Microsoft has released a first draft of programming interfaces meant to help security firms create products that work with kernel protection features in Windows Vista. The new application programming interfaces, or APIs, will let software makers extend the functionality of the Windows kernel in 64-bit versions of Vista, Microsoft said on its website on Tuesday. Security companies, including market leaders Symantec and McAfee, had complained that Microsoft locked them out of the kernel.
why exactly does one ‘need’ to be in the kkernel for ones AV software and ‘security’ software to work?
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows 95; PalmSource; Blazer 3.0) 16;160×160
“why exactly does one ‘need’ to be in the kkernel for ones AV software and ‘security’ software to work?”
Well, without being in the kernel they would not be able to continue writing the viruses that keep them in business
Sorry..couldn’t resist it..please mod me down.
rats, couldn’t mod you up anymore
–The loon
P.S. It is a well known FACT that the Anti-virus companies create(d) viruses en-mass. Of course, this was to test their software…
Only thing I wonder… how many viruses existed prior to the anti-virus companies coming into play? Probably a little difficult to lookup properly without spending much time I do not have to spend.
“It is a well known FACT that the Anti-virus companies create(d) viruses en-mass.”
Is that like the fact that Santa is real and the Easter Bunny actually exist?
No, more like they stated it publicly a few years ago ( at least McAfee did ).
No one was really bothered by it, as I recall. Mostly because people had not much choice but to believe the assertions that the viruses were not made public.
It is still unknown, AFAIK, whether the tens of thousands of viruses made ever became wild ( or if any of them had self-replicating and delivery means ).
–The loon
Not sure if this is entirely the reason but…
URL: http://spywarewarrior.com/sww-help.htm
“In the past few years a new generation of anti-malware protection products has emerged. This new type of anti-malware protection, called HIPS (Host Intrusion Protection System), works at the kernel level to intercept malware before it hits your hard drive and infects the system.”
But the thing is, Microsoft provided an API for companies to use – heck, their *OWN* security software use that particular API.
What the anti-virus companies wanted was direct kernel access, whilst Microsoft wanted them to use the API”s which they provided, resulting in the same sort of abilities without the need of having kernel level access.
I’ll get heat over this, so I might as well deal with it straight away.
If this is an indication of things to come, and is kosher, then I was *wrong* about MS not changing. Nevertheless, it would also be nice if they would stop FUD-spreading.
And if I was wrong, then the fact that I was wrong, in this instance, is GOOD.
There. I said it. OK?
Thankyou.
somehow this comes to my mind:
“Your failed business model is not my problem”
“Your failed business model is not my problem”
It’s a little unfair to blame virus scanner companies for the fact that Windows is/was riddled with virus-shaped holes.
@twenex
It’s also unfair to blame MS. MS doesn’t go out of it’s way to frustrate/plague their users. Idiots and selfish/greedy people who write virus are the ones to blame.
yeah…..uh… I don’t know about that.
You are kidding, right? No, really, this was meant to be humorous wasn’t it?
It’s also unfair to blame MS. MS doesn’t go out of it’s way to frustrate/plague their users.
It doesn’t? Do you remember IE being embedded in the kernel and all the problems that were caused by it? What do you call DRM, product activation, not being able to install the Microsoft OS you bought on an upgraded machine without begging for a MS authorisation?
The list goes on and on…
IE has never been embedded in the kernel. It has, however, been way too tightly linked to the shell (explorer.exe), which itself is a bad idea.
If it is such a bad idea than why does Gnome and KDE now do the same exact thing?
Also, IE has been de-integrated from the shell in Vista.
And you seriously believe those things were done specifically to “frustrate/plague their users”? What exactly would the motive be? A desire to make *less* money?
Activation is certainly not to make the install process easier for users. DRM does not, in any way, help users – at all, under any circumstances… that I can think of.
So, yes. Those points were designed to frustrate and plague the users. To the point in which piracy is forgone (and with it, product migration, and perhaps virtualization soon enough – without more licenses, of course); or, in the case of music, until the recording industry can force about enough legal changes and structural changes that it can leverage it’s might in the digital world. ‘e-Gouge’ if you will.. maybe that’s tooo 90’s, probably iGouge now.
They’d make less money *if* there was not an essential monopoly. They make more because they can.
It’s also unfair to blame MS. MS doesn’t go out of it’s way to frustrate/plague their users.
No, it just spends time it should be using to close holes on obfuscating APIs.
Truth. It is a little unfair to blame AV companies on Windows shortcomings. What if the new version of Windows fixes all these short comings though (I know thats a big if)?
The market appears to be moving more towards protecting users from thier own nievity and less from exploiting weaknesses in thier OS.
I for one want Windows to be more secure. Tough luck for companies who make their living off the OS being exploited.
My main concern is that Vista will be just as exploitable as any Windows before it and because MS wants to edge everybody out of the market, the users will suffer because MS won’t do enough on to protect them.
As far as I am concerned there is NO 32bit version of Vista in my mind. Good riddens!
Congrats to Microsoft, I wonder if these “kernel protection” enhancements will make it to the mainline Vista kernel.
I bet MS was betting on making a secure product by not letting 3rd parties see the kernal. It’s so sad, because MS can’t make a secure ware if they tried.
I have doubts about Vista being more secure than XP. Only time will tell, because it won’t be long until a lot of people are using it.
Reminds me of Apple announcing Darwin for Intel will not be open source (Partly due to bad publicity of Mac security holes).
Again, Microsoft is copying Apple. Before you shoot me down on this post – try to have a sense of humor.
It’s a bloody shame.
Ok MS ain’t a great company when it comes to business practices but they were trying to lock down the kernel this time for the benefit of all and 2 dinosaurs in the software utilities market scream blue murder.
Shame on you McAfee and Symantec.
Neither of you shall see light of day on any system I administer and I will do my best to stear any other administrators in my field away from your products.
I urge all and sundry to do the same to teach these AH’s a leason.
There are plenty of Virus scanners that do not need low level kernel access to do their job. There is no need for those two companies to need access and all they will do is ruin what was shaping up to be a decent offering from Microsoft.
The idea that MS could secure window by just not telling anyone the APIs for certain aspects of the kernel seems silly, surely it’s better that it’s out in the open than wait a few months until someone has dug up exploits and the antivirus vendors are miles behind them thanks to microsoft’s security through obscurity…
Has nothing to do with obscurity. Microsoft has technology in Windows Server 2003 which prevents the kernel being tampered with. Its called patch guard and microsoft has an improved version in Vista.
As with rootkits anti-virus software could previously do anything they liked in the kernel. Microsoft refused to cave in to the certain antivirus companies after the EU meetings. They agreed to provide them with API’s to do whatever they needed done in the kernel.
What Microsoft – actually Allchin – was basically saying is, “You can have access to the kernel in a controlled manner via an API, but you don’t get carte blanche access to do anything in the kernel”. These are special API’s created for the AV companies.
So AV companies despite knowing what patch guard is and what was coming waited until the last moment to run of crying to the EU.
A couple years ago, by request of a friend, I had written a little Windows program that would allow him to re-order the window buttons on the taskbar. More to the point: I was pretty surprised at how easy it was to enumerate every window you had opened and attributes you could read once you got thet window handle.
For another example, I had read an article regarding a mini program called “Warden” that comes with World of Warcraft. It read the window title of all opened windows in the background and sent it back to Blizzard. The gamer’s commentary said he had email and IM programs opened and his buddy list was captured and sent back. What if he had personal info that the Warden accidently captured?
The Win32 API by itself has some cool functions that let your program interact with other running processes, or get a glimpse at what’s running. If I wanted to be a jerk I could write a program that just randomly closes windows. Modern OSes use the protected memory model so applications don’t corrupt each other, yet they still make it so easy for programmers to write programs that may interfere with other programs. This is both a blessing and a curse depending on how you use it.
If Vista’s kernel (more importantly the API in a nutshell) was locked down and programs weren’t allowed to access other program’s window data, we might be a little more safe. We’d also miss out on opportunities to make cool little utility programs however.
> If I wanted to be a jerk I could write a program that just randomly closes windows
Actually, that’s trivial to do on most window systems including X11. Once you have access to the window system (eg. through an ill thought out xhost + then you can give up on security).
just dont work as admin if u use the pc for browsing, chatting, writing… whatever os you are on…
i know its easier to work as admin… easier for lazy users and admins, easier for lazy programmers…
anyway, i wonder how ms made their own software without api docs
Edited 2006-12-22 17:57
AV companies like Symantec try to give regular PC users the illusion of safety, and they contribute to the myth that security is a program. It is not.
Security comes from awareness through knowledge. Users should consider education instead.
I sincerely believe that the AV companies do NOT act in the real interest of their customers. At least Microsoft is honest on their offerings.