Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft says no date on Vista security change


  • Please log in to reply

#1
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Microsoft said on Thursday it could not change its forthcoming Vista operating system to deal with concerns of some security software makers until an update comes out, but it did not give a timetable.

Problems apply to the new 64-bit Vista Windows, which will eventually supplant the 32-bit version. Vista is due to be shipped to corporate users next month and sold to the public in January.

Security companies accounting for a majority of the market say they need access to the core, or "kernel" of 64-bit Windows to fully protect customers.

Software security companies now have access to the kernel in 32-bit Windows, but Microsoft has put up a wall called "PatchGuard" to protect the 64-bit kernel from hackers. Security software firms say that keeps them out, too.

The Gartner group, which issued a report this week assessing problems Microsoft would have in making needed changes to Vista security, said security software "will not deliver full functionality" for 64-bit Windows under current conditions.

Microsoft last week promised the European Commission that it would change the Vista operating system to meet concerns of security software makers.

Gartner recommended that companies tell Microsoft they would not make a commitment to 64-bit Vista until a firm release is set for the first set of kernel-control" software.

Gartner said that might be in 2008, and even then there might not be full functionality.

Microsoft said on Thursday after briefing software makers that working with them to come up with a solution would be time-consuming.

"We believe we have a long runway to work with," said Adrien Robinson of Microsoft's security technology unit, because companies will be slow to shift to the 64-bit version.

But McAfee security software said it had customers who would already have adopted 64-bit technology.

Microsoft's Robinson said the new technology may not provide access to the kernel, but instead would allow security companies to peer into the kernel. "There is no longer direct access," Robinson said.

Windows 64-bit Vista is supposed to crash if any malicious software tries to get access to the kernel.

But Helmuth Feericks, chief technology officer of Authentium software in Palm Beach Gardens, Florida, said his group had figured out a way to turn off PatchGuard protection, install its own software, and then turn it back on.

Feericks said that if he could get such access so could sophisticated hackers. "It's going to be a continuous battle between Microsoft and the security industry and the hackers," he said.
  • 0

Advertisements


#2
GrantG

GrantG

    banned

  • Banned
  • PipPipPip
  • 122 posts
Should I just go back to sleep for another 5 years so that when I wake up there may be a tightly secured M$ operating system available?
  • 0

#3
warriorscot

warriorscot

    Member 5k

  • Retired Staff
  • 8,889 posts
Actually this probably helps secure the OS in some respects the security companies have the best on staff, this includes some of the best malware writers if they cant get at the kernel they cant make malware and that will help keep it secure for a certain period of time.
  • 0

#4
GrantG

GrantG

    banned

  • Banned
  • PipPipPip
  • 122 posts
I'll give it a week :whistling:
  • 0

#5
Retired Tech

Retired Tech

    Retired Staff

  • Topic Starter
  • Retired Staff
  • 20,563 posts
Microsoft is likely to keep security vendors waiting until 2008 before it can deliver APIs to provide access to the Windows Vista kernel,Gartnerwarned in an analysis.

The 64-bit version of Windows Vista uses the PatchGuard tool to protect the kernel against malicious code attacks.

But the technology also locks out security software such as some host-based intrusion detection systems that require access to the kernel to detect malware.

Security vendors includingMcAfee andSymantec have been pressing the software vendor to be more cooperative, and have lobbied the European Commission and Korean government to force Microsoft to open up its kernel.

Averting potential EU fines, Microsoft promised last week that it would make certain unspecified changes to prevent anti trust actions.

Microsoft will develop special APIs to provide security vendors with accessto the kernel, but these will not be available for some time, according to Neil MacDonald, a distinguished analyst at Gartner.

"To avoid delaying Vista's release or removing the 64-bit version, Microsoftwill work with independent software vendors to deliver initial capabilities and APIs in this area," MacDonald wrote in an analysis.

"We expect this in early 2008, when the first service pack for Vista will likely be released, with more complex work and more APIs delivered with the second service pack or later."

Windows Vista comes in 32-bit and 64-bit versions. The Patchguard APIs are required only for the 64-bit version.

Desktop migrations to 64-bit systems are expected to be slow because of a limited availability of 64-bit drivers. This should provide Microsoft additional time to make the required changes and appease anti-trust regulators.

Gartner urged enterprises to delay migrating to 64-bit Windows Vista if they are unable to find suitable security products, and called on users to pressure Microsoft to commit to a firm release date for the kernel APIs.

Microsoft has not officially published a timeline for the release of its kernel extensions.

The company did not respond to a request for comment on Gartner'sprojections.
  • 0

#6
warriorscot

warriorscot

    Member 5k

  • Retired Staff
  • 8,889 posts
To be honest im not even sure how they could have a problem with an anti trust case, the security programs in questions are largely capitalising on faults in an MS application if they decide to fix it i cant see how they can be blamed. Windows is just when it comes down to it now another operating system i dont think they can actually be blamed for securing the operating system even to the detriment of other companies as security fall clearly in the realm of responsibility of the OS designers.
  • 0

#7
Retired Tech

Retired Tech

    Retired Staff

  • Topic Starter
  • Retired Staff
  • 20,563 posts
In an interview with BetaNews on Friday afternoon, Sophos senior security analyst Ron O'Brien suggested that, even though his company plans to participate with Microsoft's program to build a security services API for Windows Vista SP1 -- and perhaps because of that fact -- Microsoft does not need to create a bypass mechanism for its upcoming PatchGuard kernel lockdown service, as other vendors have recently insisted.

"Two of our largest competitors, McAfee and Symantec - which clearly have anti-virus products that compare to Sophos - have publicly complained that being locked out of the Vista kernel somehow prevents them from being able to innovate," O'Brien noted.


"I would say that the opposite is really true: that by not focusing on having Microsoft provide us with the means to access the kernel, and in fact using the APIs that have [already] been provided by Microsoft, we are not experiencing any problems with PatchGuard for our latest HIPS technology, Sophos Anti-Virus, or any of the other aspects of our security offering for either 32-bit or 64-bit versions of Windows Vista."

By HIPS, O'Brien is referring to Sophos' current Host Intrusion Prevention System, a version of which is being planned for the initial release of Vista. The system uses heuristics to examine the behavior of software that may not have been identified as viruses by way of signature, to determine whether it is likely to negatively impact the system.

Lots of vendors use specialized trademarks to identify their heuristics, and Sophos' is no less fancy: Behavioral Genotype Protection. Sophos describes this feature as being able to identify malware at the gateway even without a signature, and delete it before it executes.

Despite the lofty terminology, this is not a new concept, and as McAfee chief scientist George Heron put forth in a recent ZDNet blog post entitled "Why Microsoft is Wrong on Vista Security," it's a feature of most modern enterprise-level anti-virus packages now.

But as Heron argued, for vendors to be able to continue to provide this functionality, they would need to have the ability to "hook the APIs" - meaning, to detect whether certain function calls to the operating system are being made, as potentially malicious code is being executed. By Microsoft disabling this kind of hooking, Heron wrote, vendors can no longer continue to provide security the way they have before.

Sophos' Ron O'Brien contends, however, that this is not a problem, at least from his company's perspective. "I would say that other vendors may not have coded their solutions with 64-bit Vista in mind," he told BetaNews, "but because we've taken a slightly different approach to HIPS, focusing more on identifying bad behavior by analyzing code before it executes, we have been able to make do with the interfaces that have been provided by Microsoft, rather than trying to subvert the kernel. That's why we're ready for 64-bit Vista, and other companies are not."

As O'Brien explained, his company's "behavioral genotyping" -- while it might sound like the worst techno-babble from straight out of Star Trek -- does not need to hook into the API calls. Instead, it evaluates code before it is executed, and if the code "matches the genotype," then it never gets executed. His comments are consistent with those he made last month to BetaNews, when Symantec first raised objections before the European Commission about Microsoft's planned deployment of PatchGuard.

The fact of PatchGuard's existence is nothing new, so it may be a little too late for supporting vendors to be complaining about it, O'Brien contends. "I think that Symantec and McAfee have been struggling with [execution prevention], because they haven't coded their solution with Vista in mind, and because Sophos has taken a different approach...We're building our technology using supported Microsoft interfaces, rather than by trying to subvert them."

Assuming everything is indeed as rosy as O'Brien makes it out to be, why then would Sophos want or need to contribute to a security services API for Vista, especially since it would apparently help Sophos' rivals more than it would help Sophos? O'Brien's answer was both smooth and to the point: Essentially, Microsoft is developing the API that all security vendors who support Vista will eventually require, so it's in everyone's best interests -- including Sophos' -- to get on board.

"Obviously, I don't spend a lot of time thinking about the effectiveness of my competitors' ability to provide service," O'Brien remarked. "But clearly, from this point forward, Sophos and other vendors will have a dependency on Microsoft to deliver these kernel interfaces for new security interfaces. However, we're ready to go with a Sophos Anti-Virus version of our product that is compatible with Vista, and I don't believe that other security companies can make the same claim.

"It is somewhat counter-intuitive for me to be critical of a competitor," he continued. "However, in this particular instance, I would encourage enterprise-level customers to ask whether or not their security vendor is prepared to offer a security solution that is compatible with Windows Vista 64-bit. And if the answer is no, then I, as a customer, would ask why. And if the reason is because, 'We haven't worked with Microsoft in order to achieve that goal,' then my next question would be, 'Why not?"'
  • 0

#8
bmwboy

bmwboy

    Member

  • Member
  • PipPipPip
  • 152 posts
Microsoft? Security? Yeah, I'm betting that PatchGuard will be broken years before Microsoft gives companies access to the kernel.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP