Print 77 comment(s) - last by JMecc.. on Oct 4 at 3:34 PM

Vendors claim that being denied access to the core of Vista seriously hampers their ability to protect users

McAfee Inc. has thrown down the gauntlet in its dispute with Microsoft's decision to lock down the core of their Vista operating system. The security software vendor has a full-page ad in today's Financial Times which berates Microsoft.

McAfee argues that Microsoft is making its upcoming Windows Vista operating system far more difficult to protect by locking non-Microsoft processes out of the kernel. Symantec had a similar beef with this move by Microsoft which was reported on recently by Windows IT Pro:

Symantec has also complained about a new security feature called Kernel PatchGuard that prevents software--malicious or otherwise--from altering the Windows kernel at runtime. In the past, security companies have been forced to patch the Windows kernel because so much malicious software does so as well. That process will not be possible in Windows Vista, which should make the system more secure. Symantec wants it removed.

Microsoft claims that this will keep Vista more secure by allowing only certified programs to access vital components of Windows, but McAfee openly mocks this in its advertisement by challenging:

"Microsoft is being completely unrealistic if, by locking security companies out of the kernel, it thinks hackers won't crack Vista's kernel. In fact, they already have."

A Microsoft representative dismissed this accusation, citing a close relationship with security partners during the development of Windows Vista. On the other side of the coin, vendor Trend Micro currently has a beta release of their anti-virus software available for Vista, which may have prompted other companies to suspect preferential treatment.

A scan of the article was unavailable at the time of this posting.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Kernel Mode Processing a Large Risk
By Flunk on 10/2/2006 4:15:15 PM , Rating: 4
Being able to communicate directly with the kernel is an enormous security risk. Windows never should have allowed this in the first place. Locking out this feature locks out a lot of the worst viruses for windows and this is not the only OS to feature this sort of protection. The kernel in Mac OS is so abstracted as to be practically unreachable. MS is not doing this to spite anyone, but to fix an enormous flaw in there software. It's not like MS is allowing their own AV apps to run in the kernal either. McAfee and Norton should go away, you can get protection that is just as good for free now anyway.

By QueBert on 10/2/2006 5:03:10 PM , Rating: 1
I cannot agree, simply because I have read (read, don't know if it's fact of fiction) that hackers have already overcome this. So, basically a touted feature for our "protection" has been destroyed, before the product has even launched? greeeeat!

I remember prior to XP, MS was big on the "must register to use blah blah blah" XP was cracked, and downloadable before it even hit store shelves. DON'T leave it up to MS to make computing safer, as they have proven time and time again they cannot.

Also will this lack of Kernel access effect running a shell replacement? I am not a fan of the gaudy Aeroglass interface, I somehow see MS making it tough, if not impossible to run Litestep. Which they probably view as "unsafe"

RE: Kernel Mode Processing a Large Risk
By FNG on 10/2/2006 5:27:50 PM , Rating: 1
Are you mad? Kernel mode is not the reason for most of the flaws. Unnecessary privileged access by users and services is. Do you think that every time IE falls victim it is because it runs in kernel mode? That's a big-fat-negative, keep on truckin' sister. Oh, and find me some free protection that has the ability to roll to 1800 desktops and keep corporate policy and definitions synced during extended disconnects from the corporate network.

I do not see how software can easily and efficiently do real-time file scanning or apply heuristics without access to the kernel. I am guessing to be efficient said software would need to install in the layer above the block device drivers. But I won't pretend to be a hard-core programmer, just attempting some logic here. I am also "ass"uming that doing network activity checking would suffer from the same problem.

I have to guess that there will be some sort of access to the kernel. But as a software/driver vendor will you have to pay big bucks to get a sign off by Microsoft? What does this mean for third-party drivers? Will they all have to be WHQL certified?

By exdeath on 10/3/2006 12:40:29 PM , Rating: 2
"Being able to communicate directly with the kernel is an enormous security risk"

Yeah lets can int 2e (KiSystemService) lol.

"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki