Researchers at Symantec are questioning whether security modifications added to the kernel of Microsofts Vista operating system could prevent the anti-virus company, and other third-party software makers, from offering the same level of integration they enjoyed with previous Windows operating systems.
As part of a research effort examining the next-generation operating systems kernel—the softwares core—Symantecs experts concluded that Microsofts work to better protect the product may impede innovation by other security applications vendors. At least one other company, consumer firewall software maker Agnitum, also has complained publicly that Vista wont allow the same level of kernel access as earlier iterations of Windows.
If the assertion, based on beta versions of Vista, proves true in the final product, Symantec and other Windows software makers may not advance their products as quickly as they have, researchers said. “The challenge we have is that these technologies eliminate the potential for third parties to extend enhancements to the kernel,” said Oliver Friedrichs, director of emerging technologies for Symantecs Security Response team, in Cupertino, Calif.
For instance, Friedrichs said Vistas PatchGuard technology, which promises to prevent non-Microsoft programs from patching the operating systems kernel, could make it impossible for Symantecs applications to intercept system commands and protect users from malicious content.
While Symantec praised the majority of the work Microsoft has done to improve the security of Vista, the limited ability to integrate directly with the operating system on its most fundamental level could cost third-party Windows applications vendors, he said.
Stephen Toulouse, a security program manager for Microsofts Security Technology Unit, in Redmond, Wash., said Symantec may be overreacting to the PatchGuard kernel access issue. Microsoft locked down the kernel to improve security, not to hinder partners building security applications, he said.
Even Microsoft wont be able to create programs that use the type of kernel systems Symantec is worried about losing. Instead, Toulouse said, Microsoft has given partners a method to replace direct kernel access so they dont have to completely retool products.
“When you allow the use of unsupported calls into the kernel it introduces the possibility for security and reliability problems, and weve already seen rootkits take advantage of this capability,” said Toulouse. “To the extent that people are talking about restrictions in place hampering their efforts, the trade-off is that hackers cant [access the kernel] either; we wanted to level the playing field so that malware writers no longer enjoyed the same advantage as third-party software makers.”
Experts said the kernel issue could pose serious challenges to developers of HIPS (host intrusion protection systems) and other after-market security tools. Andrew Jaquith, analyst with Boston-based Yankee Group, said Microsoft also conceivably could use the design shift to its advantage as it enters the market for such technologies.
Vistas Militant Kernel
Microsoft has gone to great lengths to make the core of its next-generation OS more secure. Here is a list of security features added to the Vista kernel:
* Driver signing requirements to foil online malware
* Anti-patching technology to stop kernel manipulation
* Integrity checks to monitor kernel status
* Support for secure PC boot mode
* Restricted user access to physical memory
Source: eWEEK reporting/Symantec