Cousin Jeff says it's going to be alright
I've been worried a little over the past several days that McAfee and Symantec are going to strong-arm Microsoft into weakening the protection on 64-bit Windows Vista, just because S&M can't figure out how to write software for the new operating system without using undocumented and unsupported functions that have gone away in Vista64.
Amusingly enough, Symantec's competitors, Sophos, respond to the assertion that the world will be forced to run Microsoft anti-virus software by announcing that Sophos' antivirus software will work quite happily on Windows Vista, and that Sophos isn't quite sure what all the fuss is about.
Symantec, by coincidence, have been exhibiting the sort of track-record that befits someone who wants a toe-hold in the kernel, by showing off a kernel-mode escalation of privilege vulnerability. Whoops. [McAfee is no stranger to buffer overflows, either - a Google search for McAfee, "Buffer Overflow" and Vulnerability leads to a couple of fun articles on the topic.]
But cousin Jeff puts my worries to rest, by noting that Jim Allchin, straight-shooter that he is, has declared that Microsoft won't be letting any vulpine-looking animals manage the security of this particular coop. Not Microsoft OneCare, not Symantec, not McAfee, will be given the ability to patch into the kernel. Note that - not even Microsoft.
No, the Windows Kernel in 64-bit Vista will be written by the Windows Kernel team. Its purpose will be to act as an OS kernel, not as a lackey for whatever program can figure out how to subvert it. Symantec and McAfee can scan files for viruses the same way that Microsoft's security tools will, and the same way that Sophos' tools will, by hooking in to documented, standard, supported APIs.
I guess McAfee and Symantec will have to send their developers on a training course, to learn how to straighten up and fly right, rather than achieve all their goals by hacking around the OS.