The company maintains that it has built a version of its Authentium ESP Enterprise Platform that can bypass PatchGuard without setting off the desktop alarms produced by the security feature when the Vista kernel is compromised. ESP Enterprise, an SDK sold by Authentium to telecommunications carriers and so-called managed services providers, offers virus protection, anti-spyware, data recovery, firewall and transaction security capabilities.
While I understand how MS holding the keys to the kernel away from other security vendors had a bad side, isn’t its complete opening also bad?
They can now install anti-virus that can bypass PatchGuard and not send off any alerts, so what stops a virus from doing the same thing?
PatchGaurd is broken? This doesn’t bode well for Vista’s built in security.
I agree. This is a very bad sign.
[joke mode]
Watch out for Steve Ballmer’s flying chair!
[serious mode]
Is anyone REALLY surprised with these news? Just to give us an idea, look at this poll held by vnunet. At the time I wrote this, these were the results:
Would you trust Microsoft’s Windows Vista security?
• Yes, absolutely – 1%
• No, I would still want to deploy third-party security technologies – 92%
• It is too early to tell yet – 6%
http://www.vnunet.com/articles/pollresults/2167127
Edited 2006-10-25 16:55
And a look at the same results page reveals:
—
Would you trust Microsoft’s Windows Vista security?
• Yes, absolutely – 40%
• No, I would still want to deploy third-party security technologies – 57%
• It is too early to tell yet – 2%
—
So it appears that it’s not as cut and dried as you think.
And I think the results would have gone the other way if they asked:
No, I would still want to deploy third-party security technologies that hacks into the kernel.
Edited 2006-10-26 06:04
Hahahah. Hahahahahah. Hahahahahahahah. Hahahahahahahahahah. Hahahahahahahahahah. Oooh, stop it, you’re killing me.
On a more constructive note, maybe MS should put the Office team to work on the next version of Windows, Windows NF (Not f***ed).
Edited 2006-10-25 17:38
Oh, please, don’t be such a moron. It’s mostly because people like you that most non Linux users hate us.
While Vista has no chance of making it to my PC, this is really bad news, if someone can bypass the checks in that way with a security tool, someone else can make it with a virus, a spyware or any other malware.
Anyway, I’m pretty sure that MS will fix this before launch, so it’s an non-issue.
“While Vista has no chance of making it to my PC, this is really bad news, if someone can bypass the checks in that way with a security tool, someone else can make it with a virus, a spyware or any other malware.”
And the bad news are? People will get infected with more virus because they still use Windows? Where are the bad news? People choose to use a crappy insecure and stupid OS so these is no news at all. If they want to be f–ked all the time, let them. In the mean time, us more savvy (Linux/BSD/OS X/whatever users) are free from shitty products and antivirus. This is no bad news except for those that will get affected by other’s mistakes.
It’s mostly because people like you that most non Linux users hate us.
If non-Linux users don’t think a breach like this is laughable at best, serious at worst, I don’t think indications of my amusement are going to have any effect either way. And what does this have to do with users anyway? Most users probably can’t code for **** (myself included), but when your OS vendor can’t, it’s BAD news.
While Vista has no chance of making it to my PC, this is really bad news, if someone can bypass the checks in that way with a security tool, someone else can make it with a virus, a spyware or any other malware.
Sounds like you think I’m gloating about how many people are going to be suckered by this. And you’d be wrong. I just find it funny that a company with such a high reputation and sense of self-worth is so clueless.
Anyway, I’m pretty sure that MS will fix this before launch, so it’s an non-issue.
Maybe. It should never have finished this close to launch, though, (assuming Vista isn’t going to be delayed again), so I’m not so sure.
Edited 2006-10-25 18:40
Hmm, I mean it should never have happened this close to launch.
Edited 2006-10-25 18:43
If non-Linux users don’t think a breach like this is laughable at best, serious at worst, I don’t think indications of my amusement are going to have any effect either way. And what does this have to do with users anyway? Most users probably can’t code for **** (myself included), but when your OS vendor can’t, it’s BAD news.
I assume you struck Debian off you list of approved Linux distros when their servers were hacked.
This is completely different. Debian is known for high quality software and servers that got hacked once. Microsoft is known for undeservedly ubiquitous software and a long and continuing string of embarrassing failures covered up with cynically Stalinist revisionist propaganda.
“Stalinist”
You’ve found the right word
Hmm, I mean it should never have happened this close to launch.
I totally agree with you here.
This is completely different. Debian is known for high quality software and servers that got hacked once. Microsoft is known for undeservedly ubiquitous software and a long and continuing string of embarrassing failures covered up with cynically Stalinist revisionist propaganda.
Embarrasing failures like having 90% of the marketshare? Hell, I really want to be as unsuccessful as Microsoft!
Look, I won’t defend what is impossible to defend (MS makes crappy OSes and looks like Vista is not going to change that), but I don’t find funny people getting f*cked up, and having hundreds of thousands of zombies sending spam to my email accounts. That’s all.
but I don’t find funny people getting f*cked up, and having hundreds of thousands of zombies sending spam to my email accounts. That’s all.
You’re quite right. I’m not going to issue an apology, though, because I wasn’t laughing at all the poor bastards who are gonna get suckered by this, but at Microsoft alone.
Embarrasing failures like having 90% of the marketshare? Hell, I really want to be as unsuccessful as Microsoft!
You’re right. Microsoft have been tremendously successful. However, I’m odd enough to hope that if I’m successful it’s because I’m talented, not corrupt.
“Look, I won’t defend what is impossible to defend (MS makes crappy OSes and looks like Vista is not going to change that), but I don’t find funny people getting f*cked up, and having hundreds of thousands of zombies sending spam to my email accounts. That’s all.”
People are fscked up because they don’t know how to use a damn computer. It’s like allowing anyone to fly an Airbus, because it has an autopilot. Computers are complex and most people don’t know how they work or how to make them work for them. The inverse applies and we get the SPAM.
This is completely different
Yes, I thought it might be … 🙂
I didn’t read the whole article…but has any 3rd party verified these claims?
Until then, it’s all speculation and looks like a great ploy to garner some high profile advertising for their products.
it cannot be unfounded. which company would like the public to think they out and out lied to them ?
some compaines “exagerate”, microsoft, sco, and pepsi come to mind….
but even they do not build a business model on outright lies
Raver31 said, “. . . they do not build a business model on outright lies.” and earlier lumped SCO into that group of businesses.
Did you really mean to say that?
SCO’s litigation business model is, in fact, based on lies.
This sounds like a nightmare on the security front, the biggest secret on permissions is to grant the least possible on the front end because you can alway add. The problem is going back and trying to restrict access to vital areas.
O’Donnell said that Authentium has informed Microsoft of its work, and that the software company asked it to abandon the tactic and wait for its new APIs, but he indicated that his company has no plans to do so.
Would you trust Authentium with that sort of attitude? sorry, if I was running a business, I sure as hell wouldn’t trust my business security on products that are hackware based.
The kernel access who-ha is nothing more than a marketing ploy by the big two anti-virus companies, not only to justify them not having to invest money into their product and get it up to speed – god knows what the f–k they’ve been doing whilst Windows Vista has been getting developed, but to also some how try to slander Microsoft over the fact that Microsoft has released a very good anti-virus/security suite which doesn’t royally suck like Symantec and McAfee products do.
How many people here, work in IT and find that 90% of the calls relate to issues pertaining to the crap products that are developed by Symantec and McAfee – if it isn’t Nortons stuffing up email settings, its McAfee anti-virus bringing a once speed machine to the speed of an old lady walking down the street with a zimmerframe.
Edited 2006-10-25 18:14
>Would you trust Authentium with that sort of attitude? sorry, if I was running a business, I sure as hell wouldn’t trust my business security on products that are hackware based.
So, you’re advocating a blind trust of Redmond, instead?
Better hire Theo de Raadt.
So, you’re advocating a blind trust of Redmond, instead?
Better hire Theo de Raadt.
How is TdR related to blind trust of Redmond?
I think a more accurate description is that he’s advocating supporting software that doesn’t use undocumented tricks in the system or straight out hackery to do a job when it’s not necessary to do so. The only AV companies complaining about this change in the 64-bit version of Vista (Which is already present in the x64 Edition of XP) are the ones who are not willing to rewrite their software to work on the new platform.
This kind of attitude leads to software the compromises system stability and ultimately security itself since the two are so intertwined.
No, why should I trust my business to a company who relies on unstable, constantly changing, hacked up kernel level api’s that could possibly cause unknown damage to my system integrity when I could rely my business on software developed using the publicly supported and maintaed API’s so that when I do apply patches from Microsoft for Windows, I know that my security software will just keep on ticking withouy any problems.
Microsoft makes API’s available to the public for a reason; they’ll maintain it, support it; so if you write your application for them, you’re pretty much assured that it’ll work in the future.
This company in question, however, is basing their product on a set of API’s which are undocumented, unmaintained and only for internal use; in otherwords; Microsoft has NO obligation to maintain those API’s, so if they need to change something in a future update, you’ll be in deep shit when you find that your hackware based application no longer works because the internal/hidden kernel api’s it relies on to run, no longer exist, have been significantly change or simply their ‘hack’ no longer works because Microsoft has addressed the ‘vulnerability’.
Like I keep saying, every time these companies do something stupid like opening their mouth and whine, it moves me closer to the idea of paying for Microsoft’s security suite.
When a program of any kind attempts to modify the kernel on a system running PatchGuard, which is already available in 64-bit versions of Microsoft’s Windows XP OS, the computer produces a blue screen and stops all other Windows applications from running.
Isn’t that a DoS vulnerability? I hope secunia takes notice of this!!! 😀
Edited 2006-10-25 18:27
Are people suddenly going back to the old Windows 95 days where BSOD were so common? Hehe, this is really funny.
Lets say I buy Authentium, and Patchguard or the mysterious API’s that allow bypassing are modified (say by the RTM version of Vista) and all my servers blue screen.
Will I install the “new and improved version” of Authentium?
I don’t think so.
Patchguard has been in Windows 2003 since SP1. Thats 1.5 years. Its funny Authentium never broke it until now …
Yeah, until we see evidence that Authenium actually works, then these are really nothing more than marketing claims.
shit
PatchGuard had been broken long before (check out the excellent http://www.uninformed.org, which contains a paper describing how it works and how to break it). These anti-virus guys just used their research.
The whole point of PatchGuard is not really to secure the machine but to prevent external companies from modifying critical kernel data structures. Having this system in place allows Microsoft to make updates to Windows which expose rootkits down the line. It turns what was before a totally impossible problem (how to tell whether or not a rootkit has infected windows) to a more solvable problem (what are the common ways to get around PG and how to nullify them). PatchGuard allows Microsoft to break rootkits through Windows Update. It also prevents “legitimate” programs from behaving like rootkits, so rootkit detection tools won’t have false-positives.