Microsoft security manager Stephen Toulouse hit the road this week in an effort to quell concerns his company is trying to drive security vendors out of business with its various security tools, including those being baked into Vista.
Vendors are racing to keep up with the software giant, which has moved aggressively into the security market in recent years with offerings like the firewall in Windows XP Service Pack 2 (SP2), as well as an antispyware and malware removal tool that's updated each month. More recently, Microsoft rolled out Windows Live OneCare, which combines antivirus, antispyware and firewall capabilities into one tool.
All eyes are now on the security features being integrated into Vista, scheduled for release early next year. Microsoft proudly demonstrated those features at last month's Black Hat USA 2006 conference in Las Vegas.
Executives at Symantec Corp. and other security vendors recently expressed fear that some of Vista's security technology will make it harder for them to build products that protect customers. One of their concerns is that Vista's PatchGuard feature, designed to prevent malicious people from accessing the kernel, among other things, will also prevent any security software other than Microsoft's from functioning on a user's PC.
In a recent interview, Symantec CIO David Thompson said, "What this does is limit our ability to build products that are compatible with Vista. That's bad for customers."
Toulouse, senior product manager for Microsoft's Security Technology Unit, said security vendors needn't worry about being locked out of Vista or being driven from the market, for that matter.
"I disagree with those who say our security moves are endangering the future of independent security vendors," he said. "The threat landscape is always changing and I don't agree that individual companies will go away."
As new threats emerge, he said, there will be plenty of opportunity for different vendors to distinguish themselves with new tools that address particular security needs.
"Microsoft is not secretly plotting to crush all security vendors and take over the market," he said. "Partnerships with other vendors remain at the core of our business model."
Toulouse said that will especially be true when Vista comes out. A range of security features will be built into the operating system, but users will be able to disable those features if they wish to use security tools from another vendor.
"Customer choice is important, so we'll have the ability for the third-party solution to disable the foundational features in Vista," he said. "People want to be able to use third-party solutions, so we're allowing that."
However, he said, Microsoft will ask third-party vendors to tweak their products so that if they're uninstalled at some point, the Vista features will automatically be re-enabled.
It's unclear at this point if that will be acceptable to third-party vendors. Toulouse said he hasn't received any feedback on that point yet, but that he has heard from vendors who are pleased that Vista security tools can be disabled to allow the use of their products.
Despite Toulouse's assurances, analysts do believe the software giant's thrust into the market poses a danger for security vendors, and those who don't stay innovative will be absorbed by other companies or will disappear altogether.
Analysts have said that security companies need to focus on products that improve the user's experience, particularly those that roll multiple tools into one management interface.