Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Gets Positive Feedback for Vista APIs



 By: Matt Hines
2006-12-21
Article Rating:starstarstarstarstar / 0


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The software giant and its security partners say they have made progress in building links that allow third-party applications to interact more closely with Vista's PatchGuard kernel protection technology.

Initial feedback for Microsofts new Vista software development interfaces appears to be largely positive, which could signal an end to lingering doubts over the companys willingness to grant sufficient access to the kernel of its latest operating system.

Microsoft shared an initial set of drafts for its new Vista APIs with security software developers Dec. 19, delivering documentation and technical criteria for the additional code that it first promised to hand over to partners in mid-October 2006.

The company was convinced to produce the expanded development tools by security applications makers who complained publicly that PatchGuard, the kernel protection technology included in the 64-bit version of its newly released Vista OS, would not allow some of their products to interact properly with the software.

Among the firms most outspoken about the negative impact of PatchGuard were anti-virus market leaders McAfee and Symantec, who claimed that by blocking all ability for applications to access the Vista kernel, the technology threatens the ability of some advanced behavior-based security products to integrate with the new OS. After nearly a month of debate, primarily waged via statements delivered through the media, Microsoft said it would review its existing APIs and come up with new interfaces to foster improved interaction with PatchGuard.

While spokespeople at Symantec would say only that the company has received the APIs and begun working with them, McAfee officials said they were encouraged by what they have seen of the interfaces thus far.

Resource Library:

George Heron, chief scientist at Santa Clara, Calif.-based McAfee, said that it appears as if Microsoft took his companys suggestions to heart in building the APIs. Heron was one of the company spokespeople who led McAfees initial outcry over the lack of sufficient PatchGuard interfaces in October.

"Microsoft included some of the recommendations we had submitted, and it appears they did a good job on those," said Heron. "Overall, McAfee is quite pleased with the path that Microsoft is taking."

Officials at Redmond, Wash.-based Microsoft said that most of the feedback the software maker has received on the APIs to this point has been positive, while pointing out that the code shared with its partners only represents a draft of the final interfaces.

Stephen Toulouse, senior product manager in Microsofts Security Technology Unit, said that one of the keys to making progress with its partners was creating a consensus agreement that there was in fact a need for stronger technological measures to help protect the new Windows OS kernel from advanced attacks such as root kits. Once the security vendors conceded that there were positive aspects of PatchGuard, it was far easier to find common ground for the APIs, he said.

To read more about PatchGuard, click here.

"It is clear that everyone recognizes the need to get ahead of security threats by making the operating system more secure and by providing defense-in-depth for customers," said Toulouse. "While significant progress has been made, I want to be clear this is an ongoing process, and Microsoft will continue working with our [partners] to build trust in computing and provide a more secure kernel environment."

While the company cannot say for certain if it has quieted all of the concerns expressed by security software makers over PatchGuard, he said that both sides have learned much in working together on the issue over the last several months. Despite those achievements, the executive said he believes the task of helping vendors integrate with Vistas security features will remain ongoing and may in fact never end.

As evidence of the continuing nature of the effort, he pointed to a criteria evaluation document that Microsoft sent to its partners along with the APIs. Those evaluations will provide a repository of feedback on the software code and help determine what steps the companies decide to take next in working together, Toulouse said.

Microsoft claims that it has not been forced to scale-back the parameters of PatchGuard by creating the APIs, and claims that the newly released code does not allow so-called kernel "hooking," a technique that security providers said they would need to continue to employ to make their products work with Vista.

"This first set of draft Windows Vista APIs have been designed to help security [vendors] extend certain functionality in the Windows kernel on 64-bit systems, without disabling or weakening the protection offered by kernel patch protection," said Toulouse. "Were working to deliver well-architected APIs that enable the security vendors to continue delivering feature-rich security solutions without undermining the security, reliability or stability of the Windows kernel."

By allowing any level of kernel hooking in Vista, Microsoft maintains it could leave the door open for unauthorized programs such as root kits to use the technique to compromise systems, which would defeat the purpose of PatchGuard altogether.

Before agreeing to produce the additional APIs, Microsoft had said the problem with PatchGuard was that security vendors were unwilling to change their own products and architect those tools to provide the most concrete protections for end users against external IT threats.

The company has since backed off its demands for vendors to conform so strictly to its wishes, and Toulouse said it has become clear that innovation is needed from both sides to help protect the Vista OS from attacks.

"We believe that the 64-bit platform represents a chance to move away from some of the old practices of the past and provide a much safer computing experience for customers, and thats going to require innovation from all sides," he said. "Innovation takes many forms over time, and we look forward to seeing forthcoming products on Windows Vista that take advantage of the new functionality that we are working to provide."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Microsoft Gets Positive Feedback for Vista APIs
>>> Post your comment now!
VISTA API Failures
The essence of an API is to facilitate an application running in a OS environment. To this VISTA fails miserably. First the interception of...
Posted At: 10-22-08
By: Calvin Woosnam
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


x}kw89v2#Ȗkb[K'G"!m䐔w2gƭd;iqNl BUP(~ 'I"nZΘ\̦dwꚃ>}K$oB}NUQR C7_/(bP<HwO7n[c^0R?`᳙*,Q  tjGt0]2xֵk:&oweki cߨ_[``1Z|R!#: rWӺ#A8i @I>R(#Ѻ!YQyIږyD6EGJQTBQ570NK <[@Sա*v25v6^: ȅC׷z$1dc7.{ -,v2K*-a{е :9z u v}J@J73ҧ }KH;R@}ky>5I ib1lp<I%$7 .mq_-0/<mCɤ:ZdQ}9e, f4öۢCCٰo4\>jrTW#xxo9{ؖ3lTzEÝ5Εirpѻ]HQPw;@ږV`(.:'^O.oac'H Hw&LT-jR*ML@aBjLx:~Xs|\㍒~wny!rPH+).##-b|+0CF_8rri[򓹥}o__]wzmo_wڧ>ߙecfy 3ժ?T2ؕgxg4X:nN[7O7VGNפ9i>3鐚&tXaV|[kU[lxyj; dPp9L+pZ| ?'OWm2 ᭫Rdt"˭~qN X-t[ۗRH }c-FX*,>Ja͢4-I` o$SNE - uvPx۬ MZ!rƒ) uK3^8nZK}0[RFp&\ ДQCלذ 1"%_i:-`i˫ TY嗋mESa>]V4{3Bɝ`g@ɋ BD4?CzC0!pl/\~_5M.΃wQwW9Q] K\M흙ǘ+}7Nv.~hzwmxD18,]evb`\77j 1÷R}xQ9PߢW, FKP̶#ؠe)uvNNR})5ٴ>'4}t>'჎$>h&ƋCriYnL,rӇtw4Aο 'pGbdx: C 04LH#AтMtT;n]`2Zw9ܻ-L&wzVt#` VGPC!nH }P(Vr`{>[S9;ݲeǀԜu%72J}gn.O)))I.B$(ZȻ"!Alq [$t Xxl++~'AvGBjy?mlry swrsyd&,gQY,p[/)͙J2d0U Q򍜘=b`&Qea*0pRx5Vn,`o+GvP#&G#˰` 3G }= 3̲M҄%Ll;!i`0Ґ(eNa9=熳a\9:<f335g{80q}`] k9wtݴ٢ͩqb;_Aa"tLeB#`9N{g[,w:L:%qK:0s k2'y<.Q1j7uΙ_O#kۖsMe jJ=WsFA|5 i!sL&Ze n<Gy5&++\=PӔ*d+b*q (tP\O &ō4)BЊO}=?ٲJb-Yֽ Uv/KƠ\_/ B[+Ҟ K rL%kZԕ1%/D4$"] `}.EOqHLl-m7@=p=F0_ܰ큡jrI7 )Kb5E&sXf&`ܲ &P )r?Ll5TW)թz@4}&/H{{L-ϐwP9g3?磔YTp$4hQ*}a5)403yb|Fȸ>qm?XĞ=FҋCמO=Kwaﴽ.JM.jFd>n 'L[QHz{=cTfha8lX|7:HycI_)+%UMH?O~1:2.eX \kOa3IFS-cB_Ow;$!OԞ'KRI}'Xk5E}c"IVtxGCF ‘"=yj s}!T0|$j*V$D6pl)5tl*FuiMym!8+I%$'uX2=j|tǜ}h32 YΣEVJjB ajhU-WjfAq{ 8pG#}y>W&ۛ~qj ,4/~RAL}6݂ /]rϙ,|pZEN[vO`cV av05;?Vr9MFdӐBD@07O*G%+vrƒ4 ]#@$7ڲcvq 9N (k0q5 G& ~Bg%:!pwC):2 XZ `j$a!L`V8!+ #mqJs-"uW:gKjc~Z+::j9g~+ˣ ,ć[é#fuMaFž.JVR+{iyEq‡1ክ54Ju|8ړZJ5qv3Ty9kY%f+eE`4=:YCP$*ϼ"y9~&ޖOlwf);hi%uQjy*A!/UrߦI39旉)ϋhy4檦SYLbT~\3gbg]a+o22OwOžvPFpaqgX7ngǤ)TYb9JiQx` fzlhu1i}SUה*eƬ}/(QUmq'F.҄^ߵK]bRvQLvLʲH٭TSV82V6~Z/Ѓ`I##'0k(G?F^nȵڽv?aIzG|)탪T&#UiZe%~͓ncEZdЯdL5AKgl!/`.R(c/l`^ASV<^ےtKקA(6E&7 u5Yx\sXҌd;yX^5ItH"J7eVVځ*\$T+IjItn:0nȘُYD[^:L&rOfss]``OnΏ;ܝ90FI ʾv@ljpW|L2M: Wj1|B$p?n ]V(A슣t9#T`| @-c'd1s<ēo =$Ԅ7; +A񷠐n)ɡXXD>ġiFR{e">QTk㘘ڽ ՔGS( L $q!YUihja{i12A$K~O}y9tg|L8@wUwA;qAV>kq 4 }U\8$#﮻.[R&Fø@o9)P K1#E1>dt+]=^5[;隿ðOQ區҈FwsѼ~׹_>wQ#r޹lK^'+փ Gw"y!KrBVë<'utq)qfڌ7MJ,#L=X=ֈdȰ+"APKվ̂ Ӝ4"Z?N3bn *qZ9ºUXȬE`&|]L($T0r$`$X)XAU:]7?G:Ky6P^S(+RJ"4FYO |Zu3_f3Rt4Du~mGn_YVRX x~mN`o e܃*WVz[k':I|I NAN:os_,Ĩ#9cn1pAZd~l_eԉ9%2 \(?m[ħ{, /䎑F=:d=LP6'in&. [7t[b)-Nxsy2ؠ#%tBU['cv,Q7&}Z9} DK{,i;;_坠P.zsgOɍ2 Xw= Zt Ud_Rx~t n4kҼ?5L0c,H~";'|$A1|_MuSOF 95C/3r¸E}ݨ+=hG_t?vOJw{ѧ}E 7tRTsd;i6ӱ$BUU+j*ۻA\EVe.tٓN|;9qi ,F}d3D?yiВ11>onR;5ԃz#@A}I.~(TR.fO뻬,J骇\v%(]MU-/^RRIJ>\'ϫ@" bY_BIKwvzYN ئW=1_3~O O=qԶىy|Uyg,da6з0[*=)$Ιd<J;moݍnL L ?#A;&JX۴ rUCaC:Z/0q0pHa $\jwl[#ƣt-C򽱢vp:qkMΟU0 |cM-9&p$~~ M{fr+ 7EAf˸!E%ÖdN._2Zl뎟2d]rv(5@Ɛwӗ?6n,?~󗟕QjwEx6;&4Q1_쐝zsQ?8ye<1:Z6WN/uc>Em[Քjm(5 }!|$ČL'>(x{gSD YHtOٜxfF2jVX Q̾˭QGQgQ/J4M4\ >ʳnczh'O.`Z 4.#N☁$?=1+Qv:of1 (s ~-͠U 0,BSE-ʞVyIMN|(_?6r`k`,,M{.O,.0#.9U85ymYbDbd?Z%?ۊsC->Nbb 4T`;V j3_i@S%Wޮ8fWR'<0o*僃$気VJ/{iZrkm5F,&<"lu+IJ;/hdiH/C12u-z8yX*LU0iJr#, )S`_=/"<GH*i+ʳ+%~ >o&}X]+fZIU6l 8DsPi-/nA^ޞ/ՃMx֢^ !Let%pޚ!^^ M  DzagQm,&vaի4G/n~rYQmqn9l#0ڲ@`}afx!aOX}>}mf­\XcmцC}!D1@@t ǵCejx`=Qn@KRZY3BIP B._yBiKi~]a09Lx&0IJis%GFHEO4x4Qb4҆LlvlJ0@nJЕtX3FbRK3v15rQݞr]pjIݯSM€3p܍%w Ng_}mEt{:O!c>n9^_LDe+0_ RQpH0s$ږ_ِa_w:YS[ &m3C 0€,`G&N۞Gp@ BUEKp śd-܊WG8a3#֣X[]rC=8] \ 9Qm[;\Y^ɜ;^sAaɟ8v8OlN6g0M3?>*>L]x%uBO{=Tb$~[#7òQo[D}}Ό/\T vHFAvoE}1pʽ"a.P=VZVX[Ȧtj9w[IO듳Gub5 {DO /؆ [ u%EyhН;_5W|cy=h ݱ;?kopwe'?կyknzrK")^TB/|jϕ{[dp=s1ڔ^j⤏wmYï^bt4k3u#{A[of6௶aul:/Փ}=̫hF̊>wt)RrWjp,[C˺ Tx3= z!(׿g ƗY'!ZIHgcS8Wh 8eYXY3l@waFi'R ,m"%=D/].ޮb >ܹJFKt=Kʾ%3Xlm/#I,b'rX,hILÑ@usTQOvEtkqxr´lw4 ̀2.N-£E;Po|֊OZڗYΞC%Kxll9BMw n z{pQ>Y뽨)PAgXt~GD)~’AfSt_b f0 QCu&[y'ϩcD#? KD)PG%߈A~뇺ݙ} jqh!нg$WGb_\sn?`.M%#Vf ͬͱ-j5%Fd]F Rd33KPG"y԰txG*F¯R^fFܞUk}6Eh%%MF(hdtigLy;y) L5! H!YYv' .G>aXv/>VHY)R[YS_D_t[6jf0d1%# ):]Б_JuOʯIgOnn4{}A6ژy녟iF4Y2gMr'/䎉\ix##6یk3`ax*K_߰,VIm{d72[ kEꊍBLSK3" p7h CsN.7v߾U Cy|P_[{:}GT :`ߩ1q>9 ϻ<R+wga-=2&.xC~!M}ScPx- rH8G3[޾y}S&CDRw.sO0 ឩTHVdL4"&(qTi+$<79࿾_zLiJ % œ 5"  BeG;%HJ 1шby 1SS<>G#@ AR?v;WLQZj*!b3wȧX,o }nyH"0XJ.{eEt0w  s;uI:ojS#}uR*'M&7bS>oI]hD&5+<v<)s_sʯz}I8SޅnN9rz}y hj生@Si}A(Shu֗wZFS3˜r'{^N'(ٮq3>E">"@\9_^E^?攟AYNߠo9P~S{3 ?9s w3~]7]?/WW9q_ s?=_P>G(W}#cn&&oonr/=IR<9k^qNy8rEUrXB]@y>(P/ntsث:WJsz9^}JFF&话n+]a芫-5nk Ǥjuv^_BKHe^ٛLCGP/<*Y}Mchto$.rd&}:=WWvl+x._[nNJ>S\ȜHWɴVی SiןQǒGЬg]#=D?|[2YwI8$@{].6pqS0n/|+ 4` }ExvY^]Yj7m!O1y}2oفOh] ߊč,y %h00(\χ>1xj namzם'4`/烫6{̦d󰮲iXʪ9(ѰH "79<R9g!螩z$/B {0"Θ]7;́a[@R'o6*VZя;_5f=""CSL`FTMVYi2ZE9(W&K<# .=M^et fMȡ!pCfJC Dk(x>[x˭cEx_ƴmBfh0l|y Nd`?$Lo9Xj,.#v2QW!+<ĝ+f4X pot1R {{[2gډe:ɇ`LI8SsBӄY"DӼxl4@;4Xb9SYF Tz\^:#&23Mť{6\x| "e*1à Qk`Vϙer-c6O-5U,%w|wfɉؼ!80B\hdNXM^`yC0HqmX<apSZc2 BrFW̃`Ƹg=/Čk,%fxv!}A{t)1-X Ơ=^`jd1ck tDm7g@oJ`Xkt JV7ܳl#byCܞ0۰܉L -f!1-0Vݡd`6Nώ;]95 Wuu;В_+/IϐR(K)H uY{N6 )4˧MϫH΢P aNm% 1oE)R%:f*Hvx*D0)n93D:9Am'{;*lٹ ˜2J1Д8ٶ2#OA#r ӏe[ O"C24a (zc<9znG}L4ϦJu!A]?_vs[>/R`n)ZF,c-ԭ<P8_C~C.vjmnJQXƺa#¶u4mщo߉n^3Qa[O_%h72b5g_yfȅ^`\YG+n:' 7X;EB(O}y9tC*G꛺UEώ7z_Q}BeFBl4.$7λy:?C[7nyq˖UQ- Q{jgA0}U\KWzvC&ȕ/g2F#-<#DYf]*Z5Nj|ӷۊ#iQg8&rYOZiKmw8n~뉘h6JM? ۔̡9MR"Zi/!zR<>էr09d֊V&|&Z2cˤ_ l׉'