My previous blog post, The FUDing of Windows Vista, concentrated on how the major tech media organizations are giving Vista a bum rap, either intentionally or out of simple ignorance. But Vista reviewers are not the only ones doing their best to spread the FUD.
Several major security vendors, such as McAfee and Symantec, see Vista as a major threat. Vista's new security features will make it much, much harder to attack. Since these companies make the majority of their money from providing products to protect users from these kinds of attacks, I can understand why they would be worried.
Instead of innovating and coming up with new products and services to supplant a business built on other's mistakes, they decided to try and FUD their way out. McAfee took out a full page ad in the Financial Times that claimed that Vista will be less secure than previous versions of Windows.
McAfee's reasoning is that because Vista prevents direct access to the kernel via a technology called PatchGuard, McAfee will no longer be able to modify Windows at will to provide their services.
Of course, this also means that the bad guys won't be able to either, which is kind of the point. The most dangerous malware out there right now are of the rootkit variety, and these guys rely on patching the kernel.
Furthermore, Microsoft has never supported directly patching the kernel. In addition, Microsoft has provided a rich set of APIs to perform the tasks that McAfee and Symantec need for their product to function. How do I know these APIs work? Maybe because several other security vendors, such as AVG, Kaspersky, and even Microsoft, have already released Vista compatible security suites that use these APIs are work just fine.
Lastly, PatchGuard is only in Vista x64, which probably won't be adopted in wide form for at least another year. Not to mention the fact that Microsoft has a nearly identical feature in XP 64 bit edition, and announced their intentions to include it in Vista x64 several years ago. McAfee and Symantec have had ample time to fix their stuff.
The other feature of Vista that these vendors are getting upset about is the Security Center. The Security Center basically just gives you one stop shopping for all your computer's security related settings. In order to provide a consistent user interface (consistency is a key for usability, and when it comes to security that's very, very important) they prohibit 3rd parties from modifying the interface. Instead, if you have a 3rd party firewall or antivirus package, it will list them in the security center and provide links to modify their settings.
McAfee and Symantec didn't like that. Why? Because they want to brand everything they possibly can. They want you to think that the security of your computer is completely dependant on them. That way you'll be less likely to cancel your subscription. So they scream and yell about this, calling it anti-competitive, and claiming that Microsoft is trying to give special treatment to their own OneCare software. They of course ignore that OneCare follows all the same rules that Microsoft is asking McAfee and Symantec to follow.
McAfee and Symantec are terrified that Vista will make their business less profitable, so they're lashing out. They figure if they can scare enough people into thinking that Vista is unsafe, they won't have to spend as much time and money fixing their software and coming up with products that actually provide value to their customers.
Update: Be sure to checkout the 3rd part in my series of blog posts about The FUDing of Windows Vista!