Tuesday, October 03, 2006


Symantec and McAfee have been griping about patchguard again. But all patchguard does is to protect the kernel against modification, anti-virus products are still supported and there is an entire filtering infrastructure provided that allows anti-virus to work without hooking the kernel. Robert McLaws does an excellent job of separating fact and fiction here.

I don't run AV on my personal machines. I find that the machines become markedly less stable and considerably slower with the AV installed. The major reason for that is that the AV programmers are hooking the kernel to implement their systems. The people doing this don't have the kernel sources, they only have a limited understanding of the kernel architecture.

McLaws points out that there is a fully documented filtering API in Vista and that the Microsoft products run on top of the filtering API. Not only is this more efficient, it is less likely to lead to system problems as unknown third party code interacts with the kernel.

It appears that the real reason that McAfee and Symantec are complaining here is that Microsoft has made it too easy for competitors to implement AV in Vista. Meanwhile they will be forced to rewrite their AV engine to work on the new platform which will cost them money.

There is a history here that the McAfee and Symantec management should remember. Long ago in the distant past there were two companies that were king of the word processor and spreadsheet software markets. The reason that Lotus and WordPerfect lost their market clout was their failure to support the new Windows platform when it was released. Instead management sat twiddling their thumbs waiting to see whether OS/2 or Windows would be the eventual winner.

IBM and Microsoft both spent considerable time and effort trying to persuade Lotus, WordPerfect to support their platform and both were rebuffed. One of the (many) reasons that Microsoft won was that they were able to provide a decent Word processor for Windows by porting the product they had previously written for Macintosh.

McAfee and Symantec are in a very similar position. They have a cash cow that dumps a huge amount of cash into their corporate coffers each year. Doing the job right on Vista would cost a tiny fraction of that revenue.

No comments: