Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Working With Security Vendors

Posted by ryuzaki0 on from the seen-the-light dept.

mikesd81 writes "The BBC is reporting on Microsoft's U-Turn. They've now given security vendors some of the information they want to make their products work with Microsoft's new operating system, Vista." From the article: "Earlier this month, security firm McAfee took out a full-page advert in the Financial Times to alert readers to its worries about the way Microsoft was handling the release of its new operating system. 'Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats,' the advert said. "

6 of 98 comments (clear)

  1. Oh No! by balsy2001 · · Score: 4, Funny

    MS is destroying my revenue stream by making a more secure OS!

    --
    GENERATION 27: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
  2. Re:World Domination by MollyB · · Score: 3, Insightful

    Don't they just do what they want unless they "lose" a legal case, then continue whilst appealing until the suit is moot? Or until a settlement is reached (money changes hands and minds)?

    MS is such a juggernaut that it flows around or over obstacles, like an avalanche, tsunami, mud (fud?) slide, etc. If McAfee and company survive, they'll be the exception that makes the rule, imho.

  3. Re:A trickle... by Rob86TA · · Score: 5, Insightful

    That's funny... Trend Micro had a fully working Anti-virus product during the Beta. They didn't need any special "Kernel Interface Documenation" to make it work. All the information needed was already available, this is about Norton and McAfee whining because THEY couldn't work with MS and wanted special kernel access, not the other way around.

  4. Antivirus and Security by TheRecklessWanderer · · Score: 3, Interesting

    It seems to me that lately the large players in the AV world (Norton, McAfee) have been trying so hard to differentiate their product from standard Microsoft offerings (i.e. add value to their products) that the cost/benefit of having one of the major player products is not good. We had a 20 or so copies of NAV 2005 (or maybe it was 2004) and we ordered them through Ingram Micro and we got the licences. So we installed the licences, and then a couple of weeks later they would need to be activated (again) but wouldn't accept the #. So after a month or so of this we scrapped the norton product, went to AVG and have had no problems since. So the moral of the story is that the large players are trying so hard to show that you HAVE TO have their product, and to make sure that you pay for it, that it is not a usable product, IMHO.

    --
    Mean what you say...say what you mean.
  5. Mark my words... by justinbach · · Score: 4, Funny

    Microsoft's security is gonna do a total 360!

    --
    I left my wallet in El Sigundo!
  6. Re:There seems to be a massive misconception here by drsmithy · · Score: 3, Interesting

    PatchGuard, quite simply, is "security through obscurity".

    No, it's not. Saying PatchGuard is "security through obscurity" is like saying passwords, etc are "security through obscurity".

    Basically, while the kernel is running, a hidden background thread continuously hashes the code sections of the kernel and validates that nothing has changed. If something changes, the system bugchecks (blue screens). PatchGuard's security comes from it being obfuscated.

    No, PatchGuard's security comes from not allowing unknown code to execute in kernel space. Ie: it stops things like rootkits from functioning by crashing the OS when it detects unauthorised activity.

    PatchGuard doesn't offer true security.

    No one measure offers "true security". PatchGuard is just another part of a layered security model.

    It has nothing to do with escalation of privilege - if you're able to modify the kernel, it's already too late.

    No, only if you *actually can* modify the kernel, is it already too late [for the kinds of attacks PatchGuard is protecting against]. Which is why the system crash-dumps - because there's not much else you can do in the face of an attacker who has already reached that level of privilege.

    PatchGuard was intended to stop commercial products from patching the kernel because frequently they do so improperly, and end up causing instability and local privilege elevation exploits. If a company got around PatchGuard, their product would only work until the next second Tuesday. However, rootkit authors may not care about that "time limit".

    PatchGuard is there to stop malicious and unknown interceptions of low-level system calls. In other words, the kind of stuff rootkits (in addition to badly written, but legitimate applications) do.