Microsoft in multiple security rows

Posted by   Virus Bulletin on   Oct 24, 2006

AV firms, Apple and Secunia embroiled in MS spats.

Operating system giant Microsoft is engaged on multiple fronts in a series of security-related PR battles.

The longest running dispute, concerning access to the forthcoming Vista release of Windows, has become increasingly heated, as McAfee and Symantec, after lengthy lobbying for more information and control, have not only criticised concessions made by Microsoft as inadequate and too late, but claim the promises are unlikely to be fulfilled.

After Kaspersky came out on Microsoft's side some time ago, Sophos has now weighed into the battle with a strongly worded statement from skyscraping CTO Richard Jacobs, claiming the likes of McAfee and Symantec have made inadequate preparations for the Vista release. McAfee has responded by suggesting, in a press release from its VP of Worldwide Corp Comms Siobhan MacDermott, that Sophos is unaffected because it is a 'single product vendor', unlike 'innovative security risk management vendor' McAfee.

Other battles involving Microsoft include the recent virus-infected iPod issue. After Apple's support page warning customers of the danger included criticism of Microsoft for making its OS vulnerable to such malware, Microsoft release scanning expert Jonathan Poon retaliated in a personal blog slamming both Apple's attitude and its security know how.

On a more traditional front, Secunia released details of a vulnerability in IE7 last week, less than a day after full release of the new browser. The report on a content disclosure hole in mhtml handling was then described, in a Microsoft Security Response Center blog entry, as 'technically inaccurate' - the flaw, claimed blogger Christopher Budd, was in Outlook Express not IE7. Secunia has responded by rubbishing the Microsoft statement, insisting that the bug is correctly labelled as it affects users of IE7, and that Microsoft's spin not only attempts to hide the problem, but also risks causing confusion among users and admins.

'Microsoft's reputation for security has always been shaky,' said John Hawes, Technical Consultant at Virus Bulletin. 'With all these debates raging, it's going to be hard for them to improve their credibility and reestablish trust among their user base. It's important to remember that while news and PR can be spun and distorted, in the long term it's sound products and policies that really count.'

On the horizon, an entry in anti-spyware firm Sunbelt Software's blog shows Microsoft hijacking the SpySweeper trademark of fellow spyware-stopper Webroot, and claims the example disproves Microsoft's claims not to be targeting users of existing security products.

Posted on 24 October 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

Paper: How It Works: Steganography Hides Malware in Image Files

A new paper by CYREN researcher Lordian Mosuela takes a close look at Gatak, or Stegoloader, a piece of malware that was discovered last year and that is controlled via malicious coded embedded in a PNG image, a technique known as steganography.

Paying a malware ransom is bad, but telling people to never do it is unhelpful advice

The current ransomware plague is one of the worst threats the Internet has seen and it is unlikely to go away any time soon. But telling people to never pay the ransom is unhelpful advice.

VB2015 paper: VolatilityBot: Malicious Code Extraction Made by and for Security Researchers

In his VB2015 paper, Martin Korman presented his 'VolatilyBot' tool, which extracts malicious code from packed binaries, leveraging the functionality of the Volatility Framework.

VB2016 programme announced, registration opened

We have announced 37 papers (and four reserve papers) that will be presented at VB2016 in Denver, Colorado, USA in October. Registration for the conference has opened; make sure you register before 1 July to benefit from a 10% early bird discount.

New tool helps ransomware victims indentify the malware family

The people behind the MalwareHunterTeam have released a tool that helps victims of ransomware identify which of more than 50 families has infected their system, something which could help them find a tool to decrypt their files.