10.25.2006

Microsoft vs. Security Vendors

So, apparently Microsoft's controversial PatchGuard technology, which is to be included in the 64-bit edition of Vista, doesn't even guard the kernel against unauthorized access. One security company, Authentium, has released news that they have hacked through the system to maintain their kernel access, rather than wait for Microsoft to release its API's to security vendors. I support Microsoft on the issue of PatchGuard - anything that makes Windows more secure is a good thing, and the security vendors shouldn't be complaining if PatchGuard will work - they exist only to fill gaps in Microsoft's security - in a perfect world, extra security would be unnecessary. For one, if Microsoft has to include these extra API's to provide kernel access to the legitimate vendors, how long will it take the hackers to get their hands on it? You just can't lock that type of information up, and say "this can only be used for good". The extra attack surface to the kernel is not a good thing ... still, it appears that PatchGuard is ineffective anyway, so we'll still need external vendors to fix Windows' security features even ... brilliant ...