Microsoft's playing fair with security rivals, Kaspersky says

Days after McAfee knocks Microsoft for denying security rivals access to Vista tech, Russian antivirus specialist comes down on other side.

The story "Microsoft's playing fair with security rivals, Kaspersky says" published October 6, 2006 at 12:34 PM is no longer available on CNET News.

Content from Reuters expires after 30 days.

[thanhvn]

so, is MS closing off access to the kernel or not??

one side said microsoft did, another said microsoft didn't. neither side elaborate on what exactly does "closing off access to the core" means. cnet needs to do a better reporting job. putting aside how i feel about M$, symantec, and mcafee, and their ulterior motives, if the charge is true, then we are indeed worse off than before. security through obscurity has never been a good security model.

[alegr]

Always blame MS!

The real issue is: are there good working antiviruses for Vista. Other companies presented their working products, while McAfee and Symantec fell behind. How they are blaming MS for their own faults.

[richto]

Yes They Are Locking It Down.

Yes they are locking down the kernel. Especially on the 64 bit version of Windows where they are using the advanced security features of 64 bit CPUs to lock it down to trusted program modules only.

[Hardrada]

Definition of 'closing it off'

There are two main technologies at play here, both of which can be described as "closing off access", though there are responses to both. Simply:

1) Kernel Patch Protection -- http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/11/695993.aspx

"System entry points", which are the key gates your code goes through for things like file reads & writes, are monitored for changes. These entry points are used by rootkits to hide files and A/V systems to scan all files for viruses. A/V vendors will no longer be able to change these, but can use new APIs to monitor for file changes -- though this can require changes to their products.

2) Driver signing is mandatory on x64 platforms -- you must sign your code to write a kernel driver. Again, rootkits use this to hide themselves, but many legitimate drivers are today not signed. A signing key can be purchased from Verisign (or others) for a few hundred dollars, so for a company like McAfee this shouldn't be a burden.

[unknown unknown]

RE

From what I've heard patch guard will at the very least attempt to prevent kernal patching. Apparently new 64bit chips have built in support for a hypervisor to more readly support this type of feature.

[unknown unknown]

RE

From what I've heard patch guard will at the very least attempt to prevent kernal patching. Apparently new 64bit chips have built in support for a hypervisor to more readly support this type of feature. I think the goal of patch guard was to provide some protection against rootkit style software (something Norton has been using to allegedly protect the AV software from being disable by viruses).

[Macsaresafer]

MS is just abusing their monopoly again.

In the early 80s, there was CP/M, a true innovation. Microsoft
bought the reverse engineered copy of it and licensed it to IBM.
The MS Monopoly was born. Then Apple was first to market a
gui based OS, so Microsoft came up with a sloppy copy and
called it Windows. Around the same time, they were using their
monopoly to crush Word Perfect. In the 90s, Netscape
demonstrated there was a market for web browsers, so MS used
its monopoly to give away internet explorer. In the late 90s,
Palm demonstrated that there was a strong market for handheld
computers, so MS decided to use its power to dominate that
market as well. This century, we've seen them sell consoles
below cost and back stab their "plays for sure" partners in the
mp3 player market. Why would anyone be surprised that they
are now going after the "security" companies?

[FutureGuy]

That's whant product managers tell their CEO's

when their products are running behind schedule. Symantec doesn't have a product out for Vista yet so let's blame MS for it.

[wbenton]

Be on the lookout...

Be on the lookout for some kind of ties between Microsoft and Kaspersky.

That's the only way this story can be explained!!!

Either Kaspersky doesn't know what they're talking about... which I doubt... or there's some secret work in the background between these two companies. Even if it's just a payoff to write such a story!

FWIW

[jabbotts]

but the AV software does work on Vista

It's no conspiracy. Kaspersky and a few other more nimble AV software houses have written fully functional Vista AV programs. Besides, why would MS setup backroom deals with the little fish they could simply buy outright.

They're not saying "we have AV software that works with Vista and you can see it when Vista ships; we swear.", they've released the software and you (if you can get a Vista beta) can try it out for your very own self.