If Sophos and Kaspersky can do it, why can't Symantec and McAfee?

DailyTech has already reported that Kaspersky and Sophos have taken Microsoft's side when it comes to Vista's Kernel PatchGuard. However, the new security feature has come under fire from Symantec and McAfee which prompted Microsoft to add a few APIs to give security firms secure access to the kernel. Despite the perceived generosity by Microsoft, Symantec and McAfee still weren't convinced that Microsoft was working in their best interests.

With Symantec and McAfee publicly airing out their grievances with Microsoft, Sophos has successfully navigated Kernel PatchGuard and is putting its full support behind Microsoft. In fact, Richard Jacobs, the CTO for Sophos, didn't mince words when talking about Symantec and McAfee. "Symantec and McAfee may be struggling with HIPS [host intrusion prevention system] because they haven't coded their solutions with 64-bit Vista in mind. We've taken a different approach to HIPS, by focusing more on catching bad behavior by analyzing code before it executes," said Jacobs.

By not directly accessing the kernel, Sophos is able to offer OS protection without butting heads with Kernel PatchGuard. The company instead uses "genotyping" to scan files for "potential malicious intent" before they have a chance to execute. The file is then blocked from running if a "preponderance of evidence" is found which would indicate that file is malevolent.

While Sophos is confident that it will be ready when Vista hits store shelves, Ron O'Brien, a senior security analyst for Sophos, notes that secure APIs will be beneficial to all as Vista matures as an operating system. "The availability of APIs is going to be important as we go forward [with Vista]. We need to be in on the dialog with Microsoft," said O'Brien. As to the whole Microsoft-Symantec-McAfee spat, O'Brien had this to say, "There are a number of issues unrelated to securing the kernel that are being avoided by having this public debate. I think they see their share of the consumer market at risk."

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki