Windows kernel protection expected to break soon

MONTREAL--PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said Thursday.

Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company AVET Information and Network Security, said in a presentation at the Virus Bulletin event here.

"It will probably take a year or so for it to surface publicly, but I believe it will be broken earlier," Czarnowski said. "PatchGuard will be broken pretty soon after the final version is released... A lot of people who would break it will probably not make it public immediately."

Microsoft designed PatchGuard, also called kernel patch protection, to safeguard the Windows kernel against malicious code attacks. Cybercrooks have found ways to exploit the innards of Windows for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, Microsoft has said. (A paper on PatchGuard is available on Microsoft's Web site.)

The technology applies only to 64-bit versions of Windows and debuted last year in Windows XP x64 Edition. However, while that Windows version was never broadly adopted, PatchGuard is set to become used more widely, when Vista hits store shelves in January and people are expected to buy PCs with 64-bit processors and 64-bit versions of the operating system.

"Kernel patch protection is not a silver bullet. We're not saying no one will ever crack it," Stephen Toulouse, a program manager in Microsoft's Security Technology Unit, wrote on his blog last week. "The point is that the situation as it exists now? attackers don't need to do any work to access the kernel at the highest level. At least with kernel patch protection, we're trying to prevent that."

There have been some claims that PatchGuard has already been compromised, but according to Microsoft it has not yet been hacked. "We're not aware as of right now that people have circumvented it," Toulouse wrote.

If PatchGuard is ever circumvented, Microsoft would fix the issue with a software update, Toulouse wrote. "Kernel patch protection can become more resilient over time due to the combination of hardware and software advancements," he wrote.

Security companies have been taking all sorts of shots at Vista. Symantec, the world's largest maker of antivirus software, has been leading the pack, closely followed by others including McAfee, Check Point Software Technologies and Panda Software.

Security companies have complained that PatchGuard, while meant to lock out bad guys, also prevents certain types of security software from running. The security software makers had gotten used to taking advantage of the Windows kernel, a move Microsoft is preventing with PatchGuard.

Tensions are flying high in the security space after Microsoft, with its $34 billion war chest, entered the market. It launched Windows Live OneCare for consumers and is readying enterprise security products. Microsoft, with its huge presence on desktops, has a built-in advantage -- an advantage that's making security firms nervous.

[bobby_brady]

So is Patchguard also implemented in 32bit Vista?

Reading this article, it seems to state that Patchguard is only on the 64bit Vista.

[Microsoft_Facts]

This is news? I take it as common knowledge.

Everything from Microsoft is hacked in short order. What makes this any different?

[robot999]

OMG!

How can Windows be the worlds biggest selling and most corporate
OS with exposures like, and I quote: "... the situation as it exists
now?attackers don't need to do any work to access the kernel at
the highest level..."
Using windows, and worse depending on it, is just stupid. And this
new Patchguard, won't do much to solve the long term architectural
problems with this OS. When will people wake up and realize that
there are better solutions out there?

[YankeePoodle]

sick and tired of Anti-MS FUD

For over years I am sick and tired of Anti-MS FUD, please rely on an alternative better featured and performing product if you want to replace Windows. Please dont create the FUD which you would rehash for the next-next release of Windows.

Better yet, use NetBSD and feel secured and hibernate for rest of your life.

[fred dunn]

I give it no more than 6 months, if that...

Since the betas have been out it could already be hacked. But why would someone release it as an academic win when they could sell it once the user base is higher. It's called "crime-ware", kind of like malware but you get paid for it.
That is why MS should give the AV companies access to it now so they can protect it, surely Microsoft cannot.

[nightstar]

Twice as Long?

If it does take twice as long your looking at 2 minutes instead of 1 minute.

[nightstar]

It's hacked

It's already hacked but who would admit it. Wait for the final relase and they will tweak their hack as microsoft will be tweaking the protection between now and final release.

[Mister Winky]

"Sky Expected to Fall"

Nice headline for the article, CNET. Do you think you could be any more alarmist? Do you really think you've done enough reporting to justify a headline stating that the Vista kernel is expected to be hacked SOON? Expected by whom? 2 people? Expected when?

A more accurate headline would have been "Some Security Experts Believe Vista Kernel Protection will Be Hacked" or "Some Security Experts Doubt Vista Kernel Protection." But neither would have been as sensational as your unjustified choice.

Shoddy journalism, if you can even call it that.

-Mister Winky

[Stan Johnson]

hack n fix, hack n fix, hack n fix, hack n fix...

This is the world we live in.

The user always needs to vigilant.

[guyfrom2006]

Microsoft should follow the NetAlter model for virus protection

What NetAlter does is it executes only recognized/authorized code in it frameworks. It implements a unique security mechanism involvling user identification tagged to the users hardware and a universal digital signature for software which can be disabled globally on all installed computers by simply switching off the ID.

[dragonfly8610]

No Absolutes?

I thought you said you were going to refrain from absolutes?

Windows users are the ones in denial; Windows is on the way down.

I neither deny that Windows has its flaws, nor do I accept that Windows is on its way down. I am not drustrated with it, as I have learned how to secure my machine even inside the Windows environment.

I would challenge the Linux/OSX users to try using Windows, and helping to make it a better op system....or are they too lazy to do a little work? Sounds like it to me.

[Mister Winky]

Market Share Data

Real data speaks real truths:

http://marketshare.hitslink.com/report.aspx?qprid=5

If Windows is in a nosedive, provide some alternate data (hint: you won't find any).

-Mister Winky

[chuck_whealton]

Well... So what?

Of course it'll be broken sooner or later. Was that guy just
trying to get into the news with that incredible forcast? Of
course it'll be broken. Everybody knows that.

Charles R. Whealton
Charles Whealton @ pleasedontspam.com

[rapier1]

I use OS X and Windows

OS X is frustrating at times. Windows is frustrating at time. Whats is
even more frustrating are all the f&^*&^ing fanboys. Nothing keeps
people away from OS X and Linux like the users of OS X and Linux.

[trien29]

Alternative to Windows: Linux OS or Mac OS X. Oh Yeah!

I've used Windows for 10 years. Keeps giving me damn problems. Last year I installed a dual-boot system: WinXP Home/Linux. One day Windows wouldn't reboot. I had to buy a new computer to make it work again. I re-installed the old hard drive back into the system, but Windows XP Home wouldn't start. Guess what did? Linux! Ha! Now with the new system HDD I have Win XP Pro. I don't have icons on the desktop and my taskbar disappeared(for a month), I just fix all the Office programs by buying freaking $400 of worthy( or should it be worthless?) software (f-ing waste of money!). For the last week I can't go online using AOL, keeps saying Windows is low in memory or disk space?!(I have plenty of disk space, & no memory leaks!). I'm forced to let my sister use Linux. Bad thing: She keeps downloading Windows crap, which mostly doesn't work in Linux. I could do anything in Linux Fedora Core 2.6.12.1-1381_FC3 (I know there's newer versions of all distros, but I'm ok with this one.)that I could use with Windows. If it wasn't for all the stuff in Windows, I would have deleted it. Only wished I knew about Linux earlier. Learned about Linux during a computer course in college. Linux never crashed on me. Not even once! Windows crashes every 3 weeks(is there an automated program? Yes!)! Used Linux since March 2005.

[LiquidBrain]

Unsecure designe leads to this...

I know that many microsoft users and fans out there would desagree bu this is a reality. Unsecure designe leads to security breaches. Many services on windows are executet under SYSTEM privilege, ann we all know that none software is 100% secure. When someone finds and exploit bug in service that is run under SYSTEM privilege, he (attacker) gain that privilege for code execution. He can do anything to the system.

Now let us look what looks secure design. If service need to be run on some port below 1024 then it needs system privelege to open that port. That it is ok, but why that service keep system privilege? Why not change permissions to some other unpriveledged account that has no privilege of executing code in kernel space? That is not so hard to do. That is bad design. And as long there is bad design in start microsoft will never have secure OS.

This is applicable to other OS-es, like linux and OS X but, on linux superuser account is used only for mainterence, not internet browsing, and similar stuff. And on OS X superuser account is disabled (eg. you can not log in as root). Good design? It can be better... But it is satisfying for now.
Example: Apache web server won't run as superuser That is good. And if someone compromise apache he won't be able to execute code in kernel space. He will have to work harder to gain root privilege, and if you also use some stack protection algoritms and maybe novel's apparmor you are safe from most attacks.

Just my opinion.

Greetings.

[DJRaid]

Of course it is...

Patchguard in Vista/XP-64 will be at the forefront of hacking focus. It will present a challenge and a goal to hackers across the globe. The scale and profile of this particular protection in the 64-bit NT kernel will only add to the alure of breaking it. None of this is a surprise.

However, no one can predict how long it will take to crack. Hopefully it will be later rather than sooner.

On the subject of OS's and fanboys (refuse to spell it fanbois like all the "cool" people), all this commotion over MS vs *nix vs Apple is disgusting. It really only comes down to personal preference. 99% of any arguments for or against any of the popular OS's is anecdotal.

My preference is (don't have a heart attack now) Windows. Linux is great! In fact, that's what I'm doing with my profession right now. I'm a Sr Linux Test Engineer for a company called Neoware (www.neoware.com). I also do some development with the project: mostly shell scripting but sometimes C and C++, also some x86 asm in nasm. BASH is super-powerful and it's always a rewarding feeling to get something to compile and actually work in Linux. Every day with Linux is a new challenge and it's so much fun. However, the harsh reality of the situation is that not everyone is an engineer/developer. Not everyone has the time to fsck around w/ the OS for hours just to get a damn app to compile. No matter how fun it is for me, it invariable sucks for the other 99 % of the population. This is where Windows comes in. It just works, plain and simple. Users need not know how the hell it works behind the sceens. They can be shielded from esoteric terminology likes kernels and compiling and permissions etc... The computer becomes a tool in Windows; A means to and end rather than an end in and of itself.

OS-X... eh, It's ok. Unix kernel, intuitive software, lots of sparkle. For me though, I just don't care for it. Nothing particularly special or defining about it. Seems kind of fisher-price. Don't have a heart attack. This is, again, my personal preference and I do realize that the Mac world has the most passionate, fanatic, Michael Moore loving, uber-liberal, elitist, zealots in the show. They do love their Macs don't they. <sigh>

Use whatever works for ya, but don't try to shove your preference down other people's throats. The reality is, if you are competant and tech-savvy enough, you can chose any OS and be happy with it.

[mgss0lidsnak3]

Those who don't learn from history are doomed to repeat it...

...and Microsoft is repeating it hard. The more it, as a company, shoots itself in the foot with its largest supporters, the more it hurts itself in the long run.

[BillTheCat]

Why switch to Vista

I'm a consultant that visits many large corporations. Will they be making the switch? Probably not right away. Many of my clients are still running on Windows 2000 systems and didn't even switch to XP.

A peer of mine and I do a lot of similar work and even collaborate on projects. He uses XP, I use Windows 2000. There is nothing that his system will do that mine won't. We compile the same source code, play the same games, network the same way, run similar application suites, etc.

What does vista give you besides eye-candy? More DRM, more kernel protection, more limits on what you can and cannot do with YOUR computer. But, what does it let you do that your present system cannot do? Nobody has yet to answer that question. Until that 'something' is defined, there is really zero value in buying Vista.

I recently lost a power supply that cost me a CPU/Motherboard. I installed the new parts on my Win2K box, added some RAM, a disk drive, upgraded my DVD drive, changed video card and a few other things. Rebooted. The system prompted me for the new drivers... I'm fully up and running with a dozen hardware changes in less than 3 hours. Try that with XP! Try that with Vista!!

If it ain't broke, don't fix it. On person wrote that 99% of users need a system that just works. What percentage know to properly migrate a windows system such that everything works and all the files, applications and such are there too? Not many.