Perspective: Why Microsoft is wrong on Vista security

For decades, and in every Windows operating system prior to Vista, Microsoft has relied on the contributions of third-party security vendors to help keep the user safe.

These products protected both consumers and corporate users from the ravages of malware such as viruses, spyware, trojans, worms and, most recently, rootkits.

These security products from independent software vendors even help keep people's computers safe from Microsoft's own critical software bugs, which notably have been on the increase in recent years.

Regrettably, Microsoft's own "buffer overflows" and "Internet Explorer exploits" have now become commonplace in today's lexicon. But again, the security products from the likes of McAfee, Symantec, Check Point Software Technologies, et al, have thankfully been available for people to choose in order to keep their computing experience safe.

Over the years, the users (i.e. you, me, our families and colleagues) have been able to select the best security solution for them from among any number of companies providing mature and innovative security products.

This cooperative and relatively safe computing experience is about to change for the worse in Vista.

I'm not sure how we can end this story on a positive note.

Dropping down to the core of the operating system, we see that Microsoft has implemented PatchGuard as a means of preventing access to kernel services that classically have been allowed and available in all previous versions of Windows.

In a nutshell, PatchGuard crashes the computer when it detects that specific internal data structures have been "hooked," which is a common way that malicious software starts doing its damage.

However, the good advanced features of behavioral detecting and intrusion protection software also work this way. So by attempting to lock out the bad guys, PatchGuard is also blocking advanced security features from working, and the user is much less secure.

A straightforward example of this serious condition would be to consider the case of a new mass-mailing worm suddenly appearing in the wild. Typically, known viruses are caught during the delivery process, when the file containing the virus is scanned for the characteristic signature of the malicious software. If the bit pattern defining a known virus matches that in the incoming file, the file will be quarantined or deleted, according to the policy governing this on the computer.

Listen up

McAfee chides Microsoft CEO George Samenuk and Chief Security Architect John Viega of McAfee discuss the impact of Windows Vista on security with CNET News.com's Joris Evers.

Download mp3 (5.4MB)

A new virus, however, will not yet have a signature characteristic, as it has not yet been studied by the virus research team, so this zero-day attack will slip past the traditional antivirus checks in the kernel. Then, when the infected carrier file runs, and the virus ultimately then gets launched, it is born on the computer and immediately begins doing its dastardly deeds; in the case of it being a mass mailer, it ravages the e-mail client's address book and begins sending out tons of e-mails.

The cool part of the story next happens when the security software engages to stop the virus dead in its tracks. All modern antivirus software contains--in addition to the basic signature file scanning mentioned earlier--a technique termed heuristical behavior detection that is designed to stop a zero-day attack like the mass-mailer worm being described.

The calls being made by the worm into the kernel are studied by means of the antivirus hooking the APIs (application program interfaces), and it can be determined from the specific API calls and order/frequency of the calls that a worm is active in the system. The antivirus then kills the worm by issuing an Application Terminate call to the kernel, and the user is once again safe.

Of course, some other details are not depicted in this simple example. But the main point is that this is the way state-of-the-art antivirus operates today--to first detect the virus signature and in using behavioral techniques to detect the new, zero-day presence of new outbreaks. And the killer part of this example is that PatchGuard will prevent this type of behavior-based zero-day detection from operating.

The standard technique employed by security vendors for years and years--hooking the APIs and the ability of killing applications--is specifically being blocked. Further, Microsoft, which has no similar detection technique, is preventing security vendor antivirus packages from using these advanced features--even though Microsoft does not have the ability to do this itself.

The net-net is that the user is demonstrably less safe as compared to during the XP days, when security vendors could use their advanced behavioral features.

I'm not sure how we can end this story on a positive note. With Microsoft's design of Windows Security Center and PatchGuard, the restrictions on user choice of security solution, the stifling of innovation being forced upon the industry and, most of all, the clear and present danger of dramatically reduced user safety all comes to a head in Vista.

I suppose one can only hope that Microsoft can come to the realization at some point soon that the simple Vista alterations suggested by the industry must be taken seriously and implemented.

Biography
George Heron is McAfee's chief scientist.

More Perspectives

[i_made_this]

MFE & SYMC both sound like crybabies

Microsoft's software created say 75% of these companies' revenues. What Microsoft giveth, Microsoft can taketh away by changing the o/s configuration in their on-going effort to make it more secure. No one's forcing anyone to use Microsoft's products or any other software company's products for that matter. If 75% of MFE's & SYMC's revenues tank because the market decides Microsoft can secure Windows better than MFE & SYMC, that's MFE's & SYMC's problem. Vista may force them to rethink their entire corporate strategies in an effort to survive and indeed these two firms may well become redundant. The market of supply and demand will be the judge, just like it was a dozen years ago when it provided an opportunity for them go public.

[lowgrass]

If MSFT can protect better that 3rd party, I will change

If MSFT can protect better that 3rd party, I will change. If they can protect me great, but you have to think about something. With multiple venders protecting in different way, it make a hacker hard pressed to figure out a way in. If they only have one protection in place, it is only a matter of time before people break it. Msft alone will never be better that having 3rd party venders........

[smilin:)]

Lies.

Ever had a blue screen because of your poorly written antivirus? You probably have (and likely blamed MS for it).

These "hooks" he describes are the modern day equivalent of redirecting an interrupt table to develop TSR programs. The problem arises when one vendor hooks into what another vendor has already hooked. Further more these techniques are just sloppy ways to avoid proper driver development.

THANK YOU MS for getting rid of this junk. McAfee can go cry me a river now that they have to write drivers properly.

MS also built new methods into Vista to allow 3rd party security vendors to attach directly to the filesystem and TCP/IP (now netio) stacks. They provided a way for the lazy and inept to safely integrate without crashing the OS or other 3rd party apps. It's actually *EASIER* to write firewalls, antivirus and other third party security tools for Vista.

I reject George Heron's entire premise. He's just upset that MS is making major architectural changes that will vastly reduce the attack surface of the OS. It means his company has less to do, and less ways to get your money.

Have you actually seen the Vista firewall? It makes McAfee's solution look like a joke and it's free! Oh well, instead of innovating McAfee will probably just cry "monopoly abuse" and sue...or post some FUD on News.com.

[richto]

Too True - The McAfee business model relies on Windows being broken

McAfee want windows to stay broken so they and similar bloatware companies like Symantec can continue to make money selling you fixes for what Microsoft can now fix out of the box.

So let me think - which is best for the consumer - Windows not being broken in the first place, or Windows staying broken AND having to pay for third party software that uses memory and slows down my system to fix the problem????

[lketchum12]

Totally Agree!

Well Said! - Yeah, he's most upset about changes that will not allow access to the Network Interface Drivers Specification in the sloppy way they had been doing it.

It is an outrage that such an opinion was allowed to be presented as fact and in such a way as to frighten lay users.

I am glad to see some fellow devs speak up and call this nonsense what it is, pure FUD.

[GoodThings2Life]

You're Wrong

I'm sorry, but I must disagree with your analysis. You (McAfee) are way wrong on this issue, and so is Symantec. It is your responsibility as an security company to adapt to the changing security issues of the time, rather than continue to thrive off of yesterday's exploits!

It is Microsoft's operating system, therefore it is their responsibility to take appropriate actions to secure it. I completely agree that securing the kernel is the right action to take, because rootkits and nearly every other issue have been a problem caused by access to the kernel. It's poor design to even allow it in the first place! Microsoft is taking steps (finally) to address the issue. Sure, I don't really like some of the new security ideas in Vista (User Account Protection is annoying), but certainly they are getting it right with kernel protections!

Companies such as McAfee and Symantec have been thriving on this problem for years, and frankly, I believe both companies need to take a step back and re-evaluate their businesses. You tell consumers that your products are adaptable to security threats AND offer more than what Windows offers all the time... Frankly, it's time to pull your foot out of your mouth and prove those claims! Adapt your products to the new model!

That said, I'm a recent convert from Symantec to OneCare. Why? Because OneCare is a superior product. It is very light weight on system resources, it is effective at its job, and it stays out of the way. I'll be honest with you... I don't like McAfee products. I've tried them off and on for 10 years, and I always find them cumbersome at best.

So maybe it's time for you (McAfee) to invest some money in research and development to revamp your product line to truly make them better than what is available and to adapt to the new technology that is available... don't you think? :)

Regards,
Aaron M. Hall

[cjohn17]

Huh? It's McAfee's Fault?

Because MS can't secure it's OS at the core, it's McAfee's
problem? True, you point a finger at MS but spend the rest of
your comment lecturing McAfee.

Don't understand that. Especially when other respected security
companies have been lecturing MS for years to clean up their
act.

Vista will be MS's undoing.

[lowgrass]

MSFT will have issues and third party vender will be there to fix it

MSFT will have issues and third party vender will be there to fix it. END OF STORY.....

If MSFT can build a bullet proof OS, great....that will make the world a better place, but I do not see that happening. Look at their track record people! What makes you think MSFT is all of a sudden going to make on product to solve all the problems.....

[mnemonic]

I agree on both points, happy OneCare user as well;

I've never understood the Symantec/McAfee argument about this when I heard it was really about the kernel 'lockdown' issue- ANY truly secure OS (i.e., Unix, *nux, and the Mach-based OS-x, heck, I think Be had it, too) locks kernel access to prevent unauthorized applications from altering/corrupting the 'core' of the OS.

I'm also a recent convert from a combo of NAV/ZoneAlarm (plus SpyBot and other anti-spy apps) to OneCare myself- and I've been recommending it for most of the home users I support, as well. Yes, ZA is a more customizable and robust product- but you know what it isn't? User friendly! I used to have to spend a huge amount of time trying to explain to people who can barely install an application what the relatively 'arcane' pop-ups from ZA (and others) meant- and even when I showed them the 'Advisor' they usually didn't understand it's advice, either! OneCare, btw, uses the 'friendlyname' value, when available, for processes that ask for internet access- WHY don't most other firewalls do this?!

Not to mention that many home users don't even get that an anti-virus product needs to be updated constantly, or it ends up being largely useless.

The single biggest advantage that OneCare offers, is that it's VERY user friendly- too friendly for me, to be honest (like many MS products, lol), but for customers (who I can't even get to run SpyBot periodically), it's much, much easier to use, since it basically runs/scans/updates/backs up itself *without any user intervention* by default, once it's installed. The only things the user ever sees are the systray icon and the 'friendly' little pop-up ballons that say 'OneCare Live is up to date" after an update. My 'support' calls have diminished markedly, and that's a good thing, since I don't get paid for them!

[kalodev]

Best decision MS has ever made

Forbiding direct access to the kernel, by anyone - and that includes Microsoft other Product groups -is one of the best decision ever from Microsoft. The claims by security vendors are simply rediculous...

[aabcdefghij987654321]

Half the story

McAfee and Symantec are pouting because MS is making them fix their defective products which use the same interfaces that the hackers used by making those interfaces unavailable. Since MS also made ways for anti-virus software to detect the kind of behaviour the author says he needs kernel hooks for I can only assume his software development team is incapable of writing code. Given the huge amount of overhead their software imposes on the end-user and it's intrusive and noxious behaviour that's not a hard charge to believe either.

An example of it's noxious behaviour is the pop-up window it creates when it updates it's virus definitions, it always pops over whatever you're doing, it does it multiple times if you try to return to work and most amazingly of all the box totally fails to identify what product is doing the "updating" so unless you know that you just installed this software and this is a new behaviour you may never know what software is causing this pop-up. That's a perdect example of the kind of thinking you have and why I'll be happy to see your company go bankrupt.

[rcrusoe]

Pot, meet Kettle

Most AV company's success is dependant on Microsoft
continuing to build insecure operating systems. Now MS
appears to be saying they no longer need third parties to make
Windows somewhat secure.

So be it. If MS can make Vista secure - great. But I'm one that
thinks they should charge extra for protecting their customers.

I'm also one that thinks that MS, and their customers, will
quickly learn that they still need 3rd party protection. Time will
tell.

[yngdiego]

Keep your hands out of the kernel!

I totally agree! I'm SO fed up with these AV vendors claiming how insecure Vista is because they can't stick their dirty fingers into the kernel and cause more problems than they solve. All praise for MS and keeping people OUT of the kernel.

Microsoft own internal security products use the published APIs, so there's no reason why AV vendors can't do the same. Also, Windows XP x64 and WIndows Server 2003 x64 SP1 both have Patchguard and you didn't see the AV vendors crying a river over that.

These AV vendors are spreading such disinformation, that I will NOT buy either vendor's product. In fact, Symantec has caused more problems on our production servers they they solve. I'm so fed up with crappy AV software that I will seriously consider MS OneCare and boycott McAfee and Symantec.

I for one think MS is doing a great job at securing Vista, and I'm planning on running the x64 version so I know no 3rd party apps are inserting their badly written code into the kernel.

These vendors should grow up, use the published APIs, and write quality code that conforms to best practices and doesn't go injecting their code into the heart of the OS and making my OS LESS secure.

[rcrusoe]

Pot, meet Kettle

Most AV company's success is dependant on Microsoft
continuing to build insecure operating systems. Now MS
appears to be saying they no longer need third parties to make
Windows somewhat secure.

So be it. If MS can make Vista secure - great. But I'm one that
thinks they not should charge extra for protecting their
customers.

I'm also one that thinks that MS, and their customers, will
quickly learn that they still need 3rd party protection. Time will
tell.

[jones_8099]

Mac user that thinks MS is right?

I am, by choice, a Mac user and I must say that most of the
security upgrades that MS is bringing to Vista have been in OSX
for a few years now. And the AV companies such as McAfee (I
use Symantec on my Mac) have adapted their products to work
on Mac computers with little intrusion to normal everyday
operation of the OS. However on every Windows machine I use
McAfee is a pain in the butt and causes more trouble than its
worth. I use Windows machines in the military so we have to use
McAfee. But my point is the security features that MS is bringing
in aren't new, its MS finally making progress to secure their OS
and good for them. McAfee and Symantec are just being lazy
and don't want to have to improve their product. I use Symantec
AV but short from that I use the native security features in OSX
and thats the way it should be on any Windows OS. So on this
front I totally agree with MS, however their revamped anti-piracy
software (spyware) I totally disagree with.

[Graham Fluet]

Unfortunately...

if MS REALLY wanted to make a safe system, they would eitler make
onewcare included with EVERY version of windows or, which is
harder but more rewarding, rebuild the OS from skratch and not
include any legacy code, and run apps not made windows (because
it could not be called Windows) in a virtulized version of the last
windows OS.

[Heebee Jeebies]

It seems to me...

That we finally have Microsoft taking steps to make Windows more secure and the anti-virus companies are upset, not because the consumers computer will be unsafe but because for the first time in 5 to 8 years they will actually have to do more to their product then just slap a new interface and version number on it and call it an update. They will really have to update their product.

I think I am going to cry!

Robert

[bluvg]

So why no outcry when XP x64 was introduced?

This mechanism isn't new--it's present on the x64 editions of XP and Windows Server 2003. And, Kaspersky Labs and Sophos don't have a problem with it. The only thing Microsoft is shutting down is the undocumented hooks into the kernel, which they should. AV vendors just have to adapt their products to the new OS.

Microsoft has received so much attention about securing their products, and now they are. McAfee and Symantec should tread lightly how they approach this subject. Full-page ads in the Financial Times are not the way to solve problems. They may find out that customers resent the fact that they are trying to obstruct Microsoft from securing their product so that McAfee/Symantec can secure their profits. We aren't blind--McAfee/Symantec aren't appealing to Microsoft directly, they're hoping to appeal the mixed feelings or ill will many people have towards Microsoft. Apparently, McAfee/Symantec don't realize many people aren't so fond of them, either.

[Jim Hubbard]

Because nobody is using it....

No users = no outcry.

[gbedford]

heuristical behavior ?

If heuristical behavior actually caught viruses, why do we need sig files?

Can anyone tell me of a virus actually caught and stopped by heuristics?

[lowgrass]

Intrusion Prevention has stopped many viruses on my computer!

Intrusion Prevention has stopped many viruses on my computer! I was running Symantec for years and thought I was totally protected. I recently have moved to Mcafee Total Protection for Small Business. It has a version of Intrusion Prevention in it. After I installed this, i found that many of the files and programs that I was using before where infected with Viruses! I had 3 buffer overflow expliots that were caught on 3 different programs thanks to the intrusion provention. For me to think of trusting Microsoft alone for my security would be like trusting the mob for my protection.

[Björn Lundahl]

Yes, and sometimes ?heuristic detection? cause problems

Heuristic detection capabilities sound good but can cause a lot of problems. I used Avast! Home Edition (anti virus software) and bought BitDefender Standard 9 with mentioned feature, and all it did was to attack none virus programs. I went back to Avast! Home Edition. Now I don?t have any problems.

Björn Lundahl
Göteborg, Sweden

[Mark Donovan]

Why Microsoft is Right... Some Mac History

Before Apple released Mac OS X, any user application, system extension, or virus could 'hook' into Mac OS (9, 8 7, etc.) at nearly any point. Even well-behaved system extensions caused conflicts that could crash the OS or corrupt other applications. The order in which system extensions started could be fatal. This same misfeature causes what we might call 'virus conflicts' in Windows XP when two or more viruses attempt to install incompatible hooks. The result for the user is the same: unexplained crashes, start up delays or failures (lockout), etc.

Although it was not a 'killer feature' for most users, Apple took a big risk by securing Mac OS X. Many popular Mac applications replied on OS hooks. Software vendors for the Mac were confronted with the need to redesign their products at a basic level (as will Vista developers).

Based on the vast problem of Windows viruses, worms, and exploits, Microsoft has little choice but to secure its OS as Apple did five years ago. We can only hope that Microsoft takes the same big risk that Apple successfully implemented.

Microsoft is delinquent in removing this long-standing, basic, low-level flaw from to its OS. The kernel of Windows XP's problem (pun?) is a outdated, insecure OS design that was poorly implemented when it was new. It's not a monopoly or competition issue! The basic security and dependability of users' computers is the only relevant concern.

Software vendors should push Microsoft to publish clear, complete and well-defined application programming interface standards that are available to all developers. Undocumented interfaces should not be reserved for Microsoft-only applications (i.e. IE). Whatever other problems there may be with Vista, securing the kernel against hooks and exploits is absolutely essential.

[Vurk]

But if MS does publish them

You say:
>>Software vendors should push Microsoft to publish clear, complete and well-defined application programming interface standards that are available to all developers. Undocumented interfaces should not be reserved for Microsoft-only applications (i.e. IE).<<

This is true, but if Microsoft did this, then some software maker somewhere would come up with better, cheaper, nicer programs. And Microsoft cant have that. It's all about controlling the desktop. If MS keeps some API's secret, then they get to keep control of the desktop and your computing experience.

[mnemonic]

Yes! App vendors will have to adapt;

This is really no different than what major software vendors like Adobe have had to do; when XP was released and smart people were telling users to run as 'non-admin' accounts, many Photoshop users found out that they couldn't do that because the first CS version *required* admin rights to run- that's right- a *GRAPHICS* application needed admin rights!

So, security-minded people complained, and Adobe rewrote the code for the CS2 release so that it no longer required rights it *probably didn't need in the first place*.

[wbenton]

Very Well Thought Out and Written

Except for one thing:

>>>Software vendors should push Microsoft to publish clear, complete and well-defined application programming interface standards that are available to all developers. Undocumented interfaces should not be reserved for Microsoft-only applications (i.e. IE). Whatever other problems there may be with Vista, securing the kernel against hooks and exploits is absolutely essential.<<<

Microsoft will eventually publish such... but only after their products alone are already shipping. After Microsoft's pre-installed versions are shipping... they will open code to other vendors giving Microsoft an unfair advantage.

Walt

[gggg sssss]

more clues needed

Since Microsoft employes more progrmmers and spends more $ on R+D than the total staff and total budget of both Symatec and McAfee combined (I am guessing but am probbaly right) why do you think they woudl be unable to create such detection and correction software better and fastyer than McAfee and Symantec? Especially if they are creating a new revenue stream to fuel that? And if there are any smart people left at Sym and McA then I am sure they are all ready and willing to jump ship to MS. I would in a heartbeat.

[Vurk]

Here they are

>>Since Microsoft employes more progrmmers and spends more $ on R+D than the total staff and total budget of both Symatec and McAfee combined (I am guessing but am probbaly right) why do you think they woudl be unable to create such detection and correction software better and fastyer than McAfee and Symantec?<<
Because Microsofts culture doesnt foster that kind of innovation or original programming. There is a department inside MS whose only job is to find and kill MS programmers with "great ideas". This is why all of MS's ideas start out great and end up crap.

>>And if there are any smart people left at Sym and McA then I am sure they are all ready and willing to jump ship to MS. I would in a heartbeat.<<
By your own statement you indicate you are not smart enough to work at Microsoft; otherwise you would have jumped ship by now.

[Graham Fluet]

Because

MS tries to climp the skyscraper while AV software writer use the
elevator.

[bluvg]

So why no outcry when XP x64 was introduced?

This mechanism isn't new--it's present on the x64 editions of XP and Windows Server 2003. And, Kaspersky Labs and Sophos don't have a problem with it. The only thing Microsoft is shutting down is the undocumented hooks into the kernel, which they should. AV vendors just have to adapt their products to the new OS.

Microsoft has received so much attention about securing their products, and now they are. McAfee and Symantec should tread lightly how they approach this subject. Full-page ads in the Financial Times are not the way to solve problems. They may find out that customers resent the fact that they are trying to obstruct Microsoft from securing their product so that McAfee/Symantec can secure their profits. We aren't blind--McAfee/Symantec aren't appealing to Microsoft directly, they're hoping to appeal the mixed feelings or ill will many people have towards Microsoft. Apparently, McAfee/Symantec don't realize many people aren't so fond of them, either.

[~Neo~]

Does This Guy Even Write Code Anymore?

Does this guy really even write code anymore? Guy looks like he's my fathers age for cryin' out loud. He looks like 50 something. He may be a scientist but ancient. For him to talk about the inner workings of Vista and say that Microsoft is locking them out is false. Trend Micro, and others are working on security suites that do work with even BETA versions of Vista.

Microsoft is getting criticized for locking down Vista and who says that leeches like McAfee deserve to have a place on my desktop. Their crap just like Symantec fat bloated crap. Microsoft is trying to do Vista right and I applaude them.

Do I think that you dont need AV or a security sweet NO, but companies think that they deserve to make money from leeching, time to get some real coders to work and stop outsourcing to India and other low paying counries and use the talent here.

Okay enough ranting

-Neo-

[~Neo~]

Does This Guy Even Write Code Anymore?

Does this guy really even write code anymore? Guy looks like he's my fathers age for cryin' out loud. He looks like 50 something. He may be a scientist but ancient. For him to talk about the inner workings of Vista and say that Microsoft is locking them out is false. Trend Micro, and others are working on security suites that do work with even BETA versions of Vista.

Microsoft is getting criticized for locking down Vista and who says that leeches like McAfee deserve to have a place on my desktop. Their crap just like Symantec fat bloated crap. Microsoft is trying to do Vista right and I applaude them.

Do I think that you dont need AV or a security sweet NO, but companies think that they deserve to make money from leeching, time to get some real coders to work and stop outsourcing to India and other low paying counries and use the talent here.

Okay enough ranting

-Neo-

[Vurk]

They cant use the talent here

>>time to get some real coders to work and stop outsourcing to India and other low paying counries and use the talent here. <<

They cant use the talent here, for two reasons:
One, the talent here costs too much for them to retain their multi-million dollar compensation packages;
and Two, the Bush administration would cut their federal tax breaks if they started employing American programmers.

[~Neo~]

Does This Guy Even Write Code Anymore?

Does this guy really even write code anymore? Guy looks like he's my fathers age for cryin' out loud. He looks like 50 something. He may be a scientist but ancient. For him to talk about the inner workings of Vista and say that Microsoft is locking them out is false. Trend Micro, and others are working on security suites that do work with even BETA versions of Vista.

Microsoft is getting criticized for locking down Vista and who says that leeches like McAfee deserve to have a place on my desktop. Their crap just like Symantec fat bloated crap. Microsoft is trying to do Vista right and I applaude them.

Do I think that you dont need AV or a security sweet NO, but companies think that they deserve to make money from leeching, time to get some real coders to work and stop outsourcing to India and other low paying counries and use the talent here.

Okay enough ranting

-Neo-

[herby67]

So you are suggesting...

that we keep the our homes doors wide open so the police can look in case there's a crook inside?
I'd rather lock my doors so the crooks can't get in in the first place.

[FutureGuy]

George Heron !!!

You sound like a kid whose toy was just snatched from him. Grow up!! As a user I expect MS to secure the OS and not have to pay the like of you to get it secured. Find another job. So far I have been advocating not using any products from Symantec, your company just got on that list. If MS heeds to the likes of you I (and many others) might just consider switching to a different OS, consider yourself warned MS.

[FutureGuy]

Good read on PatchGuard

http://blogs.technet.com/security/archive/2006/08/12/446104.aspx

Looks like PatchGuard has been around for some time?? If it could secure Window Server 2003, it could do the same to Vista, I see why Georgee is getting worried ;)

[john55440]

PatchGuard Has Been Shipping For Two Years

"PatchGuard has already been shipping for two years on the 64-bit version of Windows XP and Windows 2000 Version 3" according to an e-week article.

McAfee and Symantec have had sufficient time to write antivirus programs for a PatchGuarded system, but they are apparently too incompetent to do it.

Other antivirus vendors, like Kaspersky Lab aren't complaining.

Symantec and McAfee are just trying to divert attention away from their own programming incompetence and lack of innovation.