Microsoft has agreed to make a number of changes to Windows Vista in response to guidance from the European Commission, the EU’s competition regulator. It has also had successful talks with competition authorities in Korea who raised concerns about Microsoft’s business practices. It expects to ship Vista on time in that country as well. Here’s a summary of Microsoft’s explanation of the changes that will be made in Windows Vista. Microsoft says the changes will apply worldwide.
ok, I love how people WANT MS to make Windows more secure yet when they do something like lock the ‘kernel’ down, people bitch and moan.
‘OH MY GOD! We based our entire business model around an insecure OS and now we are going to go out of business because they are trying to make it more secure!! Lets go sue them!!’
Yes, because most security issues in the last three years with relation to Windows XP have been due to kernel bugs.
</sarcasm>
Yes, because most security issues in the last three years with relation to Windows XP have been due to kernel bugs.
</sarcasm>
Maybe not but a good chunk of windows stability issues do come from software hooking into the kernel.
Ever ran something like Symantec Internet Security suite? Jesus talk about taking a stable and fast windows install and turning it into a slow, unstable POS in a hurry!
I say they should specifically keep symantec and others of their ilk the heck out of kernel space.
> Maybe not but a good chunk of windows stability issues do come from
> software hooking into the kernel.
Could you give examples? I did not know yet that the Windows kernel is extensible at all. Then the article claims otherwise and now you say it’s even done regularly. Besides, I couldn’t think of any advantage from extending it. Having read a short article about how NT works, I always thought such things are extensions to the executive, not the kernel.
The security companies arguement was that black hats will eventually find a way to bypass the kernel lock and when they do, they will be able to subvert any user-space security applications.
Seems fairly reasonable to me…
And now the black hats will be able to bypass symantec instead. Cool.
Absolutly agree – MacAffee’s & Symantec’s whole reason of existance would suddenly be taken away from under their feet & maybe then there would be a secure OS.
Its prop all not soo simple .
It was a nice symbiosis for both sides but now MS wants to make some actual security improvements & they bitch – yuck – nasty leeching .
Ohh look a B L O G !
& “capitulates” is rather wrong word IMO
& the European Commision does a lot more AFAIK than tell people about comopetition laws
How about a “not recommend” – thumbs-down – opinioncon ?
Just IMO
EDIT : “Joe Borg – European Commissioner for Fisheries and Maritime Affairs”
A Borg just like the rest of us – sorry – just had to
Edited 2006-10-18 00:07
ca·pit·u·late (k-pch-lt)
intr.v. ca·pit·u·lat·ed, ca·pit·u·lat·ing, ca·pit·u·lates
1. To surrender under specified conditions; come to terms.
2. To give up all resistance; acquiesce. See Synonyms at yield.
Looks like you are wrong…Capitulate is the right word. You just don’t know what it means
.. Ill agree to more than 50 percent .
Capitulate used in the context of war or a negotiation between to parties (which this is) fits .
But I interpreted it as unconditionally giving up to the “other side” ( kind of like the first sentence under the second number of your definition ) – and with that in mind IMO the title does not fit .
“Microsoft agrees to changes in Vista as a result of negotiations with EC” .. shorter ” Microsoft accepts demands for changes in Vista” … “EC scores points against MS”
But yeah IMO capitulate is right in this context but going as far as saying that Im incapable of using the word correctly is incorrect IMO
Words are fun !
100% ACK. This is INSANE cause it means nothing less that MSFT _could_ make Windows much more safe but the security software industrie don't want to lose their piece of the cake.
Just read those two columns _very_slow:
> Windows Security Center, a central console for
> monitoring the computer’s security protections,
> will defer in cases where users have installed
> alternative programs from independent security
> vendors with similar consoles …
> Microsoft said it will offer interfaces to give
> independent security vendors access to the
> technical core of the Windows Vista operating
> system, known as the kernel, while still protecting
> the kernel in other ways …
Incredible!
Is booting Vista under VMWare, or (gasp) Xen going to be disallowed?
While this is of course true and definately stops me from buying it (i’m sure not going to spend 400EUR on software which i can use for about an year in which i’m pretty surely have tinkered with my hardware twice – thats absolutly redicioulus, but hey, i have XP and Ubuntu so why worry) it is *completly* of topic so i’m asking myself why you posted it. Smells like trying to stir a flamewar here…
The “story” to which you refer has been debunked. Most tech sites have published retractions (but not OSAlert, of course; just like they haven’t followed up on the Wii-Linux hoax).
Running Vista, even Home Basic, in a virtual machine is perfectly valid by the EULA.
“Microsoft said it will offer interfaces to give independent security vendors access to the technical core of the Windows Vista operating system, known as the kernel, while still protecting the kernel in other ways”
Finally, Microsoft capitulates and offers users a way to play with their kernels if they want. The original Vista wasn’t going to allow to put pieces of code in the kernel if they are not signed by MS (except if running in the “safe mode”).
Obviously I, as a user (and maybe as a device driver writer geek if i wanted to) I _DO_ want to put my own pieces of code in the kernel and use (or even sell) them if I want in a 100% productive environment. This “capitulation” ensures we CAN do it. It’s already sad that we don’t have windows’s source code, and microsoft wants to forbid us from even loading unsigned drivers
And that “protection”, BTW, wasn’t done so much to “make windows secure” (if you get administrator privileges you already can hack the computer), but to forbid crappy harware companies from inserting crappy drivers in your system that bluescreen your box.
Edited 2006-10-17 20:11
Finally, Microsoft capitulates and offers users a way to play with their kernels if they want. The original Vista wasn’t going to allow to put pieces of code in the kernel if they are not signed by MS (except if running in the “safe mode”).
Just because they are providing APIs that are useful to AV/security companies does not mean they will allow the code to run without being signed. People are reading too much into this. An API is being provided. That doesn’t mean PatchGuard and Code Integrity are gone.
PatchGuard covers the case where you try to patch the kernel instead of using public APIs. Code Integrity requires all third-party kernel modules to be signed (on x64). Neither of these have to be negated for MS to provide a new API.
Now MacAffe and Symantec can continue thier distribution of viruses to keep themselves in business.
The kernel should have remained off limits.
I suppose you want to say ‘McAfee’ and not ‘MacAfee’.
I’m still pretty saddened by all this. I feel that Microsoft, for all their faults, are being asked to make either unreasonable or unsafe concessions to make peace.
As someone said in the comments, there are virus scanners working on Vista because the respective companies think outside the box and employ good programmers. On the other hand, Symantec and McAfee are clinging onto their shoddy business model and software and leveraging a legal process to save them time and money. It’s almost an embarassment for them, and I hope people stop buying their products.
As for the search engine, I think an option of popular search engines on first run is the way to go, but I can’t help feeling that Microsoft have the right to use their own search engine by default and I don’t see it as leveraging a monopoly. As long as it’s easy enough to change, where is the problem?
I think this is going too far now, and I need binoculars to see the time when I agreed with any of these anti-monopoly rulings.
I’m still pretty saddened by all this. I feel that Microsoft, for all their faults, are being asked to make either unreasonable or unsafe concessions to make peace.
From what I’ve heard, Microsoft already had a way to install security code in the kernel. The problem was that only their own anti-virus software could use it. From the EU’s point of view this is using a monopoly in one area (OSs) to get a market advantage in another area (anti-virus).
If Microsoft locked all anti-virus software out of the kernel (including their own), then I doubt the EU would have had a problem with it.
Take the blinders off people. IF MS was giving away their AV software with the OS for free then the EU wouldnt have a problem. But MS wants to charge you for the AV service, competing with Symantec and McAfee. If they are going to enter the competition, then they have to play fairly and let everyone have a turn. And most problems with security arent in the kernel anyway. This was simply a hardware driver monitoring solution. But thems the breaks when you are number one. IF MS open sourced their OS, I am sure all this monopoly crap would disappear in a heart beat.
Take the blinders off people. IF MS was giving away their AV software with the OS for free then the EU wouldnt have a problem.
If MS was giving away their AV software, the EU would likely have a bigger problem with it because other AV companies would complain that MS is killing their market. See IE, WMP, and Windows Messenger and the reaction from various governments via market “competitors” based on the free inclusion of those applications with the OS.
If MS opensourced their OS their would be no problem since everybody could implement their own solutions into the os. If an OEM doesn’t like the implementation he can install something else, or you can do it yourself. Nothing in the OpenSource-world is forced on you, in the windows world on the other hand you are forced to have this MS crap installed, whether you want it, whether you want to install it for someone else, whether you want to pay for it… or not.
It’s up to the OEM-s to deliver a system and make sure you have a browser, media player, anti-virus software, DVD-watching-software… MS can release versions for people to buy it, with everything installed, but forcing it on every windows computer is just not really fair to the other competitors (and don’t think you don’t have to pay for anti-virus software when MS puts it in by default in windows, you just pay more for your windows product, that’s all).
Open sourced Windows would lack stuff like the disk manager which is licensed from Veritas, and god only knows how much other stuff that would be removed.
Not to mention all the incompatibilites that would arise from distributions doing things differently.
No, we don’t want open sourced Windows.
From what I’ve heard, Microsoft already had a way to install security code in the kernel. The problem was that only their own anti-virus software could use it.
You heard wrong. Microsoft’s AV didn’t use any undocumented APIs or kernel hooks — not even Symantec or McAfee claimed this.
If Microsoft locked all anti-virus software out of the kernel (including their own), then I doubt the EU would have had a problem with it.
You doubt wrongly, as noted above.
I was very concerned about the feature of spyware developers, but now the ETC got microsoft to actually release an api for sticking yout thumb up Vistas rear end.
Who believes that api is going to be used by antivirus developers only?
Nice to see that the AntiVirus industrie knows how to save their business model.
There was already a mechanism around Patch Guard… the hot patching API for in-place upgrades. MSFT probably just opened it up to outsiders.
I am currently running VISTA RC2 and Avast Antivirus. Avast integrates perfectly with the VISTA security system. It also works perfectly with Outlook in Office 2007 beta 2. I am very disapointed with Microsoft for caving in on this. I agree with others that the kernel should have remained off limits. If Avast can make their product work perfectly with VISTA Symantec and McAfee could have too.
After reading many of the comments on this thread, it’s pretty obvious that a lot of people simply don’t understand some of the new kernel protection mechanisms. Regardless of whether MS opens up the APIs for PatchGuard and CodeIntegrity, the fact of the matter is that (1) patches and driver installations are still going to require code signing, and (2) third parties are not going to be able to install malicious kernel patches.
Symantec would like to be able to modify the kernel at-will, but MS isn’t going to allow that level of access. Instead, Symantec’s control panel is going to be able to query Windows Live for the existence of patches and driver updates, display them, and also apply the patches/driver updates automatically. The APIs will also include the ability to rollback patches and driver updates, as well.