backtop

Print E-mail del.icio.us 69 comment(s) - last by PitViper007.. on Oct 20 at 3:32 PM
The kernel fight continues with Windows Vista

We all thought that it was over with Microsoft's announcement that it would create specific APIs to allow security firms to access the kernel in the 64-bit version of Vista. It was thought that the concession made by Microsoft would be enough to quiet Symantec and McAfee who have been quite upset over Kernel PatchGuard. It appears that we've only just begun and Symantec is even more riled up by Microsoft's announcement.

Symantec claims that Microsoft's APIs are a "red herring" being used to fool the press and put them in a good light. The APIs for Vista 64-bit aren't enough for Symantec and McAfee and they want even further access. Symantec VP of Consumer Products and Solutions Rowan Trollope states that Microsoft isn't doing anyone any favors by providing APIs with secure access to the kernel.

The more general problem illustrated by the Tamper Protection example is as follows: Currently when a security company needs to provide security against a certain class of threat, we are able to do so even if Microsoft does not offer an API. With PatchGuard Microsoft is stepping in and changing the rules…We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers’ machines. Hackers on the other hand have no such issues. Once they workaround PatchGuard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else. So in fact PatchGuard works in favor of hackers in this case.

Two smaller companies, Sophos and Kaspersky, are fine doing it Microsoft's way.  Sunbelt Software has joined in with Symantec and McAfee in disagreeing with Microsoft's security approach. Joe Wilcox, a senior analyst for JuperResearch, agrees with Symantec and the gang. "The situation is like this: Before, Microsoft security partners could take whatever path they wanted to climb the mountain and reach the summit. Now, they will have to use Microsoft security APIs, which create a path--and the only way they're allowed to go up the mountain. But Microsoft's APIan Way won't take them all the way to the summit. There is going to be a problem if the hackers can scale up to the summit by another route, while the security vendors are stuck below on the path."

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
BETA
By Brainonska511 on 10/17/2006 6:26:25 PM , Rating: 1
Why do people keep talking about how Vista has already been hacked.

Does BETA mean anything to these people?




RE: BETA
By Griswold on 10/17/2006 6:29:51 PM , Rating: 1
It's the yellow plague. What did you expect?


RE: BETA
By michal1980 on 10/17/2006 6:32:55 PM , Rating: 3
wait, synamtec complaining about stability of windows?

have they ever installed their program suite too see what happens to windows?

unstability = symantec.

my money is on symantec knowing how to crack windows vista and then using the crack to black mail ms


RE: BETA
By Griswold on 10/17/2006 6:37:59 PM , Rating: 4
Blackmail MS? If bad comes to worse, MS buys symantec and shuts them down for good - actually sounds like a good plan to me.


RE: BETA
By Duwelon on 10/17/2006 6:57:43 PM , Rating: 4
Me too. For my money, Symantec is to Internet Security what AOL is to internet access.

I hope Microsoft says "Ok you don't want it? Then you won't get it."


RE: BETA
By PitViper007 on 10/17/2006 7:52:10 PM , Rating: 5
Agreed. In MHO MS should have never agreed to supplying the API's to Symantec et. al. From what I understand, not even OneCare is going to be able to access the kernel, so what's the beef? The fact that MS is finally trying to do what it needs to to secure it's new OS? Please. Of course Symantec and McAfee are upset. They've built their entire business model off of Microsoft's OS insecurities. I say to them....GET OVER IT!

PitViper


RE: BETA
By MrDiSante on 10/18/2006 5:49:40 PM , Rating: 2
Agreed, Microsoft should be like: "So, you don't want API calls to the kernel? Wonderful. No kernel patching and no APIs. Now rewrite your IS suite so it doesn't noticeably slow down a Conroe system."


RE: BETA
By Etern205 on 10/17/2006 11:12:34 PM , Rating: 2
exceeellleentt! :P


RE: BETA
By Christopher1 on 10/17/2006 9:45:43 PM , Rating: 2
Well, I have to disagree about the Symantec uninstallation stability thing. I have installed Symantec products before, and 9 times out of 10 unless the program was having a problem BEFORE the installation......... it uninstalled fine and I had no stability problems.


RE: BETA
By mindless1 on 10/18/2006 2:03:01 AM , Rating: 3
Is 9 times out of 10 a consolation for the 10th person? The problem was apparently large enough there's been more than one uninstaller updated over time to handle the problems.


RE: BETA
By nerdtalker on 10/17/2006 8:42:24 PM , Rating: 2
Since when do people actually understand anything?

If KAV can do it, Symantec certainly can. The big two AV companies are at it again...


RE: BETA
By Heron Kusanagi on 10/18/2006 1:39:37 AM , Rating: 1
Why can't they all just...get along?

Besides, it's MS style to solve things after they get hacked. Let's see the AV companies laugh at that. For now, let MS do what they want.

I sure hope not many people will buy Vista at release though...


RE: BETA
By blazeoptimus on 10/18/06, Rating: 0
RE: BETA
By Laitainion on 10/18/2006 12:49:22 PM , Rating: 3
But none of the others are complaining, that should tell you something about the nature of Symantec's and Mcafee's complaints. Kaspersky iirc actually backed Microsoft up on this one (can't remember where I read it, so no link), and in addition, Microsofts' own AV solution will likely be in the same boat as everyone elses, since PatchGuard will prevent *any* alterations of the kernel at run time, that would also prevent One Care messing about.
It being a monopolistic move doesn't even make sense, have you *any* idea how much crap from the US and EU courts Microsoft would get if that were to ever happen?


RE: BETA
By Russell on 10/18/2006 12:11:41 PM , Rating: 2
Yes it's a beta however since it's already past the RC2 stage, I seriously doubt MS will be doing much kernal redesign. If the kernal has already been hacked, then it quite likely will remain hackable via similar means in the final release.

Regardless though, Symantec and co can shove it. MS gave them access like they demanded. They should piss off if that's not good enough.


Stay Strong Vista!
By BillyBatson on 10/17/2006 6:57:52 PM , Rating: 3
Fight them all off.
I am glad these companies do not have access to the core of Vista. Why should they? They claim they won't be able to provide an adequate amount of security without it but wouldn't that also allow others to get into it? And even if not I for one do not want security software integrating into everything. I do not run an antivirus program and i never will!!!!!!!!! I remember YEARS ago when i actually purchased Norton. It was horrible, slowed everything down so much especially startup, and almost impossible to uninstall! Most of these programs are harder to get rid of than the software they are supposed to protect you from. SO which is the virus then!? No access, live with it.




RE: Stay Strong Vista!
By Pirks on 10/17/2006 7:25:13 PM , Rating: 3
yeah, give 'em a fat finger Steve! shove it up the Symantec corporate bottom!


RE: Stay Strong Vista!
By cnimativ on 10/17/06, Rating: -1
RE: Stay Strong Vista!
By Ringold on 10/17/2006 7:49:34 PM , Rating: 3
I think you've wound up at the wrong news site. Distrowatch.com sounds similar to Dailytech though, or at least they both start with a D, so I see where you could've got confused. :)

On my X2 3800+ @ 2.6ghz, I notice only a better UI. I haven't tried gaming yet, but since you must be refering to Linux, I'll do you the favor of not trying to compare that aspect. Now, if your Athlon XP 2000+ or Celeron 1.8ghz chugs at Vista, it's because it's not meant for you or that system. That too hard to get?


RE: Stay Strong Vista!
By Pirks on 10/17/2006 8:28:14 PM , Rating: 2
it's not necessarily that this particular kind of moron uses Linux too much - as you pointed out he might just have too weak a system with Celeron or Pentium 3, something like that :)

I just recalled my recent wanderings around Russian DIY PC forums and especially their feedback on Vista - you can't think it up on what kind of machines these Russians try to install Vista - you just won't believe people would try THAT!!! trying to install it on some obscure 12 GB hard drive from 1998 is one of the mildest things going on there. I also love their.. uh.. impressions after trying to run Vista on GeForce MX 440 and even on GeForce 2 and Riva TNT cards - that's too hilariuos to read, I had to jump outta there or I'd be dead from too much laugh :)

still (still! would you believe that!) most people there LIKE Vista, most of the time - wow, I'm impressed :)) if MS can pull it off impressing people with Vista on Riva TNT I'd stop to be afraid of competition from OS X, at least for a little while :))


RE: Stay Strong Vista!
By cnimativ on 10/18/06, Rating: -1