Microsoft has given in to pressure from the European Union (EU),
Symantec and McAfee with regards to kernel-level access in Vista. Microsoft has
introduced a new protection system called Kernel
PatchGuard to secure Vista's kernel from modifications by either programs
or hackers. Symantec
and McAfee (in a rather
bold move) balked at such changes and said that Microsoft was locking them
out entirely from providing security software for Vista.
support from Russian-based Kaspersky in the matter, Microsoft has decided
to make available kernel-level APIs to give security firms secure access to the Vista
kernel. Microsoft feels that this addition along with changes in the way
that Vista's Security System reports warnings will be enough to satisfy not
only Symantec and McAfee, but also the EU. Here's a clip from Microsoft's Brad Smith on the subject:
Some security vendors expressed some concerns to the Commission, and to
us, that they had previously used access to the kernel to facilitate
features in their own product and that they would no longer be able to
do so. We were concerned that it would be a mistake for the future of
computers if PatchGuard were to be removed or eliminated. We devised a
new engineering approach that will create and extend new kernel level
APIs so that PatchGuard will be retained, the security of the kernel
will be protected, and yet security vendors will have an opportunity to
meet their needs through these kernel level API extensions. We felt
that this was again the right kind of solution that meets the needs and
obligations that we have under competition law, whilst also meeting the
needs of computer users around the world.
When notified of the change, a representative for Symantec
responded with "We have not seen anything yet. These are technical issues.
Until we actually see the APIs, all we know is what they [Microsoft] have said
in the media. If it is true, then it would be a step in the right direction for
giving customers the choice to use whatever solutions they would like."
Likewise, a spokesman for McAfee stated "We are encouraged by Microsoft's
recognition that there is a problem. However, we do not have specific
information on the nature of these changes, or their timing."
We will surely be hearing more about these kernel-level APIs
within the coming weeks as Microsoft works together with security firms.
Given that this seems to be a last minute
change of heart on the part of Microsoft, it remains to be seen whether the
changes will be in place in time for Vista’s
November RTM date.
quote: The real winner her is Kaspersky, just be agreeing with MS im sure MS is going to help them more than the others now.
quote: This is stupid, microsoft should not be giving up on it's own security model this easy. By giving out API to kernel access, they are making it easier for security to be compromised.
quote: If vista gets hacked
quote: If vista gets hacked
quote: (1) She demonstrated that unsigned drivers are able to load in Vista.
quote: The only version of Vista that will have restrictions on unsigned drivers is the 64-bit version.
quote: The whole premise of PCs is being able to build your own and upgrade as you want instead of being stuck with a specific vendor like you are with a Mac.
quote: Seems like a real win-win-win situation for the EU...