Host-based intrusion detection systems require access to the Vista kernel to detect malware

Microsoft to test security firms' patience until 2008

Redmond will not release APIs to provide access to Vista kernel for some time

vnunet.com, 20 Oct 2006

Microsoft is likely to keep security vendors waiting until 2008 before it can deliver APIs to provide access to the Windows Vista kernel, Gartner warned in an analysis.

The 64-bit version of Windows Vista uses the PatchGuard tool to protect the kernel against malicious code attacks.

But the technology also locks out security software such as some host-based intrusion detection systems that require access to the kernel to detect malware.

Security vendors including McAfee and Symantec have been pressing the software vendor to be more cooperative, and have lobbied the European Commission and Korean government to force Microsoft to open up its kernel.

Averting potential EU fines, Microsoft promised last week that it would make certain unspecified changes to prevent anti trust actions.

Microsoft will develop special APIs to provide security vendors with access to the kernel, but these will not be available for some time, according to Neil MacDonald, a distinguished analyst at Gartner.

"To avoid delaying Vista's release or removing the 64-bit version, Microsoft will work with independent software vendors to deliver initial capabilities and APIs in this area," MacDonald wrote in an analysis.

"We expect this in early 2008, when the first service pack for Vista will likely be released, with more complex work and more APIs delivered with the second service pack or later."

Windows Vista comes in 32-bit and 64-bit versions. The Patchguard APIs are required only for the 64-bit version.

Desktop migrations to 64-bit systems are expected to be slow because of a limited availability of 64-bit drivers. This should provide Microsoft additional time to make the required changes and appease anti-trust regulators.

Gartner urged enterprises to delay migrating to 64-bit Windows Vista if they are unable to find suitable security products, and called on users to pressure Microsoft to commit to a firm release date for the kernel APIs.

Microsoft has not officially published a timeline for the release of its kernel extensions.

The company did not respond to a request for comment on Gartner's projections.