GCN Tech Blog

By GCN Staff

Blog archive

Microsoft opens 64-bit Vista to security vendors

Last week, we wrote about how Symantec and McAfee protested Microsoft's decision to block third parties from adding their own extensions to the 64-bit version of Windows Vista, an operating system due to be released later this year.

Well, this week, in an almost uncharacteristically speedy fashion, Microsoft has answered their concerns. Evidently, it helps to talk to the right people in the European Union.

The concerns surrounded the use of PatchGuard, a function that blocked modifications to the OS kernel. In theory, PatchGuard should prevent rootkits from surreptitiously modifying the kernel, though it also effectively blocks any legitimate modifications as well. (and some question PatchGuard's ability to block even malicious attacks as well.)

'[T]he security industry is very concerned that the decisions being made with 64-bit Windows will, in turn, result in a less secure platform. They will directly impact the development of new security technologies, and Microsoft [itself] will lose out, due to an insecure platform,' wrote Symantec's Oliver Friedrichs in a blog. Friedrichs explains the case in pretty good technical detail.

Initially, Microsoft's response to the security companies was basically to urge the companies try harder. 'Kernel Patch Protection is an opportunity for security companies to evolve and deliver new innovative security solutions and design approaches for customers that build on top of a more secure kernel environment,' one Microsoft official e-mailed us a few week back on the matter.

After the complaints had seemingly reached the level of the European Commission though'with whom Microsoft is hashing out various antitrust issues pertaining to Vista'the Redmond, Wash. giant decided to heed to the wisdom of the security vendors.

In a statement addressing a number of the EU concerns, Brad Smith, a senior vice president and general counsel for Microsoft, announced that the company has decided to add an application programming interface to PatchGuard. This API, Smith asserted, will allow third-party security vendors to enhance the OS with their own security measures.

'We devised a new engineering approach that will create and extend new kernel level APIs so that PatchGuard will be retained, the security of the kernel will be protected, and yet security vendors will have an opportunity to meet their needs through these kernel level API extensions,' he said.

Good news for the security vendors? Word is still out on if this move will be sufficient for them to offer adequate protections.

'It is encouraging that they committed to opening PatchGuard, the operative question is well, when,' said Symantec spokesman Cris Paden. Microsoft now needs to quickly establish a timeline specifying when the APIs will be made available, he said. Microsoft has not yet reached out to Symantec with any additional information, Paden added, leaving the company, and others, with scant time to ready new products for the OS. 'We needed that technical information yesterday,' he said.

--Posted by Joab Jackson

Posted by Joab Jackson on Oct 16, 2006 at 9:39 AM


  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.