Microsoft says it handed over one of two new sets of Windows Vista security APIs to security vendors on Monday, enabling these companies to create products that can disable Vista's Security Center dashboard. However, Microsoft says it won't be able to release the second set of APIs, which will let security products interact more closely with the Vista kernel, until next year. Microsoft announced it would provide this first set of APIs last Friday in a bid to quell complaints that Vista was too restrictive to third-party security software developers.
The new code provides the opportunity for companies such as Symantec and McAfee to replace Vista's Security Center and its associated pop-up notifications with their own dashboards and notifications. Microsoft had originally hoped that security companies would stop proliferating competing security dashboards on users' PCs and simply link to Microsoft's solution. But amid many complaints and possible European Union (EU) intervention, Microsoft relented. However, Microsoft says a competing dashboard will be able to replace Security Center only if the vendor duplicates all Security Center functionality.
The second set of APIs could take as long as a year to develop. If that happens, Microsoft might include the second set with Vista Service Pack 1 (SP1), which is scheduled for release in late 2007. Those APIs will let security vendors interact with the Patch Guard feature, which is available only in the 64-bit versions of Vista. Without having this second set of the APIs, security vendors are essentially locked out of the Vista kernel in 64-bit versions of the OS. Not having the APIs won't be a huge problem in the short term, but 64-bit Vista versions are expected to become more popular over time.
Though Microsoft appears confident that the changes it announced last week will appease both antitrust regulators and competitors, the security companies that publicly blasted Microsoft's changes to Vista are adopting a wait-and-see stance. "While we are encouraged by \[Microsoft's\] statements, the operative question is exactly when will the final detailed information be made available to security providers?" a posting on the Symantec Web site reads. And time is running out: With Vista due to be completed in the coming weeks, security firms