Windows' Patchguard Hinders Security Vendors

eldavojohn writes "Windows' PatchGuard seems to be upsetting third party security vendors such as Symantec, Sana Security and Agnitum. It sounds like the 'black hats' will be able to bypass this security feature (which will be in all copies of Vista) but force security software companies to give up developing software for Windows. From the article: 'PatchGuard will make it harder for third parties, particularly host intrusion-prevention software, to function in Vista,' said Yankee Group analyst Andrew Jaquith. 'Third parties have two choices: continue to petition Microsoft to create an approved kernel-hooking interface so products like theirs can work, or use "black hat" techniques to bypass the restrictions.' Apparently, using these techniques is not a difficult trick."

Oh noes!

[Aladrin]

"Oh noes, windows has security! What'll we do?"

C'mon, get a grip. Despite the fact that this is a dupe, it still angers me that the 'major' pc protection companies can't deal with windows actually securing itself. They would actually consider using blackhat techniques instead of the provided methods? They'd be fools, too. Any blackhat technique they use would be immediately patched by Microsoft. Doesn't take a genius to see that.

Re:Oh noes!

[gstoddart]

C'mon, get a grip. Despite the fact that this is a dupe, it still angers me that the 'major' pc protection companies can't deal with windows actually securing itself. They would actually consider using blackhat techniques instead of the provided methods?

Well, history tells us that the likelihood of Windows actually securing itsself is pretty slim.

If they could use black hat techniques, then it wouldn't be secure now, would it?

Having said that, it's a catch-22. If Windows implements an approved kernel hook for the antivirus companies, it will get exploited. If they don't, then no antivirus software, but just as many virus writers.

Wether or not Microsoft is going to help 3rd parties sell software to secure Windows, there will be people doing the same things they do now. Except in that case, the consumer is on their own and waiting for Microsoft to stop them from getting pwn3d.

Cheers

Re:Oh noes!

[Nigel_Powers]

Don't kid yourself...this is NOT a case of Windows securing itself -- this is revenue protectionism at its best. Microsoft is actively trying to make third-party security vendors a thing of the past.

In all of this, Microsoft forgets the most important thing -- It's my freakin computer! If Microsoft hinders me from getting done what I (remember me? I'm the consumer) want, then I have to reconsider my OS decision -- which I did -- about 5 years ago -- and never looked back.

Re:Oh noes!

[phasm42]

To add to your point, customers won't care when their viruses/malware break, but they will care when the security software they paid for breaks. It could also discourage people from applying updates, out of fear it will break their security software.

Should be an optional feature.

[DNX+Blandy]

"Window's PatchGuard" should be an optional feature. If you dont' want to use it, (like me!), you should be able to NOT include it when installing etc. Being able to do what you want is the best way, forcing users only pisses them off.

Re:Should be an optional feature.

[Mister+Whirly]

Using Windows is optional. If you don't like the features, you don't have to use it...

Re:Should be an optional feature.

[cyber-vandal]

Yes you could just run your software on one of the many other Windows compatible OSes out there. Oh wait....

Why does this sound familiar?

[plasmacutter]

I remember something about the entire kernel becomming a "protected process" under an MS implementation of TCPA/TCG/Palladium/(insert name of the week meant to spoof drm watchers here).

This was meant to be an "effective" means to stop viruses, but it served more to force licensing fees out of companies which provide security solutions and to stop independent tinkerers (also known as "good" hackers) from providing cool kernel mods for power users.