Vista's Fortified Kernel Could Trouble Third-Party AppsBy Matt Hines | Posted 2006-08-10 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Researchers at anti-virus market leader Symantec join those who contend that security features built into Vista's kernel could retard innovation of new desktop defense technologies, and other aftermarket Windows applications.
Researchers at Symantec are questioning whether security modifications added to the kernel of Microsoft's Vista operating system could prevent the anti-virus company, and other third-party software makers, from enjoying the same level of integration they've enjoyed with previous Windows operating systems.
As part of a research effort examining the next-generation operating system's kernel, the software's very core, Symantec's analysts have been led to believe that Microsoft's work to better protect the product may impede innovation by other security applications vendors.
At least one other company, consumer firewall software maker Agnitum, has also complained publicly that Vista won't allow the same level of kernel-access as earlier iterations of Windows.
If the assertion, which is based on assessments of beta versions of Vista, proves true in the final product, Cupertino, Calif.-based Symantec and other aftermarket Windows software makers could be challenged to advance their products as quickly as they have in years passed, researchers said.
"The challenge we have is that these technologies eliminate the potential for third parties to extend enhancements to the kernel," said Oliver Friedrichs, director of emerging technologies for Symantec's Security Response team.
"We've traditionally used to this method to add security technologies into the kernel; with some of these new technologies, any tampering or modification to kernel will result in a blue screen, which means we can't use it."
Friedrichs and his team specifically identified one kernel modification used in the 64-bit version of Vista that could prove troublesome in such a manner.
The operating system's PatchGuard technology, which promises to prevent non-Microsoft programs from patching the Vista kernel, could make it impossible for Symantec's security applications to intercept system commands and protect users against certain types of malicious content, the researcher said.
"By hooking systems calls, we can see data passing through to the kernel and help protect against anything malicious," said Friedrichs.
"We have the alternative mechanisms that Microsoft has added to support this, but it limits the innovation we can make via kernel extensions in the future; there may also be new security technologies that evolve that need to access the kernel to do their job."
While Symantec roundly praises an overwhelming majority of the work Microsoft has done to improve the security of Vista, both in the kernel and throughout the product, the limited ability to integrate directly with the OS on its most fundamental level will cost third party Windows applications vendors in the long run, he said.
Friedrichs and other development experts at Symantec, the Windows anti-virus market leader and a longtime Microsoft partner, have publicly dissected beta versions of Vista, issuing a series of three reports identifying potential vulnerabilities in the software.
At the same time, the Symantec researchers have lauded Microsoft's efforts, including its work to reduce vulnerabilities in the much-awaited operating system's underlying code base.
In their latest Vista report, Symantec researchers examined a series of technological modifications made to the operating systems' kernel in the name of boosting security of desktop systems that will run the OS.
Read the full story on eWEEK.com: Vista's Fortified Kernel Could Trouble Third-Party Apps