Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
 ·BTOpenworld
| Microsoft Opening Up Vista Kernel To Security Vendors
from
»www.techweb.com/wire/193302307
"..
Microsoft has compromised with security vendors who've been demanding access to the kernel of the upcoming Vista operating system so that they can update their security offerings, two analysts confirmed Friday.
Following conversations with the European Union, Microsoft will make two security-related changes to Vista. First, it will create a new set of APIs, which will let third-party security vendors access information from the kernel. Microsoft will also build additional APIs to make sure Vista's security status dashboard -- Windows Security Center -- doesn't send duplicate alerts to users who have installed a rival dashboard.
..."
Cudni
--
Some are born to failure, others achieve it, all deserve it.Help yourself so God can help you.MVP, Microsoft Windows Security 2006 |
|
SUMware
Premium
join:2002-05-21
1 edit | Vista stripped-down for EU & S. Korea
Microsoft makes changes to its Windows Vista operating system to conform to EU and S. Korean demands
Microsoft is giving in to demands from the European Union (EU) and will be releasing a stripped-down version of Windows Vista for that region. The company will also offer a similar version of Windows for the South Korean market in order to stave off further litigation. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to Cudni
Re: Microsoft Opening Up Vista Kernel To Security Vendors
So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? |
|
SpannerITWks
Premium
join:2005-04-22
| reply to Cudni
Wow surprise surprise, and right out of the blue too !
They must have been reading some of the threads on here, amongst other places. But at least the're listening and must have taken on board some suggestions, if only because of All the time and effort and $ they'll save by protracted resisting.
Wonder how far down the " path " they'll let vendors etc go ?
Interesting times indeed !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dave
said by dave  :So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? Dave-
Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time?
Thanks. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
| said by AB :said by dave :So providing an API to retrieve certain (unspecified) information is all that the people complaining about PatchGuard really wanted? Dave- Any chance you could explain to rubes such as myself what actual real-world impact this has on the 'no one can access the kernel' security lock-down of Vista, or would you be lacking enough information at the present time? Thanks. They seem unrelated to me.
The original complaint was that it was no longer possible to overwrite certain dispatch tables, say for example overwriting the entry that says "when syscall #42 is implemented, jump to the function that implements NtBanana in the kernel". Overwriting the table allows you to seize control when an app calls the NtBanana system service; this can be used for good or evil, and is now no longer possible due to PatchGuard.
Instead of this ability, the security-app vendors are now apparently being provided with calls whereby they can look at certain vague "information" that the kernel knows. This is, on the surface, completely unrelated to being able to patch kernel data structures.
I suppose it all depends on what this "information" might be; the article was maddeningly imprecise. Maybe there's going to be a way to get hooked in to knowing that an app called the NtBanana service without actually intercepting the call.
Nevertheless, it sounds like McAfee/Symatec were screaming that their nuclear weapons were being taken away from them, and now they've been offered a handgun and they're happy again.
This sounds like goodness to me, esp. if the article is correct in that the security apps are simply getting to read info. Security consists in large part of not having more access than the job requires - so if what you actually want is to read something, don't go having the ability to completely alter the system's flow of control.
----
Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by dave :. . Sorry for the vagueness of this response, I don't know any more about what is really happening than that single article. Sorry for the vagueness? Hardly.
An incredibly concise and informative response, considering the freshness of the information available and the time you have had to examine it.
Thank you, Dave. Very, very much!  |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
1 edit | reply to Cudni
Bear in mind that I'm basing my opinion on one not-very-informed article, so don't blame me if it turns out to be complete pants. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | It is too late now to backtrack. You will be held responsible so better be proved right and not some thongs 
Cudni |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to Cudni
I read all but one of the articles (one won't load) and it is not clear to me what happens here. We get a Vista that forces Microsoft's search engine on us and forces Microsoft's version of a pdf reader on us and we can't buy the AV of our choice because the APIs that are being offered to certain vendors are only for the European and Korean versions? Only the Europeans and Koreans get a decent version of Vista? All because the Department of Justice is asleep?
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.ie7.com/ |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | There's nothing in the article I can see that says the changes made to satisfy the EU will be available in the EU only.
(There is some mention of Korea "getting a unique view" but I don't know what that means). |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to dave
said by dave :Bear in mind that I'm basing my opinion on one not-very-informed article, so don't blame me if it turns out to be complete pants. When I request an opinion, that's all I expect to get in reply.
No blame shall be assessed, by me anyway.
BTW, Paul Thurrott has pointed out that a Service Pack 1 for Vista is already scheduled to be released for about a year from now, which will include a kernel upgrade. Apparently this will be the same kernel that is contained in the upcoming Server (I believe) version of Vista, again, to be released about a year from now. From the way he was speaking about this, it seemed to be a fairly important piece of news, as I take it kernel upgrades normally accompany a whole new version of an OS, not just a Service Pack.
Just an FYI, food for thought, food for comment, or whatever. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
1 edit | reply to dave
UPDATE 6-Microsoft makes changes to Vista in EU, S. Korea
»today.reuters.com/news/articlein···ype=qcna
It's that title that makes me wonder if the changes Microsoft agreed to are ONLY for the EU version (and Korea gets it own totally separate version according to another article).
To me it sounds like the changes are only for the EU.
EDIT: According to this article:
"Even with the changes, which will be included in all versions the company ships worldwide,..."
The article goes on to say that the European version and Korean will not have WMP and the Korean version will also not have Microsoft's IM software. So, it appears the other changes will be in all versions worldwide.
»www.chron.com/disp/story.mpl/ap/···109.html
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions"
»www.ie7.com/ |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
| reply to Cudni
»www.microsoftmonitor.com/archive···ate.html
PatchGuard. As I explained last week, McAfee and Symantec had raised competitive concerns over Kernel Patch Protection. Microsoft will modify the technology that will make available more kernel information. But that's something coming in the far future, right now projected for Windows Vista Service Pack 1. Microsoft plans to release kernel-level application programming interfaces that will provide access to information flowing to the kernel. However, companies like McAfee and Symantec would not be able to modify the Windows kernel as they do today.
API release as far away as Windows Vista Service Pack 1 is sure to cause some competitive grumbling. I don't see a huge problem, however. Kernel protection comes on 64-bit Windows Vista (and not the 32-bit software), and I expect customer migration to that version to take a long time; Service Pack 1 is sure to come sooner.
Competitors might also complain that Microsoft's solution is inadequate because they can't modify the operating system kernel, same as 32-bit Windows. Good! I'm no computer programmer, but I know enough that the kernel should be as secure as possible. The kernel should be sacrosanct. If the good guys get access, the bad guys are sure to, too. In fact, the API change is a compromise Microsoft should reconsider, if the priority is really securing the operating system. The company will disclose information that hackers conceivably could use, too.
Security isn't the only consideration. Kernel-level access can impact applications running on the operating system. I wonder how much Windows instability blamed on Microsoft is the fault of software mucking around the kernel. |
|
hayc59
VoodooChild
Premium
join:2001-02-26
In A Dream | reply to Cudni
Now this is great news for a whole lot of vendors!!  |
|
rotty97
join:2005-06-30
Australia
1 edit | I have the opinion that Microsoft have done the right thing, security companies are in effect "leaches", they leached of the insecurity of Windows.
Antivirus products can still operate, i don't see what the problem is, no product should modify the kernal. That is just insane.
cheers, rotty |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
 ·Vonage
 ·Optimum Online
| reply to Cudni
said by Cudni :It is too late now to backtrack. You will be held responsible so better be proved right and not some thongs Cudni Wait, back up the trolley.... dave wears thongs? 
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
DragonJoe
@sbcglobal.net | Re: Microsoft Opening Up Vista Kernel To Security Vendors
And how long will these changes push back vista |
|
