Sophos backs Microsoft, slings arrows at McAfee, Symantec

Stan Beer
Tuesday, 24 October 2006 08:48

Your IT - Home IT

Whatever semblance of unity that may have appeared to exist among anti-virus vendors has been well and truly shattered with a very public announcement by Sophos. In media statement, the UK-based security vendor has taken a dig at security market leaders McAfee and Symantec without mentioning their names by implying that their arguments with Microsoft are fallacious.

"Other anti-virus firms have recently made high-profile complaints that they are being "locked out" of the Vista operating system kernel by Microsoft's PatchGuard prevention system.  They argue that this is preventing them from continuing to develop pro-active protection against new malware, sometimes referred to as 'host intrusion prevention' or 'HIPS'.  They claim this action is anti-competitive," read the Sophos statement.

"However, Sophos argues that its approach to HIPS technology has met with no problems on both the low-spec and high-spec versions of Windows Vista.  In addition, Sophos claims that Microsoft has so far provided all the interfaces that Sophos needs for providing this form of protection," the statement goes on to say.

Sophos also implies that some security vendors, once again without mentioning Symantec and McAfee by name, may not be up to the technical challenges posed by Vista.

"A number of anti-virus vendors may be struggling with HIPS because they haven't coded their solutions with high-spec Vista in mind," said Richard Jacobs, CTO of Sophos.  "We've taken a different approach, by focusing on catching bad behaviour before it has a chance to occur.  Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert them.  That's why we're ready for 64-bit Vista, and others aren't."

"It's clearly the case that we and other vendors will now have some dependency on Microsoft to deliver kernel interfaces for new security innovations, which could slow us all down," continued Jacobs.  "However this is more than compensated for by the additional security offered by Vista.  PatchGuard is a step in the right direction for customers, and we believe that security vendors should embrace and work with PatchGuard rather than fight it."