Slashdot Mirror
Windows' Patchguard Hinders Security Vendors
eldavojohn writes "Windows' PatchGuard seems to be upsetting third party security vendors such as Symantec, Sana Security and Agnitum. It sounds like the 'black hats' will be able to bypass this security feature (which will be in all copies of Vista) but force security software companies to give up developing software for Windows. From the article: 'PatchGuard will make it harder for third parties, particularly host intrusion-prevention software, to function in Vista,' said Yankee Group analyst Andrew Jaquith. 'Third parties have two choices: continue to petition Microsoft to create an approved kernel-hooking interface so products like theirs can work, or use "black hat" techniques to bypass the restrictions.' Apparently, using these techniques is not a difficult trick."
"Oh noes, windows has security! What'll we do?"
C'mon, get a grip. Despite the fact that this is a dupe, it still angers me that the 'major' pc protection companies can't deal with windows actually securing itself. They would actually consider using blackhat techniques instead of the provided methods? They'd be fools, too. Any blackhat technique they use would be immediately patched by Microsoft. Doesn't take a genius to see that.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
"Window's PatchGuard" should be an optional feature. If you dont' want to use it, (like me!), you should be able to NOT include it when installing etc. Being able to do what you want is the best way, forcing users only pisses them off.
I remember something about the entire kernel becomming a "protected process" under an MS implementation of TCPA/TCG/Palladium/(insert name of the week meant to spoof drm watchers here).
This was meant to be an "effective" means to stop viruses, but it served more to force licensing fees out of companies which provide security solutions and to stop independent tinkerers (also known as "good" hackers) from providing cool kernel mods for power users.
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
Providing Microsoft decides not to provide a better means for other software companies to run security products within Vista, I'm sure a large law suit will develop within the near future... in which case, MS will be handing over a good chunk of change... seems they always lose.
If they were smart, they would turn it into a way for them to make money. License the "technology" (for a "small" fee of course) to the software vendors so that they can attempt to provide a security solution.
A few years ago in office 2000 Microsoft dictated what attachments you could receive and what you could not. It sounds like Microsoft is attempting to create a business model of "If you want security you get it from us." and "We know better, you do it our way." Does the phrase duck and cover mean anything to anybody?
-- I am the NRA, enough said...
They would actually consider using blackhat techniques instead of the provided methods?
The entire problem is that Microsoft is providing inadequate "provided methods" to these security companies for them to do their jobs. This makes sense, since Microsoft is now in direct competition with some of these same security companies-- why would it provide "provided methods" which match the power of what is potentially available to internal development teams?
This isn't security, it's the illusion of security...
If Microsoft intends to have its own anti-virus software/mechanism they must feel they're capable of doing this without the kernel hooks requested by Norton and ilk. The only thing I would take issue with is if Microsoft uses an undocumented API in order to get an unfair advantage over the third party vendors. When that happens, wake me up and I'll get back up on my anti-Microsoft $oapbox. Until then... bleh.
Check out my lame java blog at www.javachopshop.com
Many people knock windows for being insecure, but it's not like Microsoft WANTS it to be that way. No, the people who want it to be that way are the "security" companies. Anti-virus companies have profitted from security flaws and viruses alike for many years now, and it has begun a rather booming business and the focal business model for companies like McAffee and Symantec. These companies have a vested interest in maintaining security flaws and the propagation of virues out on the internet.
Lets say the un-imaginable does happen: Windows impliments some radical change to secure the OS. What happens to these companies? They stand up and try and present themselves as our saviours against these "evil black hats" but aren't they the ones with the most to gain from the current business model? By making windows secure, they will effectively end a decade long business model for these security companies by making them obsolete. Thats a good thing for users, but a bad thing for them.
I find it appalling that they would consider Microsoft taking steps to secure their OS as being "anti-competetive" in nature. The "security" market in this case exists only due to flaws and vulnerabilities in Windows. Flaws, which Microsoft has stated time and time again they are trying to correct.
I think people underestimate the task put forth before Microsoft in making windows secure.
Take a look at MacOS. Crashed alot, lots of security flaws and viruses for being such a small marketshare at the time. Apple realized the problem, and understood that constantly applying bandaids to a broken OS wasn't working. They re-did the entire OS to get OSX. The problem, of course, is no OS9- programs run natively in OSX. They had an emulator for awhile, and alot of people struggled with the transition. Like a catapiller to a butterfly, they were reborn in a more evolved state.
Windows, on the otherhand, doesn't have that sort of luxary. If MS were to re-write their code so that no previous versions of software would work, and all developers had to start over from scratch and learn new methods to program, it would cause disasterous consequences both for MS, and potentially for the world over. Best case scenario would be apple releasing OSX x86 on non-apple hardware and taking over the entire market. This, of course, would be the virtual end of MS, which they have no desire to do.
Microsoft is faced with trying to secure a broken OS, without actually starting over (which isn't an option) or breaking the ability of developers to make software for the platform. I'd be curious (as I imagine MS would be too) if anybody can come up with a real solution to the problem? And if you can, can you do it while still allowing the current "security" companies to continue to cash-cow the general public?
1) Rewrite your kernel structure - nothing but absolutely necessary modules and drivers get access, everything else should run separately. No unecessary hooks, APIs and other nonsense. If this breaks the way certain applications function, too bad. Programmers and devs can learn to deal just like they deal with other crap, and maybe this will encourage them to stop being so damned lazy when it comes to their code.
/bin or /usr in the unix world. Clearly admins are, as the good old 'rm -rf /' will delete everything, and without warning I might add. They don't need to rewrite the filesystem just to make PF and Windows locked down; running Windows with proper permissions will acomplish the same thing.
This sounds like what they are doing...
2) Get rid of that stupid Registry, which is nothing but a tangled mess of exploits, vulnerabilities, insecurity and the cause of numerous BSODs. Not to mention confusion, because you need a freaking college degree to even understand what it does. Hell, even seasoned programmers seem to have trouble dealing with that thing! Even by your OWN programmers, MS; witness the unecessary garbage left behind by your own application installers!
Huh? There's only one part of the registry that will launch applications.. mostly its just a configuration store. As far as leaving garbage behind, that's the fault of the software vendors; they write the installers.
3) Rewrite your file system, and the way your file/folder structure is laid out. Programs should not have writable access to the Program Files, Windows, etc folders outside of installation and patching. Operating System files should be checked during boot, during access, and during shutdown to determine if they were modified. Compare them to a valid (encrypted) checksum of what they should be compared to what they actually are. Refuse to let them run if invalid. All other data, etc should be contained within some sort of userland directory structure, that is walled off from the core OS structure. Programs should not require Administrator level access to install or run. The OS should be a platform to make a computer and its hardware function, not serve as an easy way for lazy or malicious programmers to make 3rd-Party Program X do whatever it feels like doing (3rd-party programs installed to userland should not be able to install any modified OS files whatsoever). Programs that are not drivers, should not be allowed to install at the driver level. If BSD, Unix, Linux, etc can do it, why can't you?
What? You might as well claim that no one should be able to write to