Oct 16 2006
By Kurt Seifried (kurt@seifried.org)
How prophetic, Friday the thirteenth. I write a nice article on Microsoft Corp.’s PatchGuard and Symantec Corp.’s response to it. It gets published in the morning.
And then Microsoft Corp. changes their mind.
The other security issue that the Commission raised with us related to a feature called PatchGuard, which is in the 64-bit version and only this version of Windows Vista. This is a new technology that Microsoft has created to ensure that the kernel in the operating system remains secure and the code in the kernel is not changed.
Some security vendors expressed some concerns to the Commission, and to us, that they had previously used access to the kernel to facilitate features in their own product and that they would no longer be able to do so. We were concerned that it would be a mistake for the future of computers if PatchGuard were to be removed or eliminated. We devised a new engineering approach that will create and extend new kernel level APIs so that PatchGuard will be retained, the security of the kernel will be protected, and yet security vendors will have an opportunity to meet their needs through these kernel level API extensions. We felt that this was again the right kind of solution that meets the needs and obligations that we have under competition law, whilst also meeting the needs of computer users around the world.
This is a good thing, Kernel level API’s for security software are probably a very good idea for virtually any operating system (witness the power and flexibility offered by SELinux in the Linux Kernel). It looks like vendors such as Symantec Corp. will get exactly what they are wishing for, a way to interact at very low levels with Vista, and everyone’s happy right?
Well I sure hope so. But I still have some major concerns. Either Microsoft Corp. has planned this move for a long time and done it so that they could appease the anti-trust regulators, or they actually blinked and changed their mind, in which case they have a few weeks to write up a new set of Kernel API’s for the security companies to use. Personally I hope this really is a case of appearing to be a bully and offering the anti-trust regulators something, if however on the other hand this is a completely new set of Kernel API’s that has to be whipped up in a few weeks then I shudder to think of the potential consequences (writing critical security software on a tight timeline, for Microsoft, has not been one of their strengths). Additionally there is also the issue of security vendors, like Symantec Corp. having to create new software that will interact with completely new (and hopefully documented) Microsoft Corp. Kernel APIs that are untested and potentially flawed.
A public response from Symantec Corp. has been issued:
“We have not seen anything yet,” said Cris Paden, a Symantec spokesman.
“These are technical issues. Until we actually see the APIs, all we know
is what they have said in the media. So far they have not done anything
yet.”
http://www.microsoft.com/presspass/exec/bradsmith/10-13-06VistaRelease.mspx
http://news.com.com/Security+firms+skeptical+about+Vista+shift/2100-7355_3-6125866.html
Related posts:
Posted by Kurt.Seifried on Monday, October 16th, 2006, at 8:00 am, and filed under Articles, Technical, Windows Vista.
Follow any responses to this entry with the RSS 2.0 feed.
You can post a comment, or trackback from your site.
Post a Comment