August 10, 2006 2:55 PM PDT

Windows defense handcuffs good guys

A protective feature in Windows is locking out the good guys, but letting in a lot of bad guys, according to security software makers.

Microsoft designed PatchGuard to safeguard core parts of Windows, including Vista, against malicious code attacks. But some security companies say that the feature makes it harder for them to protect Windows PCs, as it locks them out of the kernel, the core of the operating system.

"PatchGuard is hurting security vendors more than it is hurting malware writers," Bruce McCorkendale, a chief engineer at Symantec, told CNET News.com in an interview Wednesday. "There are types of security policies and next-generation security products that can only work through some of the mechanisms that PatchGuard prohibits."

Symantec is not alone in its complaints, but it is the largest security company to speak out publicly. Sana Security and Agnitum, two smaller vendors, said they share its concerns, but giants Cisco Systems and McAfee declined to comment for this story.

Microsoft defends the technology, which applies only to 64-bit versions of Windows. Cybercrooks have found ways to exploit the kernel for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, said Stephen Toulouse, a program manager in Microsoft's Security Technology Group.

"It is more important to prevent the installation of malicious software than it is to allow third-party vendors, no matter what the software, to extend the kernel," Toulouse said. "This is not specific to security software. This is a global change to 64-bit Windows to provide a more security computing experience."

Microsoft's push into the security market has put many defense providers on guard. Symantec, especially, looks wary; it has said it will compete with Microsoft as long as there is a level playing field. Now, for the first time, Symantec is saying that Microsoft is limiting the security choices of consumers--which could be interpreted as anticompetitive behavior.

"PatchGuard will make it harder for third parties, particularly host intrusion prevention software, to function in Vista," said Yankee Group analyst Andrew Jaquith. "Third parties have two choices: continue to petition Microsoft to create an approved kernel-hooking interface so products like theirs can work, or use 'black hat' techniques to bypass the restrictions."

Barriers to the kernel
PatchGuard debuted a year ago in Windows XP x64 Edition, but the technology was never broadly adopted. That's set to change when Windows Vista hits store shelves in January, analysts expect. As people buy PCs with 64-bit processors use of the 64-bit edition of Windows will increase.

In particular, PatchGuard inhibits host intrusion prevention products, security vendors and analysts said. These "HIPS" products are an upcoming class of security software that determines whether a program is malicious by looking at its behavior, rather than using the classic signature-based approach, which checks a program against a database of known threats.

On top of this, PatchGuard blocks features to protect against tampering with security tools, McCorkendale said. Malicious programs increasingly try to disable security software, and the tamper-protection features aim to prevent that.

"There is a whole bunch of companies out there that have pioneered next-generation security, that are limited by PatchGuard," McCorkendale said.

There's another "disturbing side effect," according to a Symantec blog posting. While legitimate security vendors can no longer make extensions to the Vista kernel, attackers have already found ways to disable and work around PatchGuard, it says.

"There is a whole bunch of companies out there that have pioneered next-generation security, that are limited by PatchGuard."
--Bruce McCorkendale, chief engineer, Symantec

Sana Security and firewall maker Agnitum sounded a similar alarm.

"Bad guys can bypass PatchGuard today," said Vlad Gorelik, chief technology officer at Sana Security, which makes host intrusion prevention software. "Microsoft has this assumption that if you put a shield in, the bad guys will stay out. That is not the way it works. But now they force security vendors to bring a knife to a gun fight."

The barrier to the Windows kernel forces security companies to adopt hacker tactics, Gorelik said. "We will have to come up with alternative mechanisms for doing the same thing," he said. "In some cases, we can actually take a page out of the bad guys' text book and bypass PatchGuard."

With PatchGuard, Microsoft is effectively taking control of security for the Windows core, Gorelik said. Previously, third parties could also provide defenses for that part of the operating system, he said. Now, if PatchGuard breaks, it will be up to Microsoft to fix the flaw and make Windows PCs secure.

"They would have to patch the kernel if someone bypasses PatchGuard," Gorelik said, noting that the kernel is the toughest thing to fix in the operating system.

CONTINUED: Call for exceptions…
Page 1 | 2

See more CNET content tagged:
kernel, Stephen Toulouse, Symantec Corp., 64-bit, security

56 comments

Join the conversation!
Add your comment
<sarcasm>It can't be!
Microsoft would never use its monopoly to stomp on the
competition. &lt;/sarcasm&gt;
Posted by Macsaresafer (802 comments )
Reply Link Flag
<sarcasm>you make so much sense!!
MS trying to make its kernal more secure has nothing to do with using its monopoly to stomp any one. I am betting you would be the one of the first one to complain if it didn't. So shut that crap.
Posted by FutureGuy (742 comments )
Link Flag
Symantec Wants An Insecure Windows Kernel
For Symantec, the less secure the Windows kernel is, the more profitable it is. They don't want any (security) improvement in the status quo.
Posted by john55440 (1020 comments )
Reply Link Flag
That might be true exception for on little fact
There are methods of getting around the protection (Agnitum claims they've found ways), so the notion this will make the kernal more secure is not entirely accurate. It is inevitable that people with malicious intent will develop code to get around it as well. Once that code gets released your back to square one. It is harder for Symantec etc because they have to try and make their software as stable and user friendly as possible where those with malicious intent have no such concern.
Posted by unknown unknown (1951 comments )
Link Flag
FYI, Another Article About This Issue
<a class="jive-link-external" href="http://www.eweek.com/print_article2/0,1217,a=185803,00.asp" target="_newWindow">http://www.eweek.com/print_article2/0,1217,a=185803,00.asp</a>

Symantec has been prone to Vista Hysteria lately. It seems to me that they are overreacting.

As you can tell, I trust them even less than I do Microsoft.:-)
Posted by john55440 (1020 comments )
Reply Link Flag
I trust them equally.
They're two of many reasons I own a Macintosh. ;)
Posted by Macsaresafer (802 comments )
Link Flag
Good Guys?
"PatchGuard is hurting security vendors more than it is hurting malware writers," Bruce McCorkendale, a chief engineer at Symantec said.

Bruce, you should fix your own bloatware psuedo software, before whining about someone elses. Symantec and Big Steaming Pile, synonymous.
Posted by als (154 comments )
Reply Link Flag
Not a bug, it's a feature.
In the distance, I can hear the sound of another billion dollars flying out the Windows to settle future anti-trust suits.
Posted by Maccess (610 comments )
Reply Link Flag
double edged sword
Ok, I see this as a double edge sword, not just for MS, but for everyone. Everybody knows that as long as your computer is connected to the internet, your not safe from hackers regardless of what o/s, security software, etc you are using (yes, that includes all the macs out there as well). Some computers are safer than others (use firewalls, updated antivirus, or run alternate o/s where there are less threats *Macs are not safer, they just have less viruses for them*), but in the end they are still hackable.

The steps MS is taking are good ones, even if they software is not perfected. If they can find a way to secure the kernal without making it too secure, then it will be a large step in protecting those ignorant users who fall prone to being clones in a DDoS attack. However, you can not make a computer foolproof unless you cut the cat5 between the pc and the internet. So, how far do they go?

Do I see this as them trying to compete with McAfee, Norton, etc? No. I see this as MS trying to bring to market a more secure O/S to remove the lable they have worn over the last 10 years. Basically its like an engineer trying to design a secure building to prevent break-ins. However, you still have to have doors to allow those who are supposed to be in access. And for that, there will always be the threat of break ins. Its a catch 22 with the ignorant users caught in the midst.
Posted by tanis143 (122 comments )
Reply Link Flag
Macs are not safer?
On what planet do you live on?

They have less viruses(last count:0) because they were designed that way. The recent media hype regarding "hacks" into OSX boxes have proved to be very disingenous, if not downright dishonest. Put any computer in a LAN and give the "hacker" the root credentials, and yes you can hack it. Put it on the internet and use the default settings, with a firewall, a proper password, and good luck. The viruses you have been hearing about are theoretical, not something out in the wild.

Windows has more viruses(last count: 543523432+) because they are designed that way. It is also very eay to hack into, also by design.

Let me guess, your idea of a good firewall is the MS firewall in XP, ya know the one that blocks incoming but allows all outgoing(including all the dastardly programs that windows flaws let piggyback in on legit data.

Your claim is so ridiculous, it would be funny if ignorance were funny.

A few steps they are taking are good ones(like finally catching up to the decades old idea of a true multi-user system, which is one reason why *nix is so damn secure), but many are half-baked at best. Like moving critical system processes in memory to one of 512 static places, that is an amaterish security "fix" and I am being generous. That "innovation" will be hacked and exploited within 3 days of Vista being released, if that day ever comes.

BTW, how can a kernel(do you even know what that is?) be "too secure"?

You are right about one thing: "Its a catch 22 with the ignorant users caught in the midst.", with you smack dab in the middle of the ignorant users.
Posted by qwerty75 (1164 comments )
Link Flag
Macs are certainly safer
I'm going to cut and paste a post from another thread:

The historical problem with Windows is the scripting systems
and internal message authentication.

Since Windows was stupidly designed as a networked OS and not
provided with enough security, it was easy for a hacker to send
you an email which automatically launches a script as if
someone were typing at the keyboard as Admin, let it raid your
Outlook address book, install an application, turn you into a
mail server, populate itself to all your other Windows user
friends, record everyone's actions, send back any 16 digit
numbers you type in... on and on.

Unix and everything after Windows NT are network OSs,
meaning if you make any network connection, you're in the
kernel. Security depends upon how well you can contain the
input from a network connection. Unix usually launches a
process that dies immediately after it's done - doesn't persist
and wait for the next command. The old Mac OS had networking
as a layer on top of the OS and you needed the password to get
to the OS. That's one reason why there were only 40 viruses for
the old Mac OS.

Windows RELIES on the ability of applications to talk to each
other freely and make system calls without restriction. Hackers
are just using those abilities for themselves.

Those paths largely don't exist in Linux or OS X. Sure, there are
patches to fix problems all the time - it's electronic warfare,
after all - but LInux and OS X have a HUGE jump on Windows.
Unlike Windows which runs as root (Admin) and will happily run
whatever you tell it, the majority of exploits the common Linux
or Mac user will encounter would require someone to be at the
keyboard with the Admin password to install it first. Windows
can be made to attack itself with four lines of code.

You want security? Encrypt the important stuff on your computer
and be done with it.
Posted by HuggerMugger (26 comments )
Link Flag
Priorities
I don't care even if it is anti-competitive at this point, I just want a secure O/S for once.

I fix many people's computers (most often destroyed by viruses and spyware) and end up having to reinstall windows. A lot. There's 2 things about this that make me want to cry. The lack of base security and install times.

Vista cuts down install time, so that's one problem down. Now there's argument over securing the kernal. What? This is what thousands of windows users have been crying for since windows 98. Wouldn't you like to install a fresh operating system on a computer, and then NOT have to go out and download antivirus, antispyware, and a 3rd party firewall (the MS one is a joke)?

So Symantec McCrappyProduct is having problems adapting to a secure (cross our fingers) O/S? Tough. If they were concerned about people and not profit, they wouldn't be in buisness. I don't want to continue my initial boot ritual of downloading 50 programs to try to secure a hole-filled O/S. If I could convince non-tech-savvy people to switch to Macs I would, but compatability with jobs and refusal to learn a new O/S is like a 20ft cement wall.

If MS actually secures Vista to a reasonable degree, I can do without 3rd party security support, and so can the majority of the non-tech-savvy people who are suckered into paying for extra security, or are otherwise forced to reinstall windows every 2 months.
Posted by (22 comments )
Reply Link Flag
Sand bucket
Instead hand out this bucket of sand and tell people to stick their heads into it.

"I don't care even if it is anti-competitive at this point, I just want a secure O/S for once. "

Making a kernel that is more difficult to secure does not make it more secure. There is no such thing as an "over secure kernel". If something has been "secured" to a point it is unusable, it is just that - unusable.

Security starts from bottom up, from the kernel, to user environment, to applications, to user education.

"Wouldn't you like to install a fresh operating system on a computer, and then NOT have to go out and download antivirus, antispyware, and a 3rd party firewall (the MS one is a joke)?"

I would like the choice of doing this or not. If M$ do intend to use anti-competitive practices then I would be against it as it affects my ability as a consumer to make a choice.

The main problem I have with lots of people's attitude with security and Windows is their need to fuzz the whole subject into a neat tidy single solution. Security is a moving target, it doesn't matter how many patches are out there for a system. What matters is the cause of the problem and how it is dealt with and how quickly.

Lots of security issues with XP with to do with the nature of XP such as the need for an administrator account for day to day use, or the lack of distinction between trusted and untrusted applications. The list goes on and on, and not just for M$. The point is if you truly believe the statement of "I don't care even if it is anti-competitive at this point, I just want a secure O/S for once. " with regards to an inaccessible kernel to third parties. You deserve a bucket of sand to stick your head in to protect you from all those nasty things out there.
Posted by stevejobless (40 comments )
Link Flag
options
May be it should be set on by default and advance users should be able to choose,how much do they want to have kernel locked-down and which programs are allowed.
Posted by Klimax (5 comments )
Reply Link Flag
Found similar on dotso.com ...
Another article I found similar to this one on dotso.com &gt; <a class="jive-link-external" href="http://www.eweek.com/print_article2/0,1217,a=185803,00.asp" target="_newWindow">http://www.eweek.com/print_article2/0,1217,a=185803,00.asp</a>
Posted by JoeCrow (83 comments )
Reply Link Flag
Where's the Dept of Homeland Stupidity Warning?
Let me get this straight, the Dept of Homeland
<a class="jive-link-external" href="http://www.techknowcafe.com/content/view/603/43/" target="_newWindow">http://www.techknowcafe.com/content/view/603/43/</a>
Stupidity issues a warning to update Windows when it's now announced that the Windows defense has more holes in it to give hackers easier access. Huh?
Good one, idiots! Dept of Homeland Stupidity is more of a threat to U.S. citizens.
Posted by (156 comments )
Reply Link Flag
I would have spun it differently
I'd have spun it to ask what magic pill the NoSuchAgency "requested" Microsoft include in the update but then, even my Windows runs inside *nix.
Posted by jabbotts (492 comments )
Link Flag
Anti-competitive??
Let me get this straight. After years of bashing MS for not being secure enough, the argument is that if they build secure systems it is 'anti-competitive' because of the cottage industry that has grown up around securing Windows??? I hope no one cures cancer anytime soon. Think what that would do to all the funding for companies working on a cure...
Posted by heybuff (1 comment )
Reply Link Flag
Not more secure
The problem is not that they would put Symantec out of business. The problem is that they prevent 3rd party tools, which are currently the only protection that really works, while only slightly slowing the bad guys.

Imagine that we outlaw gas engines and mandate that everyone switch to electric. The private security companies that protect buildings will not be able to keep up with the crooks that, since they are breaking the law anyway, do not care that gas engines are illegal and use them anyway. The Dodge Viper outruns the golf cart every day, and the only people not able to keep up are those following the law.
Posted by amadensor (248 comments )
Link Flag
once again, Drama in the Daytime at cnet
c'mon folks - why is everyone so gullible? The movie studios have peddling the same tired, recycled storylines for years, and we see right through it.

Why is it then, we don't see through it when the media reports one of its tired Microsoft storylines? For the newcomers, I'll name three - "Microsoft can't ship software on time," "Microsoft code is not secure", "Microsoft is using its monopoly for evil purposes."

Anyone ever wonder if things aren't that simple?Yeah, I'm sure Steve Ballmer walked into a meeting with the core OS devs at Microsoft and said, "guys, we need a way to squash all those security vendors we've been working with for years - you know, the ones who have allowed shrinking profits and massive consolidation to serve as excuses for failing to innovate and actually provide useful features for customers while we've been getting a shellacquing in the media over security." And I'm sure all those developers said, "sure Steve, but what should we do about all those stories about Microsoft not being able to ship software on time. Rearchitecting the kernel to put Symantec out of business is going to take some time."

So Microsoft changes some stuff for Vista and Symantec, et al have to port their code forward. Yep - they actually have to try and find a few of those engineers they laid off after the last OS shipped. Also, if they'd all discovered such easy ways around Patchguard, why wouldn't they disclose it? Doesn't that only strengthen their case? I suspect their backdoor is more like, "login as administrator, then replace the kernel with one from the previous beta without patchguard, then hope the OS doesn't detect what you just did."

In terms of the kernel being secure, I think the state of Israel is a really good analogy (whatever your politics). El-Al is the most secure airline in the world. The Mossad is a serious bunch of bad-*****, and the Israeli army is one of the most lethal fighting forces on the planet. Battle-tested is a good thing, and Windows has a lot more time in the trenches than Mac OS.
Posted by Hardrada (359 comments )
Reply Link Flag
AV is not necessary
I have never got a virus on my XP, even though I steered clear of any antivirus software. But then, I never work routinely logged on with administrator privileges, and none of my family members have admin provileges, either.

One time my son was begging me to install that piece of software received from his friend. I checked on Internet and found that it is a trojan. You know what would happen if he had admin privileges.
Posted by alegr (1590 comments )
Reply Link Flag
It's been known for long
The AV companies have known it long time ago. MS have been discouraging using kernel hooks for long time, since it negatively impacts system stability. Those should have been replaced by FS filters. AV companies just been too lazy to fix their crap.
Posted by alegr (1590 comments )
Reply Link Flag
The biggest security threat is user base, so far
Folks, let me tell you something about Windows.
NT-based Windows is a secure OS (don't laugh). All kernek objects have a security descriptor attached, NTFS files have user-level access rights, etc.

MS advised for long time (since NT 3.0) that any user-modifiable items, like settings, user INI files and data files, go to user-specific profile folder. But most ignorant ISVs (name any software developper, including some divisiong of MS) kept putting user data in Windows and Program files folders.

The problem with Windows XP started when MS, trying to reduce user complaints, gave all new users administrative rights by default. They didn't want complaints about that shiny game (put your favorite name here) to refuse to run. That actually might be fixed by user-level redirection, but didn't happen.

Now we have that any 10 years old sitting in front of Daddy's computer is an administrator. When that web site asks him: "want to install this cool thing?" Yes, of course, I want! Get a piece of malware...

If you run with limited user privileges, you can forget about AV, and so.
Posted by alegr (1590 comments )
Reply Link Flag
What's the real deal here?
Not allowing kernel access will severely limit those applications which may require kernel access such as firewalls and other third party (non-Microsoft) products.

The real issue here is how well does Microsoft guard access to the kernel? Do they have the proper API's set up in their OS to allow 3rd parties to dock to the Operating System with Kernel or Kernel similar level access and do they authentication those processes contantly and do they have a special 3rd party certification program which would be required prior to giving such applications kernel or near-kernel access?

Microsoft will say that all of these are coming, but as they are not currently and readily available to 3rd parties... Microsoft is more or less shutting other 3rd party vendors out of the market until their 64-bit version has gained a bit of dominance.

MS will probably claim that it takes time to get all of those ready, but in the mean time... they are forcing others out of the market.

If they wanted to do it right, they should have already had the API's and the 3rd party certifications programs already activated prior to their beta release.

Some applications require kernel or near kernel level access... so blocking them all out is beyond the call of duty. But on the other hand... giving just any application full reign without any security checks/controls is the opposite end of the spectrum.

MS has been on the weak opposite end of the spectrum and now they're switching full swing to the other side of the spectrum which allows nothing.

As more and more complain about it... they'll eventually open that part up and offer similar to what I've mentioned above, but in the mean time... they're ramming their 64-bit version which supports nothing else first until it has enough to make it a near dominant monopoly again and then finally open it up to others... after they've already gained a good lion's share of the market.

Thus this story is not really too far off the mark.

Sure Microsoft needs to make it's OS more secure, but it also requires compatibility with 3rd party products which rival theirs and that's where their push and shove methods start tipping to the monopolistic methods and tactics which they use.

They could have done as I mentioned above... but hey... MS's intent is for them to continue to be the major player and what better way than this... using security as the auspicies to shut others out.

You can still have a secure operating system and allow kernel or near-kernel access... you just have to do it properly... something which Microsoft has decided against at this time but which they will be forced to allow in the future... after they've forced the market yet again!!!

Microsoft has been using ploys like this for ages and thus it's nothing new or unexpected... but it does border on anti-competition which is why sparks are starting to fly.

FWIW
Posted by wbenton (522 comments )
Reply Link Flag
Another CNET discussion here...
"CNET" had another story, which is closely related to this one:

<a class="jive-link-external" href="http://news.cbsi.com/2100-1002-6103949.html?tag=tb" target="_newWindow">http://news.cbsi.com/2100-1002-6103949.html?tag=tb</a>

And, here is an interesting bit of that discussion that I have taken part in...

<a class="jive-link-external" href="http://news.cbsi.com/5208-1002-0.html?forumID=1&#38;threadID=20070&#38;messageID=172840&#38;start=-1" target="_newWindow">http://news.cbsi.com/5208-1002-0.html?forumID=1&#38;threadID=20070&#38;messageID=172840&#38;start=-1</a>

Hope this helps...
Posted by Gayle Edwards (262 comments )
Link Flag
Hmmm...
So.. in a nutshell Symantec is complaining because they won't have the power to go in an alter the kernel to make things more secure.. because it'll already be more secure. Gee, maybe they'll have to innovate ways to secure the areas that will still need improvement.. wouldn't that be a shame. Heaven forbid people ever have to change the way they do things, because the way things work in the computer world actually occasionally changes now and then. Perhaps people would prefer everything stays the same and nobody actually at least tries to improve things by making a significant change.
Posted by Mmmhmm (103 comments )
Reply Link Flag
Interesting bit of FUD...
Too bad its such a piece of complete nonsense...

That it doesnt even really bear dissecting...
Posted by Had_to_be_said (384 comments )
Link Flag
Thank you Microsoft!
Everybody complains that Microsoft OSes need to be more secure. There are billions of mac users screaming buy a mac, viruses, buy a mac, spyware, etc. Now Microsoft makes the OS more secure and idiotic companies like Symantec(just go out of business already) and others are criticizing Windows. I have no criticism for Vista, they did exactly what they set out to do . They made a safe, more reliable, more pretty, more powerful, more gaming friendly, more useful OS that everybody will be happy to upgrade. My thoughts on everyone who thinks we should go back to XP security, don't upgrade and keep buying antispyware and virus software.
Posted by thefox84 (58 comments )
Reply Link Flag
I cant tell... are you a BUYER, ...or a SELLER..?
...Because you sure are pumping out the MICROSOFT-LINE.

Mostly, it seems to me that, it is ONLY Microsoft, and their SHILLS, that keep demanding everyone believe that such things as MANDATORY "driver signing" - BY MICROSOFT, will in any way "improve security". Almost EVERYBODY ELSE sees this as yet another attempt by Microsoft to CONTROL THE INDUSTRY, and EXTRACT REVENUE. Maybe, you should honestly investigate the "technical arguments" that are being made.

And, as to being "happy" to upgrade...

...Its also a very well known FACT that, MOST OF THE INDUSTRY, seems to think that "Vista" is the MOST DEFINITE "hold-off on buying", on the computer-industry horizon. In fact, more and more people seem to think that "Vista" could be Microsofts BIGGEST-FAILURE, both commercially, ...and "legally".

But, I did like that "billions of mac users" line... It is simply PRECIOUS.
Posted by Had_to_be_said (384 comments )
Link Flag
What about the Interests of Users and the People with the Best Solutions?
For many years, the Anti-virus companies have focussed on PC Security. We might conclude that in the evolution of their efforts they have learnt a great deal about PC Security.

Does Microsoft have the benefit of this collective knowledge? On the face of it, that appears doubtful.

So what happens to the interests of Users?

We had many vendors to choose from - Symantec, McAfee, Kaspersky, Sophos, Panda .........

We could change Vendors whenever we wanted.

In contrast, we must now hope that Microsoft knows enough to do the PC Security job. OTHERWISE - we will have to rely on the old brigade who will now be forced to work "around and against" Microsoft - NOT - with Microsoft.

This certainly does not look like progress.
Posted by sughyosha (21 comments )
Reply Link Flag
It was only a matter of time!
These guys are crying foul because MS has cut them out well serves you right for supporting thier platform so heavily "We know it needs it though" and trusting MS.
Any time MS has a competing product they will always lock the other guys out someway or another and then say it's a bug and were working on it.Look back at thier history! They are still the same corporate bully as allways. I think Macromedia is next on MS's hit list in the software realm soon well see that flash don't work right in vista with ie7 but sparkle works great dreamweaver sites won't style properly etc.Because of thier new competing product which will force site creators to switch to MS tools again.
But maybe these companies have a chance for survival if they move to support all platforms.
Because in microsofts eyes they maybe partners today but they will be competition sooner or later..
And I'm a MS OEM partner whoes been getting dissed
since we didn't renew our inhouse software licences because we switched em all to Fedora Core 4.......So it still happens the MS B**l-S**T.
Posted by ripntime (7 comments )
Reply Link Flag
MicroSquash and security
I find it rather pathetic that MS would charge for a product (of unknown effectiveness) that is supposed to fix problems is MS operating systems. If MS can develop an effective product that can protect against these OS flaws, why can't they just fix the bug. Or has MS put so many features (buying or copying from others) in the bloated OS that no one can really figure out the interdependices or even if they mesh or conflict. If MS could just uncouple all products from the OS then there would be a chance for a secure kernel. I am always suspicious when a feature is added to the OS that blocks competitors (even though MS says they aide by the same rules).
Posted by schief (4 comments )
Reply Link Flag
MS can develop an effective product
<a class="jive-link-external" href="http://www.analogstereo.com/ford_f650_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/ford_f650_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
MicroSquash and security
I find it rather pathetic that MS would charge for a product (of unknown effectiveness) that is supposed to fix problems is MS operating systems. If MS can develop an effective product that can protect against these OS flaws, why can't they just fix the bug. Or has MS put so many features (buying or copying from others) in the bloated OS that no one can really figure out the interdependices or even if they mesh or conflict. If MS could just uncouple all products from the OS then there would be a chance for a secure kernel. I am always suspicious when a feature is added to the OS that blocks competitors (even though MS says they abide by the same rules).
Posted by schief (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.