Saturday, January 27, 2007

Authentium to Microsoft: Don't Go It Alone

There’s been some press the past couple of days regarding the work we’ve been doing in Vista. Let’s clear a few things up:

1. We are Microsoft’s partner. We have a close working relationship. and have had for many years.

2. We support PatchGuard 100%. Contrary to some reports, the technology that we have developed in support of our VirtualATM product does not compromise PatchGuard. Our approach leaves PatchGuard in place and fully operational. Our approach adds a *complementary* layer of security that further protects users of the Microsoft Vista operating system.

3. This is not about anti-virus (1) - our Vista 64 bit anti-virus products are fully-compliant with Microsoft’s mini-filter approach. What we want Microsoft to do is continue to certify new security innovations, such as our TSX technology, as it has always done, so we can provide better protection against financially-motivated threats. Certification would provide a path to interpreting “good” versus “bad” interactions with PatchGuard. We believe this is the best approach.

4. This is not about anti-virus (2) - this is about enabling innovative new technologies and countering new emerging threats and criminal strategies. If new security innovations are not encouraged, consumers will lose out. Competition and innovation in this area can easily be accomplished by continuing Microsoft’s tradition of vendor certification.

5. Many of the threats that we see these days are small, targeted attacks on individual companies or organizations. We believe a certification system is necessary so that non-Microsoft companies can provide these organizations with a choice of innovative approaches, specialized products, or localized services.

6. Our core concern is this - if we (the good guys) can gain access to the Vista kernel, so can sophisticated, well-financed hackers. These days, most hackers are exactly that - sophisticated and well-financed. We implore Microsoft not to “go it alone” in security. We, and other innovative ISVs, have technologies that can help protect Microsoft’s customers.

Note: This technology is not “an integrated part of the ESP platform” as has been reported, although it is possible we may make a module that includes this technology for ESP at some point in the future. The KPP interface currently exists as a standalone technology SDK designed to permit secure end-to-end transactions, currently due for release in December.

No comments: