Microsoft Meeting with Security ISVs over Vista Kernel

The software maker is providing its security partners with more information about the programming interfaces it will use to allow greater kernel interaction with the 64-bit version of Vista.

Microsoft will meet with representatives from its largest security partners on Oct. 19 to provide those companies with more information about the software programming interfaces it is creating to allow for more interaction with the kernel of its 64-bit Vista operating system.

Spokespeople for the Redmond, Wash., software maker said that Microsoft is holding discussions with partners on the process for developing the APIs (application programming interfaces) it plans to distribute to allow security applications makers to integrate with Vistas Kernel Patch Protection tools.

The meetings will consist of online briefings held between Microsoft and the security software makers.

Company officials reaffirmed that those programming methods will not allow security software providers to disable the controversial technology, which is being added to the 64-bit version of Vista to help protect users against sophisticated malware strains such as rootkits.

Microsofts largest security partners, including Symantec and McAfee, have complained that the PatchGuard element of Kernel Patch Protection will prevent their intrusion detection and behavior monitoring technologies from working properly by disallowing access to the kernel.

/zimages/3/28571.gifTiming remains an issue with Microsofts new Vista APIs. Click here to read more.

After telling its partners and regulatory officials with the European Union that it would provide new Vista APIs to help assuage concerns about interaction with PatchGuard on Oct. 13, and another feature dubbed Windows Security Center, the company came under further criticism from Symantec and McAfee for failing to provide details, or a timeframe, for providing the kernel programming interfaces.

Microsoft has already sent the companies programming tools for disabling the Windows Security Center feature, which was designed to help users keep desktop security tools up-to-date.

Despite continued pressure from its partners to allow them to bypass PatchGuard, Microsoft officials maintain that no programs will be allowed to access the kernel, including its own security applications.

While intrusion detection and behavior-based security products have been allowed to modify the kernel in previous iterations of Windows, the technique was never meant to be used, said Stephen Toulouse, security program manager with Microsofts security response center.

By allowing even its authorized partners to continue to "hook" kernel functions with their products, the software maker would be increasing the risk for users in being attacked by rootkits and other threats, the executive said.

"Weve been absolutely clear from the beginning with Kernel Patch Protection that from a design perspective we remain absolutely committed to working with people in the security community to implement functionality beyond what is available today," said Toulouse.

"We wont be revoking or modifying the technology, but rather accelerating our conversations with independent software vendors about providing them the ability to extend kernel support in a functional way."

Next Page: Has Microsoft softened its tone?