Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Decries Vista PatchGuard Hack

    Written by

    Matt Hines
    Published October 25, 2006
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Microsoft officials say they are unhappy that security software maker Authentium has decided to bypass the controversial PatchGuard kernel protection feature in its next-generation Vista operating system, and said that the tactic could lead to eventual problems for users of the companys software.

      Responding to Authentiums move to circumvent PatchGuard in its products, company officials said that the decision to hack the feature could prove unwise for the security vendor as Microsoft will work to close off any flaws that allow unauthorized kernel interaction, making technologies dependent on such access obsolete.

      As a result, users of applications that circumvent PatchGuard could find themselves unprotected from attack, or dealing with other problems driven by a lack of authorized integration between Vista and those products.

      “Microsoft is aware of public reports of ways to subvert the kernel in Windows Vista and has addressed them in current builds; however, we have not received any other reports of ways to subvert the kernel in existing builds of Vista,” said Adrien Robinson, director of Microsofts Security Technology Unit.

      “If a vulnerability is discovered in Kernel Patch Protection, Microsoft will issue a security update as part of the standard Microsoft Security Response Center process.”

      Further, Robinson said that the use of tools that bypass PatchGuard could leave end users PCs less secure as the technique could reduce the ability of Vistas onboard systems defense tools to identify and fend off rootkits and other forms of malware.

      In order to preserve the integrity of the operating systems features, security software makers should use the APIs provided by Redmond, Wash.-based Microsoft, rather than create their own methods for integrating with PatchGuard, she said.

      While Vista isnt expected to arrive on the market until November, PatchGuard is already in use on 64-bit versions of Microsofts existing Windows XP software.

      “We continue to encourage all software vendors to work with Microsoft on supported design approaches that work with Kernel Patch Protection to ensure that customers can have a secure and reliable computing experience on Windows Vista and Windows XP 64-bit systems, rather than putting customers at risk by developing approaches to try to bypass Kernel Patch Protection and as a result reduce the security protection of Windows,” Robinson said.

      PatchGuard has touched off a high-profile debate between Microsoft and security software makers over the technologys implications.

      /zimages/6/28571.gifRead more here about PatchGuard security concerns.

      Some companies, including security software market leaders Symantec and McAfee, have complained that the feature makes it impossible for some of their cutting-edge technologies to interoperate with Vista.

      The feature is meant to block any application from accessing, or “hooking” Vistas kernel commands, a technique used by vendors in anti-tampering and behavior monitoring tools, and used by hackers in attacking computer systems with rootkits.

      Symantec and McAfee claim the technology will greatly reduce the efficacy of their own applications, but Microsoft has promised the companies a new set of APIs that will allow their products to work without hooking the Vista kernel.

      Authentium took matters into its own hands, saying that it will work with Microsoft on the new APIs, but continue to develop products that bypass the feature in order to have Vista security applications available as soon as the OS is shipped.

      /zimages/6/28571.gifClick here to read more about Authentiums new version of its flagship product that circumvents the PatchGuard kernel protection technology.

      While some industry watchers contend that Symantec and McAfee are making noise over PatchGuard in order to keep regulators focused on Microsofts continued push into the security applications space, Authentium executives said their companys strategy is based purely on the goal of providing adequate protection for end users.

      PatchGuard is a good idea, but the company cannot afford to wait for Microsoft to provide APIs that give its products necessary access to the kernel in order to do their jobs, said Corey ODonnell, vice president of marketing at Authentium, based in Palm Beach Gardens, Fla.

      “Were not going to sit here and tell Microsoft to write a hole-filled product to keep us in business, but there will be hackers who beat PatchGuard, regardless,” ODonnell said.

      “Our solution to work around PatchGuard may be seen as detrimental, and Microsoft will patch it and we will need to reengineer, but our focus is on protecting customers, and this is what we needed to do in order to do that right now.”

      When a program of any kind attempts to modify the kernel on a system running PatchGuard, the computer produces a blue screen and stops all other Windows applications from running.

      Authentium said its workaround allows it to access the kernel without incurring the shut-down.

      The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature.

      The loophole allows the companys tools to infiltrate Vistas kernel hooking driver, and get out, without the OS knowing the difference.

      Authentium isnt the only party to contend that PatchGuard can be bypassed easily. A security researcher associated with the Metasploit Project has already published an essay of the Uninformed.org IT exploit research site that proposes several different techniques that could be used to circumvent PatchGuard.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Matt Hines

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×