You'll recall that last week, we ran a story on Microsoft locking third-party security vendors out of the kernel in the 64-bit version of Vista. Judging by your responses, it seems like folks in the IT world aren't all too excited about the prospect of a world where Microsoft-branded security reigns supreme on the desktop. Since then, however, things have become a bit more clear. First off, McAfee continued their grandstanding, this time using ZDnet as a soapbox. The security company's chief scientist George Heron wrote a piece for the website titled "Why Microsoft is wrong on Vista security" (take your guess as to where he stands on the issue). He reiterates McAfee's belief that the end product of Microsoft's actions will be a less secure platform for Windows users and details how some of the advanced functionalities of current anti-virus software will be disabled in Vista.

Currently, most anti-virus software on the market monitors the order and frequency of API calls, in order to detect zero-day bugs that may not yet exist in the database of known viruses. After detecting such a virus, the software sends an application terminate call to the kernel and the virus is stopped in its tracks. However, Vista's new PatchGuard software (designed to stop viruses) will detect and prevent all API "hooking"--including the type detailed above. Despite previous reports, Microsoft will not allow this level of kernel access for any anti-virus software, including it's own.

So what does this mean for enterprises? Heron has some thoughts on the matter, claiming that "The net-net is that the user is demonstrably less safe as compared to during the XP days, when security vendors could use their advanced behavioral features." Is this really true though? Obviously, Heron has a vested interest in the matter, so might this simply be a case of security companies complaining instead of evolving to provide security within the new set of constraints that PatchGuard imposes?

As far as I can see, the answer revolves around two key questions. First, will Microsoft's built-in solution be easy to disable and uninstall and will it be just as easy to install a third-party solution without complications? And secondly, will security developers be able find an alternative means for detecting and combating zero-day bugs--before Vista launches?

There's a lot of mud being slung here and it's interesting that through all of this, Microsoft has chosen to stay mum on the topic. It will be interesting to see how the company justifies PatchGuard in the face of these allegations from security vendors. Does Microsoft have a security ace up its sleeve? Or will Vista really be a less secure platform than XP? You'd think that they would have learned their lesson about bundling software by now, wouldn't you?

For more on Vista security:
- check out George Heron's article on ZDnet