Microsoft will meet with representatives from its largest security partners on Oct. 19 to provide those companies with more information about the software programming interfaces it is creating to allow for more interaction with the kernel of its 64-bit Vista operating system.
Spokespeople for the Redmond, Wash., software maker said that Microsoft is holding discussions with partners on the process for developing the APIs (application programming interfaces) it plans to distribute to allow security applications makers to integrate with Vistas Kernel Patch Protection tools.
The meetings will consist of online briefings held between Microsoft and the security software makers.
Company officials reaffirmed that those programming methods will not allow security software providers to disable the controversial technology, which is being added to the 64-bit version of Vista to help protect users against sophisticated malware strains such as rootkits.
Microsofts largest security partners, including Symantec and McAfee, have complained that the PatchGuard element of Kernel Patch Protection will prevent their intrusion detection and behavior monitoring technologies from working properly by disallowing access to the kernel.
After telling its partners and regulatory officials with the European Union that it would provide new Vista APIs to help assuage concerns about interaction with PatchGuard on Oct. 13, and another feature dubbed Windows Security Center, the company came under further criticism from Symantec and McAfee for failing to provide details, or a timeframe, for providing the kernel programming interfaces.
Microsoft has already sent the companies programming tools for disabling the Windows Security Center feature, which was designed to help users keep desktop security tools up-to-date.
Despite continued pressure from its partners to allow them to bypass PatchGuard, Microsoft officials maintain that no programs will be allowed to access the kernel, including its own security applications.
While intrusion detection and behavior-based security products have been allowed to modify the kernel in previous iterations of Windows, the technique was never meant to be used, said Stephen Toulouse, security program manager with Microsofts security response center.
By allowing even its authorized partners to continue to “hook” kernel functions with their products, the software maker would be increasing the risk for users in being attacked by rootkits and other threats, the executive said.
“Weve been absolutely clear from the beginning with Kernel Patch Protection that from a design perspective we remain absolutely committed to working with people in the security community to implement functionality beyond what is available today,” said Toulouse.
“We wont be revoking or modifying the technology, but rather accelerating our conversations with independent software vendors about providing them the ability to extend kernel support in a functional way.”
Has Microsoft Softened Its
The move to meet with the software makers to alleviate lingering concerns on the part of the companies over PatchGuard marks a significant shift in the tone that Microsoft has adopted in communicating with the security industry about the feature.
In previous months, Microsoft has suggested that ISVs needed to find new ways to innovate their products to work with the tools, versus conceding that it could do more to help the firms adjust to the design shift.
Despite Microsofts effort to quell the controversy over Vista security, which arrived in the face of EU inquiries into the operating systems new features and the software giants move further into the security applications arena, Toulouse said that his companys position has remained the same throughout the development of the OS.
He denied that Microsoft has bent its strategy to appease its security partners or industry regulators.
“Characterizing the move to provide more APIs as Microsoft caving is confusing for us, as throughout the development process weve encouraged all the parties involved to take advantage of the programs weve made available to them,” Toulouse said.
“This is part of the design process by which partners have the ability to contribute to the development of the product; weve said all along that we wont allow anyone to disable PatchGuard, and thats not going to change; this is about striking a balance of keeping protections for the end user in place and working with ISVs.”
At the heart of the controversy between Microsoft and its partners is the notion that the company is adding security features to Vista, and making changes in the overall design of its Windows platform, to promote its own interests in the security market and put its rivals at a disadvantage.
While Microsoft maintains that it has been open in communicating with its security partners and providing them with sufficient programming interfaces, Symantec and McAfee contend that the company is sitting on APIs and deliberately making it harder for them to design new products that will integrate with Vista.
In particular, representatives for the ISVs said that by making them wait for needed APIs, Microsoft has put them in a tough position for building products available at the time of Vistas introduction, which is slated for some time in November 2006.
To put the debate to rest, some industry analysts have suggested that Microsoft and its security partners should set a date to have all of their design disputes resolved in the name of helping customers prepare for Vista adoption.
At the same time that Microsoft has defended that PatchGuard is vitally important for protecting users against malware attacks, some security experts maintain that the system can already be circumvented by hackers.
A security researcher associated with the Metasploit Project has already published an essay on the Uninformed.org Web site that proposes several different techniques that could be used to bypass PatchGuard.