brussels, in a statement. Thomas is a partner with the Lovells law firm.

Sunbelt Software President Alex Eckelberry said the mix-up was due to an honest mistake with Microsoft’s conferencing software. “Someone at Microsoft accidentally sent out the LiveMeeting presentation invites as “presenter,” which if you’ve ever used LiveMeeting, is an invitation to chaos,” he said in a blog posting. “Realizing their error, the meeting was rescheduled for 30 minutes later, and that didn’t all come together, because the meeting had been originally set up to end at 12:30 [Eastern time], so we were promptly all kicked off.”

“While I have my disagreements with Microsoft on the PatchGuard issue, I must defend them in this instance,” he added. “It was a case of a few honest mistakes made by well-intentioned people, probably working under a tremendous amount of stress.” Eckelberry’s blog posting can be found here.

Microsoft has said it expects to make new kernel application program interfaces for security products available as part of the first major “service pack” update to Vista. Security vendors are pushing to have them included sooner.

By Robert McMillan, IDG News Service (San Francisco Bureau)

Related Link:

• Microsoft Gives Vista OS Code to Security Vendors

Keep checking in at our Security Feed for updated news coverage.