Vista May Leave You Exposed

Microsoft is at odds with anti-virus giants Symantec and McAfee over a denial of access to the “kernel” which permits them to adequately protect the operating system. Is this another anti-trust issue? The European antitrust regulators think so, and have warned Microsoft not to shut out rivals in security software and other markets. To reinforce the point, the European Union so far has fined the Redmond, Wash., company $970 million over the current flavor of Windows.

Rowan Trollope, Symantec’s vice president for consumer engineering. was quoted as saying “And now (with) basically a very short amount of time before the operating system comes out, we’re not in a good position to provide that security to our customers.” McAfee says the same. And that could leave a lot of end users unnecessarily exposed with an upgrade to Vista.

Security vendors claim they have been locked out of access to the core, or kernel, of higher-end, 64-bit versions of Vista. A new Microsoft feature commonly called PatchGuard is meant to protect the most sensitive information in the guts of the system. While blocking out hackers, PatchGuard also keeps out security vendors that have traditionally been allowed inside to retrieve necessary information. As a result, vendors say their products will lack advanced security features for 64-bit users. Note that the 32-bit version that consumers are likely to get does not include PatchGuard, and thus can be adequately supported by third party security vendors. But businesses which purchase the 64-bit version may be exposed.

Microsoft now competes directly with Cupertino-based Symantec and Santa Clara-based McAfee with its own product, called OneCare. This is posing a substantial threat to vendors who have been vital to protecting generations of Microsoft operating systems. Is anyone else having a feeling of deja vu? I remember when Microsoft first bundled Internet Explorer inside its Windows operating system; effectively knocking successful Netscape out of the ring. I was a loyal Netscape user, and hung on as long as I could, but eventually, despite the many holes in IE, I made the switch. It just made sense to go with the integrated product.

Industry analysts have said Microsoft’s new dual role could inadvertently make the operating system more vulnerable. It’s hard to believe, given all the holes in past versions. But in fairness, Microsoft has always presented a big target, thereby drawing far more arrows than other operating systems. Nonetheless, it seems only logical that it will be nearly impossible for the lumbering giant to respond to new security threats as nimbly as third-party companies such as Symantec, McAfee, and others.

What does this mean for your firm? Wait. And then wait some more. Do not run out to buy and install the new Vista operating system. Even if this security issue is resolved, trust me when I tell you that you do not want your firm to be one of the first to install this new operating system.

Experience calls for a wait period of four to six months following release for the “kinks” to be worked out. During that period, the largest businesses with the most IT staff will do the field testing for you. They will uncover the hardware and software incompatibilities. Patches will be released to correct the problems. New drivers will be required for many devices. Many applications will need patches to make their software more compatible.

If you’re a typical law firm, you have limited IT resources. Don’t waste them needlessly. Don’t risk the disruption. Just be patient. When it’s time to actually purchase and install the new operating system you’ll hear about it here and elsewhere.


To return to the main page of the blog, click here. To return to the blog Index, click here.

WordPress Themes