We all thought that it was over with Microsoft's
announcement that it would create specific APIs to
allow security firms to access the kernel in the 64-bit version of Vista.
It was thought that the concession made by Microsoft would be enough to quiet
Symantec and McAfee who have been quite upset over Kernel
PatchGuard. It appears that we've only just begun and Symantec
is even more riled up by Microsoft's announcement.
Symantec claims that Microsoft's APIs are a "red
herring" being used to fool the press and put them in a good light. The
APIs for Vista 64-bit aren't enough for Symantec and McAfee and they want even
further access. Symantec VP of Consumer Products and Solutions Rowan Trollope
states that Microsoft isn't doing anyone any favors by providing APIs with
secure access to the kernel.
more general problem illustrated by the Tamper Protection example is as
follows: Currently when a security company needs to provide security against a
certain class of threat, we are able to do so even if Microsoft does not offer
an API. With PatchGuard Microsoft is stepping in and changing the rules…We of
course cannot pursue a path when Microsoft tells us that they will bluescreen
our customers’ machines. Hackers on the other hand have no such issues. Once
they workaround PatchGuard (which they already have), they don’t really care if
the system becomes unstable or bluescreens or anything else. So in fact
PatchGuard works in favor of hackers in this case.
Two smaller companies, Sophos and Kaspersky, are fine
doing it Microsoft's way. Sunbelt
Software has joined in with Symantec and McAfee in disagreeing with Microsoft's
security approach. Joe Wilcox, a senior analyst for JuperResearch, agrees with
Symantec and the gang. "The situation is like this: Before, Microsoft
security partners could take whatever path they wanted to climb the mountain
and reach the summit. Now, they will have to use Microsoft security APIs, which
create a path--and the only way they're allowed to go up the mountain. But
Microsoft's APIan Way won't take them all the way to the summit. There is going
to be a problem if the hackers can scale up to the summit by another route,
while the security vendors are stuck below on the path."