backtop

Print E-mail del.icio.us 70 comment(s) - last by peternelson.. on Oct 17 at 2:12 PM
Symantec and McAfee get an early Christmas present from Microsoft

Microsoft has given in to pressure from the European Union (EU), Symantec and McAfee with regards to kernel-level access in Vista. Microsoft has introduced a new protection system called Kernel PatchGuard to secure Vista's kernel from modifications by either programs or hackers. Symantec and McAfee (in a rather bold move) balked at such changes and said that Microsoft was locking them out entirely from providing security software for Vista.

Despite support from Russian-based Kaspersky in the matter, Microsoft has decided to make available kernel-level APIs to give security firms secure access to the Vista kernel. Microsoft feels that this addition along with changes in the way that Vista's Security System reports warnings will be enough to satisfy not only Symantec and McAfee, but also the EU. Here's a clip from Microsoft's Brad Smith on the subject:

Some security vendors expressed some concerns to the Commission, and to us, that they had previously used access to the kernel to facilitate features in their own product and that they would no longer be able to do so. We were concerned that it would be a mistake for the future of computers if PatchGuard were to be removed or eliminated. We devised a new engineering approach that will create and extend new kernel level APIs so that PatchGuard will be retained, the security of the kernel will be protected, and yet security vendors will have an opportunity to meet their needs through these kernel level API extensions. We felt that this was again the right kind of solution that meets the needs and obligations that we have under competition law, whilst also meeting the needs of computer users around the world.

When notified of the change, a representative for Symantec responded with "We have not seen anything yet. These are technical issues. Until we actually see the APIs, all we know is what they [Microsoft] have said in the media. If it is true, then it would be a step in the right direction for giving customers the choice to use whatever solutions they would like." Likewise, a spokesman for McAfee stated "We are encouraged by Microsoft's recognition that there is a problem. However, we do not have specific information on the nature of these changes, or their timing."

We will surely be hearing more about these kernel-level APIs within the coming weeks as Microsoft works together with security firms. Given that this seems to be a last minute change of heart on the part of Microsoft, it remains to be seen whether the changes will be in place in time for Vista’s November RTM date.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Why.....
By RMSe17 on 10/16/2006 2:25:14 PM , Rating: 2
This is stupid, microsoft should not be giving up on it's own security model this easy. By giving out API to kernel access, they are making it easier for security to be compromised.




RE: Why.....
By imaheadcase on 10/16/2006 2:46:03 PM , Rating: 2
The real winner her is Kaspersky, just be agreeing with MS im sure MS is going to help them more than the others now.


RE: Why.....
By zombiexl on 10/16/2006 3:20:24 PM , Rating: 5
quote:
The real winner her is Kaspersky, just be agreeing with MS im sure MS is going to help them more than the others now.


They make a better product than McAfee or Symantec anyway so they deserve more help.


RE: Why.....
By FITCamaro on 10/16/2006 3:39:35 PM , Rating: 5
I agree. Microsoft is letting other companies tell them how to write their software. In my mind, if the EU, Symantec, and McAfee have a problem with it, too bad. It's Microsoft's damn product and they should be able to develop it however they feel like it (within reason). I'd rather have a locked down kernel that other AV software makers can't touch (and thus hackers have a harder time of accessing). Now hackers have one more possible security vulnerability to exploit. I hope to god these APIs aren't going to give anything more than read access to the kernel or hackers are going to have a field day.

Regardless of anyone's security, hackers will always find a way in. No complex software is completely secure.

I find it extremely amusing that a lot of you rip on Microsoft when 99% of you couldn't do any better of a job. I know I couldn't. Unless you're a designer/developer of Unix, Linux, or Mac OS X, you have no room to talk. And I'm sure for that statement this post will get a low rating.


RE: Why.....
By FITCamaro on 10/16/2006 3:41:07 PM , Rating: 5
Oh and Microsoft, please also include a way to remove or disable these APIs for those of us who don't plan to use McAfee's or Symantec's products.


RE: Why.....
By wien on 10/16/2006 3:55:14 PM , Rating: 3
Of course we can't do any better! That's why we go to Microsoft in the first place. Does that really mean we have to shut up and take it up the backside?


RE: Why.....
By FITCamaro on 10/16/2006 4:53:57 PM , Rating: 1
No. It means you should realize that they do the best job they can to create a secure OS that everyone can use and enjoy. Blame the hackers out there trying to steal your data and make your life a living hell for causing problems. No Microsoft shouldn't leave every door open for them to do it but its not their fault people exploit their products.

Put the blame where it belongs.


RE: Why.....
By wien on 10/16/2006 5:14:27 PM , Rating: 2
Well, if hackers.. erhm.. hack, their best is obviously not good enough then, is it? Does the fact that they did their best make everything okay? I don't think so, and that's why I will keep complaining until Microsoft try harder, and (hopefully) get it right. (It is due.) If we just pat their backs and say, "well at least you tried", do you think they will ever get better? It's not like Windows is the pinnacle of OS technology. There is infinite room for improvement.

EDIT: Why, oh why does everything go "Ooops, wrong" with this comment-system if I use more than 4 seconds to write a reply?


RE: Why.....
By akugami on 10/16/2006 6:53:05 PM , Rating: 2
BS. If they did the best job they can they would have avoided the travesty that the integration of IE into the OS created. MS is all about maintaining their monopoly and integrating IE into the OS was only to help kill Netscape. There have been other design issues like ActiveX, DLL hell, and various other problems (minor and major). When your product, out of the box can be compromised in 10 minutes flat by script kiddies and not actual hackers, then you have serious security flaws. As much as we hold the MacOS and Linux as a higher standard for security, it's only because they are built with security in mind. Do I think the MacOS and Linux can be compromised? Of course, but that doesn't mean that it has to be easy to get into, unlike the swiss cheese wall that is security on Windows.

To be fair, MS seems to be making a major design shift and is actually serious about it's effort to overhaul their OS and make it safer and more secure to use out of the box. However, they are being undermined by companies like Symantec and McCaffee.

I also use Windows everyday and have a high level of knowledge so it's unlikely I'll get hit with any bugs or virii. However, Joe Computer User doesn't have knowledge such as those reading Dailytech.com. Those are the guys most likely to suffer from Windows' design flaws.


RE: Why.....
By cubby1223 on 10/16/2006 3:45:40 PM , Rating: 1
quote:
This is stupid, microsoft should not be giving up on it's own security model this easy. By giving out API to kernel access, they are making it easier for security to be compromised.

Who said Vista is 100% secure to begin with? And if some virus or worm does get into the kernel, how the heck can it be removed if all other software is forbidden to touch it? Who knows, maybe doing this will also allow for system cleanup to be possible without having to reload Vista from scratch.


RE: Why.....
By sxr7171 on 10/17/2006 12:56:32 AM , Rating: 2
It's called playing the game. If some kid in Pakistan can write something that can compromise this so called "protected kernel" then why can't these stupid corporations with multi-million dollar research and development budgets develop something that can go in there and get it out? I'd rather have a kernel that is protected as best as can be. The fine people at Kaspersky seem to have no problem with a protected kernel - that's because they are truly talented and confident people.


RE: Why.....
By mindless1 on 10/16/2006 7:53:01 PM , Rating: 2
It has to be seen in context. MS had already advertised security on WinXP, but take for example situations where someone claims they were infected by a virus but they don't practice OTHER safe computing practices like Antivirus Software or whatever their activities warrant.

So do we take the word of a company that will yet again claim security? Let's HOPE, and let's patch, and let's have additional layers of security TOO!


even so
By sprockkets on 10/16/2006 2:42:07 PM , Rating: 1
there are just a few things to keep in mind. don't we have

user/admin or simply no admin account to hack?
safeguards against this via not running unsigned programs?
and if it got around that, what would it matter if they found a way to hack the kernel?

If vista gets hacked, it most likely will not happen to the level that happened with blaster. not even xp seems to have major issues anymore.




RE: even so
By lennylim on 10/16/2006 2:57:26 PM , Rating: 2
quote:
If vista gets hacked


*cough* When *cough*


RE: even so
By stmok on 10/16/2006 3:39:38 PM , Rating: 3
quote:
If vista gets hacked


Vista has already has been hacked by Joanna Rutkowska. (A Security Researcher).

She was the first to publically demonstrate this at the Black Hat Security conference back in August.

She did two things...

(1) She demonstrated that unsigned drivers are able to load in Vista.

(2) Blue Pill...This is the name of her concept malware that she wrote. It uses AMD's Pacifica (Virtualization Technology) to gain root or admin privilages in Vista, allowing you to do anything.

And if you think you'd be safe using an Intel VT based chip, think again. All she has to do is buy an Intel based system and port her code over to make it compatible with Intel VT processors!


RE: even so
By FITCamaro on 10/16/2006 3:44:27 PM , Rating: 2
quote:
(1) She demonstrated that unsigned drivers are able to load in Vista.


Uh...yeah and? Anyone can load unsigned drivers on 32-bit Vista. The only version of Vista that will have restrictions on unsigned drivers is the 64-bit version. And you'll be able to disable that most likely. Developers need to be able to write new drivers and those aren't signed until you've tested them.


RE: even so
By stmok on 10/16/2006 3:48:57 PM , Rating: 2
quote:
The only version of Vista that will have restrictions on unsigned drivers is the 64-bit version.


*sigh*
That's the version she compromised!
http://blogs.zdnet.com/Ou/?p=292

What's your response now?


RE: even so
By Brainonska511 on 10/16/2006 3:55:12 PM , Rating: 3
It's the BETA version. It is not a full production model. Duh.


RE: even so
By othercents on 10/16/2006 4:00:14 PM , Rating: 2
Drivers are a very interesting issue. I use unsigned drivers because I can get updates quicker than if they are signed. Most of the times companies release unsigned drivers for minor updates and signed ones when there is a major change. However unlike Macs, PCs have a bunch of different manufacturers that build drivers for PCs. The only way I can see being able to lockdown an operating system is to lock it down based on vendor specific information. That way Dell has their computers locked and only a Dell technologist can upgrade the drivers.

However doing this removes the ability for DYI type stuff. The whole premise of PCs is being able to build your own and upgrade as you want instead of being stuck with a specific vendor like you are with a Mac.

Other


RE: even so
By sxr7171 on 10/17/2006 1:20:19 AM , Rating: 2
quote:
The whole premise of PCs is being able to build your own and upgrade as you want instead of being stuck with a specific vendor like you are with a Mac.


For some, not everyone. Their should be choices for everyone. If I build my own machine, I better be able to put whatever I want on it. If Dell built it, I'd like the option to do whatever I want on it as it is my machine and putting in non-Dell PCI cards should allow you to put in whatever driver you want for it. Even in the case of Dell specific parts the "lockdown" software should let you say "yes" to a disclaimer that lets you waive tech support for the item you are installing non-standard drivers for.