Microsoft 'taking security risks'

Vista is a crucial release for Microsoft

Microsoft is taking security risks with its forthcoming Vista operating system, says software firm McAfee.

The security specialist has taken out a full-page advert in the Financial Times to alert readers to its concerns.

It feels the tech giant is increasing risks of hacks and viruses by locking out third-party software firms from its in-built security system for Vista.

The row also involves the European Union, which is watching Vista's release for signs of monopoly abuse.

"With its upcoming Vista operating system, Microsoft is embracing the flawed logic that computers will be more secure if it stops co-operating with the independent security firms," wrote George Samenuk, McAfee's chairman and chief executive in the advert.

'Preventing releases'

McAfee says Microsoft is stopping security firms from accessing the core of the operating system, called the kernel, and is therefore preventing them from releasing third-party security add-ons.

If Microsoft wants to make Vista more secure, it should provide equal access to the platform Symantec weblog

Attacks on the kernel of an operating system - such as malicious drivers for peripherals and rootkit hacks - have become commonplace among users of Microsoft's Windows XP.

Microsoft is locking security firms - and other software developers - out of the core in an effort to prevent kernel attacks on Vista.

"Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats," the advert said.

"Only one approach protecting us all: when it fails, it fails for 97% of the world's desktops."

'Constructive dialogue'

A Microsoft spokesman said: "Our goal is to deliver a fully innovative, secure version of Windows Vista that is compliant with EU law. We have an ongoing and constructive dialogue with the European Commission on these issues."

The European Commission is involved in the debate after it fined Microsoft 497m euros (£335m) in 2004 for anti-competitive behaviour.

Security firms such as McAfee and Symantec believe Microsoft's actions around security for Vista amounts to a similar anti-competitive stance.

Last month the European Union competition commissioner, Neelie Kroes, accused Microsoft of orchestrating a "co-ordinated campaign" to discredit her.

McAfee and Symantec have both stated that the core security systems for Vista have already been breached by hackers.

"These new technologies, along with Microsoft's unwillingness to make compromises in this area have serious implications for the security industry as a whole," Symantec said on its security weblog.

It added: "If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and manufacturers can continue to choose the best security solutions for the platform."