Windows' Patchguard Hinders Security Vendors

eldavojohn writes "Windows' PatchGuard seems to be upsetting third party security vendors such as Symantec, Sana Security and Agnitum. It sounds like the 'black hats' will be able to bypass this security feature (which will be in all copies of Vista) but force security software companies to give up developing software for Windows. From the article: 'PatchGuard will make it harder for third parties, particularly host intrusion-prevention software, to function in Vista,' said Yankee Group analyst Andrew Jaquith. 'Third parties have two choices: continue to petition Microsoft to create an approved kernel-hooking interface so products like theirs can work, or use "black hat" techniques to bypass the restrictions.' Apparently, using these techniques is not a difficult trick."

Re:If Microsoft were serious about security...

[Dog-Cow]

"-Make programs have an .EXE extension to execute! No more .SCRs, for example. They're getting worse rather than better about this; I downloaded the AOL antivirus to try it out (OT rant about it follows) and the download had a .MSI extension. It confused me for a minute; is this like .ISO when it's really not an ISO but you have to rename it to get through the firewall? No, it just ran, and installed AOL's software."

Every GUI OS understands the concept of file -> application mappings. Most use file extenstions as one method of performing the mapping. MSIs are mapped to the Microsoft Installer application. There's nothing malacious or secret going on there. Or are you really stupid enough to open notepad and using the menu to open a text file instead of just double-clicking the file directly?

Re:Microsoft have their own security product - so

[init100]

Do you have anything to actually back this up, or is this just your speculation??

Windows Live OneCare service?

Re:Please get it right

[cab15625]

Are you talking about XWindows

Technically, it's "XWindow", singular. As in "The X Window System". But they've been struggling with trying to make people get it right for decades now.

Re:What if windows ever did secure itself?

[dpilot]

I think you've hit it pretty well, but there's one thing worth mentioning.

The Windows security problems are Microsoft's own fault, and at a FAR more fundamental level than merely flawed implementation.

The problems began because Windows began as a GUI shell on top of a single-user program loader. There's an old adage, "Those who don't understand Unix are doomed to reinvent it - poorly." Multi-user wasn't in there at the beginning, and retrofits were awkward. I realize that the NT kernel is a true multiuser kernel, but there's so much cultural cruft above it that it doesn't help, much.

The problems got worse through the Windows95 era because of 2 competitive fronts - DOS and OS/2. To cannibalize their old DOS base, they tried to sell integration - make everything just work together and give Windows an obvious advantage even to those unafraid of the command line. One of the many things they did to kill OS/2 was the 'API of the week." Many APIs were made up, I suspect on the fly by marketing, in order to give Win95 an edge over OS/2. Many of those APIs went by the wayside once they'd done their FUD-duty, but not all. The result of these 2 competitive responses was a bunch of stuff thrown into Win32 with little true architecture work or security concern.

Combine these factors, and I'd say that from a security point of view, the Windows API was broken-by-design back in the old Win9X days. Microsoft has been struggling ever since to clean what they can and limit the breakage of backward compatiblity to something that won't stop users from upgrading. They've built themselves a mighty fine knife-edge to dance on.