White Hat Hackers
Hackers will quickly find similar ways to defeat PatchGuard once it arrives, said Corey ODonnell, vice president of marketing at Authentium, and thats why his company isnt waiting to see what Microsofts APIs will allow for, he said. "Good and bad guys have the same job, to identify holes in whatever software is delivered and beat it," ODonnell said.Microsoft representatives didnt immediately respond to calls seeking comment on Authentiums move. ODonnell said that Authentium has informed Microsoft of its work, and that the software company asked it to abandon the tactic and wait for its new APIs, but he indicated that his company has no plans to do so. While Authentium is optimistic about working with Microsoft to find ways to integrate their products that both companies can approve, in the mean time the security specialist feels it is smarter to have its own methods for interacting with PatchGuard at the ready. The company said it believes the APIs may do more harm than good once available, as the tools may allow less experienced hackers to use the guidelines for creating attacks. Rather than using the APIs, or allowing access to the kernel as in previous iterations of Windows, ODonnell said that Microsoft should create a certification system for allowing approved drivers to interact with Vistas core. Read more here about Vista kernel security concerns. "We do think that PatchGuard is a good idea, but the implementation is not the best," he said. "The API solution might make it easier to beat Vista, but anything that increases OS security is a good thing; we exist to help protect customers, and anything that advances that effort is helpful for everyone." Authentium may agree with Symantec and McAfee from a marketing perspective, in terms of demanding that Microsoft not use its monopoly status in the OS market to take over the security applications space, but ODonnell said the companies have overplayed their hand with the PatchGuard controversy. Telling customers that Vistas features wont allow some of their products to work with the OS may actually benefit smaller companies such as Authentium, he said. The real reason those companies dislike PatchGuard is because it will drive up the expense of developing their own products, he said, since the kernel protection feature will need to be patched and will force vendors to produce more software updates of their own. Spokespeople for Santa Clara, Calif.-based Symantec said the company is pleased with Microsofts move to provide new APIs for interaction with PatchGuard, and that it has no plans to attempt to circumvent the feature in its own products. Next Page: Microsoft defends itself.
"We will be the white hat hackers, and the first thing we looked at was how PatchGuard would be broken; we side with McAfee and Symantec on the marketing side, in terms of what Microsoft is doing in pushing its own security tools, but from a technical standpoint we dont see PatchGuard as anything more than another hurdle to clear."