Microsoft Gets Positive Feedback for Vista APIs

The software giant and its security partners say they have made progress in building links that allow third-party applications to interact more closely with Vista's PatchGuard kernel protection technology.

Initial feedback for Microsofts new Vista software development interfaces appears to be largely positive, which could signal an end to lingering doubts over the companys willingness to grant sufficient access to the kernel of its latest operating system.

Microsoft shared an initial set of drafts for its new Vista APIs with security software developers Dec. 19, delivering documentation and technical criteria for the additional code that it first promised to hand over to partners in mid-October 2006.

The company was convinced to produce the expanded development tools by security applications makers who complained publicly that PatchGuard, the kernel protection technology included in the 64-bit version of its newly released Vista OS, would not allow some of their products to interact properly with the software.

Among the firms most outspoken about the negative impact of PatchGuard were anti-virus market leaders McAfee and Symantec, who claimed that by blocking all ability for applications to access the Vista kernel, the technology threatens the ability of some advanced behavior-based security products to integrate with the new OS. After nearly a month of debate, primarily waged via statements delivered through the media, Microsoft said it would review its existing APIs and come up with new interfaces to foster improved interaction with PatchGuard.

While spokespeople at Symantec would say only that the company has received the APIs and begun working with them, McAfee officials said they were encouraged by what they have seen of the interfaces thus far.

George Heron, chief scientist at Santa Clara, Calif.-based McAfee, said that it appears as if Microsoft took his companys suggestions to heart in building the APIs. Heron was one of the company spokespeople who led McAfees initial outcry over the lack of sufficient PatchGuard interfaces in October.

"Microsoft included some of the recommendations we had submitted, and it appears they did a good job on those," said Heron. "Overall, McAfee is quite pleased with the path that Microsoft is taking."

Officials at Redmond, Wash.-based Microsoft said that most of the feedback the software maker has received on the APIs to this point has been positive, while pointing out that the code shared with its partners only represents a draft of the final interfaces.

Stephen Toulouse, senior product manager in Microsofts Security Technology Unit, said that one of the keys to making progress with its partners was creating a consensus agreement that there was in fact a need for stronger technological measures to help protect the new Windows OS kernel from advanced attacks such as root kits. Once the security vendors conceded that there were positive aspects of PatchGuard, it was far easier to find common ground for the APIs, he said.

To read more about PatchGuard, click here. "It is clear that everyone recognizes the need to get ahead of security threats by making the operating system more secure and by providing defense-in-depth for customers," said Toulouse. "While significant progress has been made, I want to be clear this is an ongoing process, and Microsoft will continue working with our [partners] to build trust in computing and provide a more secure kernel environment."

While the company cannot say for certain if it has quieted all of the concerns expressed by security software makers over PatchGuard, he said that both sides have learned much in working together on the issue over the last several months. Despite those achievements, the executive said he believes the task of helping vendors integrate with Vistas security features will remain ongoing and may in fact never end.

As evidence of the continuing nature of the effort, he pointed to a criteria evaluation document that Microsoft sent to its partners along with the APIs. Those evaluations will provide a repository of feedback on the software code and help determine what steps the companies decide to take next in working together, Toulouse said.

Microsoft claims that it has not been forced to scale-back the parameters of PatchGuard by creating the APIs, and claims that the newly released code does not allow so-called kernel "hooking," a technique that security providers said they would need to continue to employ to make their products work with Vista.

"This first set of draft Windows Vista APIs have been designed to help security [vendors] extend certain functionality in the Windows kernel on 64-bit systems, without disabling or weakening the protection offered by kernel patch protection," said Toulouse. "Were working to deliver well-architected APIs that enable the security vendors to continue delivering feature-rich security solutions without undermining the security, reliability or stability of the Windows kernel."

By allowing any level of kernel hooking in Vista, Microsoft maintains it could leave the door open for unauthorized programs such as root kits to use the technique to compromise systems, which would defeat the purpose of PatchGuard altogether.

Before agreeing to produce the additional APIs, Microsoft had said the problem with PatchGuard was that security vendors were unwilling to change their own products and architect those tools to provide the most concrete protections for end users against external IT threats.

The company has since backed off its demands for vendors to conform so strictly to its wishes, and Toulouse said it has become clear that innovation is needed from both sides to help protect the Vista OS from attacks.

"We believe that the 64-bit platform represents a chance to move away from some of the old practices of the past and provide a much safer computing experience for customers, and thats going to require innovation from all sides," he said. "Innovation takes many forms over time, and we look forward to seeing forthcoming products on Windows Vista that take advantage of the new functionality that we are working to provide."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.