Windows PatchGuard 'hindering security'
Published: 11 Aug 2006 08:50 BST
…defences for that part of the operating system, he said. Now, if PatchGuard breaks, it will be up to Microsoft to fix the flaw and make Windows PCs secure.
"They would have to patch the kernel if someone bypasses PatchGuard," Gorelik said, noting that the kernel is the toughest thing to fix in the operating system.
Security vendors are calling on Microsoft to allow exceptions in the kernel shield for trusted third parties.
"There is definitely a legitimate need to lock down the kernel," McCorkendale said. "I don't suggest they eliminate PatchGuard. What I am asking for is an exception. There are less restrictive means available, and we have proposed many solutions to Microsoft. But it has fallen on deaf ears."
Microsoft opposes the idea of making exceptions, as it would increase the number of entry points that miscreants could take advantage of, Toulouse said.
"When you get into the concept of exceptions, you get on a slippery slope," he said. "What made a lot of sense to us is simply to restrict the kernel without exception, creating a level playing field that all of the vendors, including Microsoft, can then operate by." Toulouse's argument is that Microsoft's security software is also unable to touch the kernel.
Dropped ball
With the advent of threats such as rootkits, which nestle deep inside the operating system, Microsoft should protect the Windows core, analysts said. However, the company has dropped the ball on letting other software makers in on what the new kernel protections mean for them, said John Pescatore, an analyst at Gartner.
"This is a complex issue, but Microsoft has definitely been deficient in including the impacted software makers early on," Pescatore said. "That definitely does work to their advantage from a competitive viewpoint. However, the rootkit issue has to be fixed, and kernel protection has to be stronger for all operating systems."
Indeed, Symantec is playing the anticompetitive card for the first time. The company had said it would beat Microsoft by using its security wits as long as the competition is fair. Now the fairness seems to be gone, McCorkendale said.
"It seems a bit disingenuous of Microsoft. They are getting into the security market and are disallowing this whole class of security products that they don't have," McCorkendale said. "It does not feel like a level playing field at that point."
McCorkendale stopped short of saying that Symantec would sue Microsoft or complain to antitrust authorities. However, Yankee Group analyst Jaquith believes that step is getting closer, especially if Microsoft were to give its own security products a way to bypass PatchGuard.
"Microsoft's anti-kernel hacking feature could conceivably create a formidable barrier to entry to their competitors in the security market," Jaquith said. He expects Microsoft to deliver host intrusion-prevention capabilities in its Forefront products next year.
"I think you'll see the larger security companies run to the Department of Justice and the European Union faster than you can say 'Penfield Jackson'," Jaquith said, referring to Thomas Penfield Jackson, the judge who oversaw the landmark US antitrust case against Microsoft.
Previous
Did you find this article useful?
333 out of 524 people found this useful
- Share this article:
Full Talkback thread
2 comments
-
So if Microsoft makes a "secure" product they can... Anonymous -
I agree. Vista is Microsoft's product its up... Anne O'nymous
