Submitted by “Microsoft has compromised with security vendors who’ve been demanding access to the kernel of the upcoming Vista operating system so that they can update their security offerings, two analysts confirmed Friday. Following conversations with the European Union, Microsoft will make two security-related changes to Vista. First, it will create a new set of APIs, which will let third-party security vendors access information from the kernel. Microsoft will also build additional APIs to make sure Vista’s security status dashboard – Windows Security Center – doesn’t send duplicate alerts to users who have installed a rival dashboard.”
That’s a nice new metaphor for “releasing the inhouse APIs which Microsoft was reserving for it’s own products”.
I think this is probably amongst one of the worst decisions they’ve made.
As much as Microsoft irritate me with some of their products, Windows has been fine for me, and to see them completely flat out refuse access to their kernel, to try and prevent malicious code I was quite impressed.
I do not see the problem of why Symantec etc were complaining, they should be concerned that the End User is safe, and now that Microsoft are at least trying to fix their mistakes to protect the end users machine, Symantec say they want it opened up, and let them have access.
If access is given to one, I’m sure it’s easy for other things to be given access, and where does it stop? Maybe whoever can pay the most for the API’s? Or a License to use them?
Edited 2006-10-16 22:22
Experts(?) were predicting that this patchguard thing would be hacked in a short period of time. So if security vendors can’t build products that hook into the kernel, that’s probably not a good thing if it is cracked and then becoems wide open for the bad guys.
Why? I can browse the source code for my OpenBSD or Linux kernels at will.
Not sure how refusing to let security vendors see the source improves security; possibly I am missing a step.
Symantec et al. were complaining about lost revenue.
I submit that the systemic problems here may be more fundamental than your current level of analysis, sir.
I think this is probably amongst one of the worst decisions they’ve made
Amazing !
I thought this would quiet the stupid ignorant people like you that were complaining because AV vendors that had enough weight to retaliate against MS were doinf what needs to be done. You don’t even understand what these vendors are asking for, but you will side with MS whatever happens, even if they are destroying your own rights.
How zealot can one be ?
As much as Microsoft irritate me with some of their products, Windows has been fine for me, and to see them completely flat out refuse access to their kernel, to try and prevent malicious code I was quite impressed
You were impressed because they closed their OS even more ? Wow !
If that’s not zealotry, I don’t know what is. It has exactly zero impact on you if AV vendors get these API or not. And FYI, MS not giving these API is wrong.
I do not see the problem of why Symantec etc were complaining, they should be concerned that the End User is safe, and now that Microsoft are at least trying to fix their mistakes to protect the end users machine, Symantec say they want it opened up, and let them have access
You don’t understand what an API is, but more importantly, you don’t understand that MS was wrong, so you can’t understand why MS released what should have been available from day one. You are so much in denial that you can’t even recognise a monopoly abuse when you see one : you MS zealots amaze me every time !
Now, if MS try to destroy Adobe (and Photoshop), I know for sure which camp you zealots will choose : MS one.
This despite touting Photoshop as the best of the best for years.
If access is given to one, I’m sure it’s easy for other things to be given access, and where does it stop? Maybe whoever can pay the most for the API’s? Or a License to use them?
There is no direct discrimination in an API. Everyone should “pay” the same for one API access.
I don’t give a damn if AV vendors are destroyed or not, but this kind of zealotry just amazes me !
So we can now have bloatware of McAfee or Symantec ruining Vista. Sure MS shouldn’t withhold API’s in this regard but it would be nice not to have those two companies f-ng with Vista’s Kernel.
Bloody EU.
“So we can now have bloatware of McAfee or Symantec ruining Vista.”
I didnt know anyone was forced to install McAfee or Symantec products. This is news to me.
“Sure MS shouldn’t withhold API’s in this regard but it would be nice not to have those two companies f-ng with Vista’s Kernel.”
Noone’s “f-ing” with the kernel. It’s just an API to access certain information in the kernel.
… for the Hacker Defender crew.
Now they can buy the SDK like everyone else.
This decision makes no sense.Seems like the Os will be compromised in terms of quality and stability, just so Symantec can make money from making it so.
Keeping these MS internal APIs hidden doesn’t make Vista more secure.
If dealing with computer security, what makes your system more secure is to have a software design which allows as much of the internals be revealed as possible.
Take the current encryption method with two large prime numbers, and a public/private key pair.
What is known to everybody:
– The encryption algorithm
– The decryption algorithm
– One half of the key
Only the private key is to be kept a secret, everything else can be revealed.
Therefore you only have to invest work and time and thought into how you can keep the private key hidden. That makes your decryption/encryption software less vulnerable, because you only have to worry about a very small part of the system which has to be locked down. The rest can be open.
It is similar with the operating system: If you have large chunks of the system which have to rely on being kept secret, then the security of that system goes down. Because crackers will for sure bot abide by the license terms which disallow reverse-engeneering and decompilation. So for crackers the secrecy does provide only a minor obstacle. But the software security guys have to abide by the license terms, so they cannot help mitigate the damage the crackers can do.
If access to APIs and source code were a security risk, Linux, the BSDs, and Solaris would have had much worse security than Windows during the previous few years. The reverse is true, all of these open sourced systems have better security than Windows.
If disclosing these internal APIs is a security risk, then Vista is already insecure, disclosure or not.
This decision makes no sense.Seems like the Os will be compromised in terms of quality and stability, just so Symantec can make money from making it so.
With or without the API’s, I have no doubt Symantec will continue to compromise the OS in terms of quality and stability, as has been my often wretched experience with them.
These API’s basically just give their engineers newer and more ingenious ways to hose your system.
Symantec’s reasoning was that they’re losing access to the kernel, which they also claimed to have gained using hacker methods. Now is Microsoft trying to keep hackers out, therefore shutting Symantec out, too. Since Symantec apparently can’t code their way out of a paperbag, they go the EU antitrust route and make things insecure again for everyone.
Then there’s this recent talk about those (russian?) experts going all the way claiming that Patchguard gets oh so cracked. If that actually happens, Symantec would have gotten a new way back in, anyway.
And lets not even forget that some of the other security product makers, like Sophos, claimed that their stuff works without the sort of kernel access, which Symantec seems to rely on. That should have been a clue enough for the EU, but who am I to expect a bunch of stupid politicians to have just a little clue in computers. Especially if you can pad the wallet with Microsoft income at will.