Print 77 comment(s) - last by JMecc.. on Oct 4 at 3:34 PM

Vendors claim that being denied access to the core of Vista seriously hampers their ability to protect users

McAfee Inc. has thrown down the gauntlet in its dispute with Microsoft's decision to lock down the core of their Vista operating system. The security software vendor has a full-page ad in today's Financial Times which berates Microsoft.

McAfee argues that Microsoft is making its upcoming Windows Vista operating system far more difficult to protect by locking non-Microsoft processes out of the kernel. Symantec had a similar beef with this move by Microsoft which was reported on recently by Windows IT Pro:

Symantec has also complained about a new security feature called Kernel PatchGuard that prevents software--malicious or otherwise--from altering the Windows kernel at runtime. In the past, security companies have been forced to patch the Windows kernel because so much malicious software does so as well. That process will not be possible in Windows Vista, which should make the system more secure. Symantec wants it removed.

Microsoft claims that this will keep Vista more secure by allowing only certified programs to access vital components of Windows, but McAfee openly mocks this in its advertisement by challenging:

"Microsoft is being completely unrealistic if, by locking security companies out of the kernel, it thinks hackers won't crack Vista's kernel. In fact, they already have."

A Microsoft representative dismissed this accusation, citing a close relationship with security partners during the development of Windows Vista. On the other side of the coin, vendor Trend Micro currently has a beta release of their anti-virus software available for Vista, which may have prompted other companies to suspect preferential treatment.

A scan of the article was unavailable at the time of this posting.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Kernel Mode Processing a Large Risk
By FNG on 10/2/2006 5:27:50 PM , Rating: 1
Are you mad? Kernel mode is not the reason for most of the flaws. Unnecessary privileged access by users and services is. Do you think that every time IE falls victim it is because it runs in kernel mode? That's a big-fat-negative, keep on truckin' sister. Oh, and find me some free protection that has the ability to roll to 1800 desktops and keep corporate policy and definitions synced during extended disconnects from the corporate network.

I do not see how software can easily and efficiently do real-time file scanning or apply heuristics without access to the kernel. I am guessing to be efficient said software would need to install in the layer above the block device drivers. But I won't pretend to be a hard-core programmer, just attempting some logic here. I am also "ass"uming that doing network activity checking would suffer from the same problem.

I have to guess that there will be some sort of access to the kernel. But as a software/driver vendor will you have to pay big bucks to get a sign off by Microsoft? What does this mean for third-party drivers? Will they all have to be WHQL certified?

"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki