All the latest UK technology news, reviews and analysis
|
|
|
27 Oct 2006
Security researchers with Authentium have found a way to circumvent the Patchguard security technology that Microsoft has built into the 64-bit version of its forthcoming Windows Vista operating system.
Over the past months the Patchguard technology has been subject of a fierce debate between security vendors and Microsoft because it prevents some anti-virus software from functioning.
Facing potential penalties from antitrust authorities in Korea and the EU, Microsoft earlier this month promised to provide application programming interfaces (APIs) that would allow third party security products to function properly in Windows Vista. It may take years however before these APIs will be published and fully functioning.
Authentium's technology allows an application to effectively disable Patchguard. The company decided to develop the tool because it required kernel access for its VirtualATM product that is scheduled for release in December.
In a blog posting the company argued that providing kernel access to third party websites will enable future security innovations.
"This is about enabling innovative new technologies and countering new emerging threats and criminal strategies. If new security innovations are not encouraged, consumers will lose out."
"If we (the good guys) can gain access to the Vista kernel, so can sophisticated, well-financed hackers. These days, most hackers are exactly that – sophisticated and well-financed. We implore Microsoft not to 'go it alone' in security."
Microsoft however said that it will not tolerate outside developers circumventing its technology features and plans to issue a patch to block Authentium's technique.
"If a vulnerability is discovered in Kernel Patch Protection, Microsoft will issue a security update as part of the standard Microsoft Security Response Center process," the company said in an emailed statement.
"Microsoft strongly recommends that software vendors do not attempt to bypass Kernel Patch Protection. This has the potential of destabilising and crashing customer systems, particularly in cases where Kernel Patch Protection is enhanced and updates are delivered to customers."
Microsoft stressed that it will provide APIs to offer functionality similar to that which developers had in other Windows versions.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
We have been given the privilege of recruiting for a...
My client is a proprietary, electronic trading firm and...
Our client is looking for a Senior Project Manager (Telecoms...
Business Analysts are being sought by my leading financial...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Secure Windows: A true oxymoron
After 26 years of working with Microsoft products, I've had my fill of empty promises like: "Secure", "Bulletproof" "Easy to use." As a matter of facts, one my clients just installed IE 7 and his computer locked up tighter than Fort Knox. So excuse me for not buying Microsft's latest bill of goods. I've seen too much to to trust anything they say. Btw, I'm switching all of my PC's to Linux.
Posted by: Brian 12 Nov 2006
Microsoft Need to Get Its Act Together
As can be expected from Microsoft, they are screwing with everyone as usual. Microsoft is completely delusional if they expect people to believe that Vista is secure. That is comedy at it's best. Microsoft and security shouldn't be mentioned in the same sentence. Microsoft has never been secure and with the level of programmers they use, never will be. Microsoft is only able to produce bloatware, filled with trivial feature enhancements that no one uses. Hey Bill wake up you are not fooling anyone.
Posted by: Chad 30 Oct 2006