Log in

View Full Version : Legit access to Vista kernel?

omega_red
October 18th, 2006, 03:34
http://dailytech.com/article.aspx?newsid=4559

Quote:
Microsoft has given in to pressure from the European Union (EU), Symantec and McAfee with regards to kernel-level access in Vista. Microsoft has introduced a new protection system called Kernel PatchGuard to secure Vista's kernel from modifications by either programs or hackers. Symantec and McAfee (in a rather bold move) balked at such changes and said that Microsoft was locking them out entirely from providing security software for Vista.

Despite support from Russian-based Kaspersky in the matter, Microsoft has decided to make available kernel-level APIs to give security firms secure access to the Vista kernel. Microsoft feels that this addition along with changes in the way that Vista's Security System reports warnings will be enough to satisfy not only Symantec and McAfee, but also the EU.


I just wonder how much of a "decoy" it is
http://dailytech.com/article.aspx?newsid=4591
Silver
October 18th, 2006, 05:34
Response:

http://www.theregister.co.uk/2006/10/18/vista_securityinfo_not_enough/

Quote:
McAfee has dismissed Microsoft's release of information to allow security vendors to build products that will interoperate with Vista. The security vendor says the information is not fit for purpose.


What a debacle.
LLXX
October 18th, 2006, 17:43
I'm quite sure PatchGuard has already been defeated, and if not, should be in a very short time.

Don't forget than AV companies have quite skilled reversers too.
dELTA
October 19th, 2006, 04:15
Yes LLXX, but the problem for the AV companies though is that they cannot use such an "unofficial workaround" in their products. Because if a subsequent update from Microsoft makes the operating system unstable when this workaround is applied (which is highly likely, both technically and motive-wise from Microsoft) it would be a disaster for the AV company in question.

But sure, the AV companies will, if nothing else, get an extra incentive to break PatchGuard and spread the info anonymously in the "hacker community" / media, in order to show that Microsoft's policy on the subject is just helping out the bad guys, and keeping the good guys out.
Silver
October 19th, 2006, 07:59
Quote:
Because if a subsequent update from Microsoft makes the operating system unstable when this workaround is applied (which is highly likely, both technically and motive-wise from Microsoft) it would be a disaster for the AV company in question.


This is exactly what happened with Exchange and Sybari Antigen, until Microsoft bought Sybari

I can't find the article now, but it was regarding a recent security conference in AsiaPac that Microsoft attended. Apparently multiple "hackers" questioned the MS representatives about their plans to fix the security issues in Vista (one of which being problems with Patchguard), but the only response was of the "no comment" style.
Silver
October 29th, 2006, 10:23
So, who won the sweepstake...

"Security vendor Authentium has discovered a mechanism to get around Microsoft's controversial Patchguard kernel protection technology, which is due to ship in the 64-bit version of its forthcoming Windows Vista operating system."

http://www.theregister.co.uk/2006/10/27/patchguard_row_analysis/