3 Votes | Average: 2.33 out of 53 Votes | Average: 2.33 out of 53 Votes | Average: 2.33 out of 53 Votes | Average: 2.33 out of 53 Votes | Average: 2.33 out of 5 (3 votes, average: 2.33 out of 5) Loading ... Loading ...

by Mike Zazaian October 16, 2006 - 2:51pm, 1 Comment

Microsoft Opens Vista Kernel to Security Firms

After standing firm for several months over its lockdown of the Windows Vista Kernel, Microsoft announced today that it would give security companies access to Vista’s core.

Microsoft announced in August that it would include a feature in Windows Vista called Kernel PatchGuard, which would prevent hackers from patching kernel structures and code to manipulate an unauthorized system:

Kernel Patch Protection monitors if key resources used by the kernel or kernel code itself has been modified. If the operating system detects an unauthorized patch of certain data structures or code it will initiate a shut down of the system.

And while Kernel PatchGuard promised increased security of the Vista Kernel, it also meant that Microsoft wouldn’t be handing access to that Kernel over to McAfee, Symantec, and other security companies who base their software off of that code. Pressure over the matter built up not only security companies but also from Microsoft arch-rival EU Commission, who felt that the move would enhance Microsoft’s monopoly on security software for its own operating system.

After a few months of standing stalwart, however, Microsoft has given in by offering kernel-level application programming interfaces (APIs) to the security companies who wanted them. Rather than dismantling PatchGuard, however, Microsoft will work closely with security companies to ensure that PatchGuard isn’t side-stepped in their security applications. Said Adrien Robinson, a director from Microsoft’s Security Technology department:

We do not want vendors… accessing the kernel through unmodified approaches. We will not allow them to go on the fly and modify the kernel, basically circumventing PatchGuard. We need to work with them on the right approaches to work with PatchGuard.

Both Symantec and McAfee have expressed muted enthusiasm over the matter, each company responding to Microsoft’s announcement today. Despite the fact that Microsoft is taking steps to usher security companies into the heart of Vista, those companies remain hesitant until they see the exact nature of the APIs. Said Cris Paden, a spokesperson for Symantec:

We have not seen anything yet. These are technical issues. Until we actually see the APIs, all we know is what they [Microsoft] have said in the media. If it is true, then it would be a step in the right direction for giving customers the choice to use whatever solutions they would like.

The Sentiments of other security firms mirrored those of Symantec. Said Laura Yecies, Manager of Check Point’s ZoneAlarm division:

Once we have a chance to see what capabilities the new kernel-level APIs will extend to us, we’ll have a better idea if they will be adequate

Despite the hesitation, the security companies should be rejoicing that Microsoft is opening the Kernel up at all. While the move to release kernel-level APIs allays the pressure from the offended security companies, Microsoft is likely aiming to appease the EU Commission, who has refused to ‘Green-Light’ Microsoft’s Vista for anti-trust clearance. It remains to be seen exactly what will come from opening its kernel, but if it helps Microsoft to sidestep the nearly $400 million in anti-trust fines it sustained over Windows XP, end-user security may end up as an afterthought.

[via DailyTech]