Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Decries Vista PatchGuard Hack

    By
    Matt Hines
    -
    October 25, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Microsoft officials say they are unhappy that security software maker Authentium has decided to bypass the controversial PatchGuard kernel protection feature in its next-generation Vista operating system, and said that the tactic could lead to eventual problems for users of the companys software.

      Responding to Authentiums move to circumvent PatchGuard in its products, company officials said that the decision to hack the feature could prove unwise for the security vendor as Microsoft will work to close off any flaws that allow unauthorized kernel interaction, making technologies dependent on such access obsolete.

      As a result, users of applications that circumvent PatchGuard could find themselves unprotected from attack, or dealing with other problems driven by a lack of authorized integration between Vista and those products.

      “Microsoft is aware of public reports of ways to subvert the kernel in Windows Vista and has addressed them in current builds; however, we have not received any other reports of ways to subvert the kernel in existing builds of Vista,” said Adrien Robinson, director of Microsofts Security Technology Unit.

      “If a vulnerability is discovered in Kernel Patch Protection, Microsoft will issue a security update as part of the standard Microsoft Security Response Center process.”

      Further, Robinson said that the use of tools that bypass PatchGuard could leave end users PCs less secure as the technique could reduce the ability of Vistas onboard systems defense tools to identify and fend off rootkits and other forms of malware.

      In order to preserve the integrity of the operating systems features, security software makers should use the APIs provided by Redmond, Wash.-based Microsoft, rather than create their own methods for integrating with PatchGuard, she said.

      While Vista isnt expected to arrive on the market until November, PatchGuard is already in use on 64-bit versions of Microsofts existing Windows XP software.

      “We continue to encourage all software vendors to work with Microsoft on supported design approaches that work with Kernel Patch Protection to ensure that customers can have a secure and reliable computing experience on Windows Vista and Windows XP 64-bit systems, rather than putting customers at risk by developing approaches to try to bypass Kernel Patch Protection and as a result reduce the security protection of Windows,” Robinson said.

      PatchGuard has touched off a high-profile debate between Microsoft and security software makers over the technologys implications.

      /zimages/6/28571.gifRead more here about PatchGuard security concerns.

      Some companies, including security software market leaders Symantec and McAfee, have complained that the feature makes it impossible for some of their cutting-edge technologies to interoperate with Vista.

      The feature is meant to block any application from accessing, or “hooking” Vistas kernel commands, a technique used by vendors in anti-tampering and behavior monitoring tools, and used by hackers in attacking computer systems with rootkits.

      Symantec and McAfee claim the technology will greatly reduce the efficacy of their own applications, but Microsoft has promised the companies a new set of APIs that will allow their products to work without hooking the Vista kernel.

      Authentium took matters into its own hands, saying that it will work with Microsoft on the new APIs, but continue to develop products that bypass the feature in order to have Vista security applications available as soon as the OS is shipped.

      /zimages/6/28571.gifClick here to read more about Authentiums new version of its flagship product that circumvents the PatchGuard kernel protection technology.

      While some industry watchers contend that Symantec and McAfee are making noise over PatchGuard in order to keep regulators focused on Microsofts continued push into the security applications space, Authentium executives said their companys strategy is based purely on the goal of providing adequate protection for end users.

      PatchGuard is a good idea, but the company cannot afford to wait for Microsoft to provide APIs that give its products necessary access to the kernel in order to do their jobs, said Corey ODonnell, vice president of marketing at Authentium, based in Palm Beach Gardens, Fla.

      “Were not going to sit here and tell Microsoft to write a hole-filled product to keep us in business, but there will be hackers who beat PatchGuard, regardless,” ODonnell said.

      “Our solution to work around PatchGuard may be seen as detrimental, and Microsoft will patch it and we will need to reengineer, but our focus is on protecting customers, and this is what we needed to do in order to do that right now.”

      When a program of any kind attempts to modify the kernel on a system running PatchGuard, the computer produces a blue screen and stops all other Windows applications from running.

      Authentium said its workaround allows it to access the kernel without incurring the shut-down.

      The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature.

      The loophole allows the companys tools to infiltrate Vistas kernel hooking driver, and get out, without the OS knowing the difference.

      Authentium isnt the only party to contend that PatchGuard can be bypassed easily. A security researcher associated with the Metasploit Project has already published an essay of the Uninformed.org IT exploit research site that proposes several different techniques that could be used to circumvent PatchGuard.

      /zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Careers

      SThree’s Sunny Ackerman on Tech Hiring Trends

      James Maguire - June 9, 2022 0
      I spoke with Sunny Ackerman, President/Americas for tech recruiter SThree, about the tight labor market in the tech sector, and much needed efforts to...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×