Today's Security Time Fable: The Squealing Pigs, the Golden Goose and the Big, Bad Wolf
Once upon a time there were two little pigs. These two little pigs over time grew very fat by living off of the goose that laid the golden eggs. All of the time they were gorging off of the goose, they complained that it was the gooses fault for laying the golden eggs that allowed them to grow into the big, fat pigs they had become. They in fact grew so big and fat, that they were able to buy or get almost any thing they wanted and did not have to even pay attention to the regular market forces at play in the farm they lived on. One day the goose said that it would listen to the pigs and do something about the golden eggs. This set the pigs off on a real feeding frenzy to build up enough reserves to find something else to take the place of the golden eggs, while at the same time hoping it would never come to that. Sure enough, the goose got serious and turned into a wolf. At this point the two pigs saw the gravy train coming to a stop and started squawking and squealing like fat pigs are prone to do. The farmer would not listen to them, so they swam across the pond with stories of doom and gloom trying to get someone to turn the wolf back into the goose. Moral of the story: Be careful what you wish for, it may just come true.
Recognize anyone here? After years of chuckling, winking and blaming Microsoft for the security issues that it was plagued with, while at the same time making a mint, Symantec and McAfee now know that the game is almost up. As I have written before they have gone on a PR campaign in the EU to try and make some sort of anti-trust claim against Microsoft. This past week they made another claim that Microsoft was shutting them out of the Vista security trough. However, when you look at their claims, you see that they are weak attempts to fudge and cloud the facts. Worse than that even, they are trying to make Vista less secure for the sake of their own financial gain. For a security company this is a cardinal sin.
You can read about these ugly facts in a number of places. Larry Seltzer in eWeek has an excellent post called Security, Hypocrisy and the Kernal Patching Spat. TechNewsWorld's, Sonia Arrison has a great piece up focused mostly on how McAfee is trying to stifle anyone's security efforts other than their own (they have of course bad mouthed open source security for a while now). A more technical explanation of the issues raised by Symantec and McAfee and why they are bunk, is up on the securitycurve blog and is an excellent read. I won't repeat everything written in these three articles, but let me give you my own take on them.
The bitching and moaning by Symantec and McAfee come down to two areas. One is in the Windows Security Center. If you have XP with SP2 you probably have this now. As you know it can integrate with 3rd party security tools, but by default works with the MS stuff. It is a really sweet integration with MS OneCare. Under Vista, McAfee and Symantec will not be able to automatically kill the Security Center. To do this will require actual user intervention. McAfee and Symantec claim this is unfair. Give me a break guys. Either continue to make your product show up in Security Center or make a good wizard to walk users through disabling it.
The second issue is over something called PatchGuard which will only effect 64 bit versions of Vista at first. This makes sure that 3rd parties cannot use undocumented and unsupported techniques for modifying the kernel to make it more secure. Microsoft themselves will have to live by these rules, as well as everyone else. Again McAfee and Symantec want us to believe that MS in trying to make the OS and kernel more secure, they have inhibited their ability to compete. Again, enough guys. In none of these are either Symantec or McAfee saying what the real problem is, namely that with OneCare Microsoft has a product that competes head on. If not for that, they would not be saying boo here. Lower your prices guys, make better distribution deals and either compete or get out of the market. But stop the propaganda and lets not make us all suffer with less security for the sake of your appetites.