Thread: Vista and Security
View Single Post
Old 03-10-2006, 15:34   #8
Gareth
cf.mega poster
 
Gareth's Avatar
 
Join Date: Dec 2003
Age: 50
Posts: 7,101
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Re: Vista and Security
Haven't read the article linked above, but I'm assuming this is to do with McAfee and Symantec complaining at not having access to the kernel in Vista, as per the FT advert...?

If so, it's an interesting debate... McAfee's and Symantec's products work differently to those from other AV vendors, e.g. Sophos, Nod32, etc... McAfee and Symantec need more direct access to the kernel (I believe they both do kernel-mode scanning), which is what MS are allegedly disabling in Vista.

I can see Microsoft's argument - restrict access to the kernel and you'll mitigate virtually all of the recent exploits that have hit XP, 2003, 2000, etc... However, I can also see Symantec/McAfee's argument in that the kernel won't stay un-hackable for long, and once it gets pwned it will bring down 97% of the world's desktops.

Unfortunately, MS can't win in this situation. If they didn't use PatchGuard then they'd be criticised for not having such protection in Vista, yet when they do implement it, they still get criticised.

I'm partly wondering if this is just a case of the 2 AV vendors suffering from "sour grapes syndrome"... they've successfully built their businesses for many years on products which exploited flaws in Windows, and now that MS is attempting to fix these flaws, they're no longer able to use their products to generate income in the same way.

There's an interesting article here [betanews.com] which gives the response from Sophos to the Symantec/McAfee complaints.
Quote:
Originally Posted by Sophos Spokesperson via Betanews
Conceivably, if Sophos wanted to provide a "total security solution," given this new set of circumstances, wouldn't it need to understand some of PatchGuard's secrets? Surprisingly, O'Brien told us no. "At this point in time, Sophos does not see the need to be able to access the kernel within the Microsoft operating system," he said.

"If there is a point in time where the kernel becomes the subject of malware being written specifically to it, then I would expect that we would go back to Microsoft and tell them we need to be able to access the kernel. But at this point, it doesn't appear to be necessary."
Gareth is offline   Reply With Quote