October 12, 2006 11:17 AM PDT

Windows kernel protection expected to break soon

MONTREAL--PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said Thursday.

Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company AVET Information and Network Security, said in a presentation at the Virus Bulletin event here.

"It will probably take a year or so for it to surface publicly, but I believe it will be broken earlier," Czarnowski said. "PatchGuard will be broken pretty soon after the final version is released... A lot of people who would break it will probably not make it public immediately."

Microsoft designed PatchGuard, also called kernel patch protection, to safeguard the Windows kernel against malicious code attacks. Cybercrooks have found ways to exploit the innards of Windows for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, Microsoft has said. (A paper on PatchGuard is available on Microsoft's Web site.)

The technology applies only to 64-bit versions of Windows and debuted last year in Windows XP x64 Edition. However, while that Windows version was never broadly adopted, PatchGuard is set to become used more widely, when Vista hits store shelves in January and people are expected to buy PCs with 64-bit processors and 64-bit versions of the operating system.

"Kernel patch protection is not a silver bullet. We're not saying no one will ever crack it," Stephen Toulouse, a program manager in Microsoft's Security Technology Unit, wrote on his blog last week. "The point is that the situation as it exists now? attackers don't need to do any work to access the kernel at the highest level. At least with kernel patch protection, we're trying to prevent that."

There have been some claims that PatchGuard has already been compromised, but according to Microsoft it has not yet been hacked. "We're not aware as of right now that people have circumvented it," Toulouse wrote.

If PatchGuard is ever circumvented, Microsoft would fix the issue with a software update, Toulouse wrote. "Kernel patch protection can become more resilient over time due to the combination of hardware and software advancements," he wrote.

Security companies have been taking all sorts of shots at Vista. Symantec, the world's largest maker of antivirus software, has been leading the pack, closely followed by others including McAfee, Check Point Software Technologies and Panda Software.

Security companies have complained that PatchGuard, while meant to lock out bad guys, also prevents certain types of security software from running. The security software makers had gotten used to taking advantage of the Windows kernel, a move Microsoft is preventing with PatchGuard.

Tensions are flying high in the security space after Microsoft, with its $34 billion war chest, entered the market. It launched Windows Live OneCare for consumers and is readying enterprise security products. Microsoft, with its huge presence on desktops, has a built-in advantage -- an advantage that's making security firms nervous.

See more CNET content tagged:
Stephen Toulouse, security company, protection, McAfee Inc., security


Join the conversation!
Add your comment
So is Patchguard also implemented in 32bit Vista?
Reading this article, it seems to state that Patchguard is only on the 64bit Vista.
Posted by bobby_brady (765 comments )
Reply Link Flag
From Microsoft's Whitepaper
Unfortunately, making these changes to existing 32-bit systems would have a significant compatibility impact and would effectively render obsolete a great deal of current kernel mode software. To reduce this impact, Microsoft made the decision to implement these changes only on 64-bit versions of Windows, where the clean start with native 64-bit drivers and software makes it possible for the ecosystem to adapt to these changes. Since all 64-bit drivers are new, changes such as digital signing can be implemented during the driver development process, and software developers would not have to go back and change 32-bit products already on the market.
Posted by jcannonbatl (3 comments )
Link Flag
This is news? I take it as common knowledge.
Everything from Microsoft is hacked in short order. What makes this any different?
Posted by Microsoft_Facts (109 comments )
Reply Link Flag
64 bits = double the hack time?
Since it's a 64 bit kernel, twice as big as 32 bit, doesn't that mean it will take twice as long to hack? Or is it 4 times as long to hack? Isn't that a lot safer? No, I didn;t think so....
Posted by Dwaine (20 comments )
Link Flag
How can Windows be the worlds biggest selling and most corporate
OS with exposures like, and I quote: "... the situation as it exists
now&attackers don't need to do any work to access the kernel at
the highest level..."
Using windows, and worse depending on it, is just stupid. And this
new Patchguard, won't do much to solve the long term architectural
problems with this OS. When will people wake up and realize that
there are better solutions out there?
Posted by robot999 (109 comments )
Reply Link Flag
Like What!
Please tell me what is a "better" alternative? Linux?! OS X?!... ya right...
Posted by octaviang (3 comments )
Link Flag
Better Solution?
Better solution ?

Like Linux ?

I've tried RC1 of 64Bit XP, my network worked right off the bat.

Linux I've tried the 64Bit version, and nothing I've tried (including 2 Months of forum Postings) would work for the WiFi.
Posted by pgp_protector (122 comments )
Link Flag
Watch out!
Everyone watch out because the mac-missionaries are out in force!
Posted by a85 (104 comments )
Link Flag
sick and tired of Anti-MS FUD
For over years I am sick and tired of Anti-MS FUD, please rely on an alternative better featured and performing product if you want to replace Windows. Please dont create the FUD which you would rehash for the next-next release of Windows.

Better yet, use NetBSD and feel secured and hibernate for rest of your life.
Posted by YankeePoodle (785 comments )
Reply Link Flag
I DO rely on a bettter solution than Windows, it's call OS X.
FreeBSD? Hibernate? Huh???
Posted by robot999 (109 comments )
Link Flag
I give it no more than 6 months, if that...
Since the betas have been out it could already be hacked. But why would someone release it as an academic win when they could sell it once the user base is higher. It's called "crime-ware", kind of like malware but you get paid for it.
That is why MS should give the AV companies access to it now so they can protect it, surely Microsoft cannot.
Posted by fred dunn (793 comments )
Reply Link Flag
Twice as Long?
If it does take twice as long your looking at 2 minutes instead of 1 minute.
Posted by nightstar (23 comments )
Reply Link Flag
It's hacked
It's already hacked but who would admit it. Wait for the final relase and they will tweak their hack as microsoft will be tweaking the protection between now and final release.
Posted by nightstar (23 comments )
Reply Link Flag
It's hacked
Once again baseless and lame conjecture.. If it's already been hacked prove it..
Posted by octaviang (3 comments )
Link Flag
"Sky Expected to Fall"
Nice headline for the article, CNET. Do you think you could be any more alarmist? Do you really think you've done enough reporting to justify a headline stating that the Vista kernel is expected to be hacked SOON? Expected by whom? 2 people? Expected when?

A more accurate headline would have been "Some Security Experts Believe Vista Kernel Protection will Be Hacked" or "Some Security Experts Doubt Vista Kernel Protection." But neither would have been as sensational as your unjustified choice.

Shoddy journalism, if you can even call it that.

-Mister Winky
Posted by Mister Winky (301 comments )
Reply Link Flag
Stinky, isn't it?
CNET is generally biased against Apple, not Windows. Stinks,
doesn't it? And by the way I personally know over a dozen people
who think Vista Kernel Protection will be hacked soon, so there is
no need to think there are only two.

Have a nice day!
Posted by lesfilip (496 comments )
Link Flag
hack n fix, hack n fix, hack n fix, hack n fix...
This is the world we live in.

The user always needs to vigilant.
Posted by Stan Johnson (322 comments )
Reply Link Flag
You're On To Something
That would be a great name for a chain of hardware stores (or software stores, for that matter): Hack-N-Fix

Posted by J_Satch (571 comments )
Link Flag
Microsoft should follow the NetAlter model for virus protection
What NetAlter does is it executes only recognized/authorized code in it frameworks. It implements a unique security mechanism involvling user identification tagged to the users hardware and a universal digital signature for software which can be disabled globally on all installed computers by simply switching off the ID.
Posted by guyfrom2006 (33 comments )
Reply Link Flag
No Absolutes?
I thought you said you were going to refrain from absolutes?

Windows users are the ones in denial; Windows is on the way down.

I neither deny that Windows has its flaws, nor do I accept that Windows is on its way down. I am not drustrated with it, as I have learned how to secure my machine even inside the Windows environment.

I would challenge the Linux/OSX users to try using Windows, and helping to make it a better op system....or are they too lazy to do a little work? Sounds like it to me.
Posted by dragonfly8610 (49 comments )
Reply Link Flag
None I can't back up
You can use Google just as easily as anyone else. Windows is in
fact on the way down, due to the increasing market share of
both Linux and Mac OS X. It is mathamatically impossible for
Windows to gain marketshare while their existing marketshare is
decreasing. And yes, Windows users are in denial. I use Windows
myself on occasion but more importantly I have to deal with
Windows users on a regular basis. They insist on beating their
own heads against the wall instead of doing something far less
painful - switching to something else that actually works.

Mac OS X, Linux, and Windows all have flaws, no kidding. They
are all works in progress. For the majority of users, and not just
those who have "learned how to secure (their) machine", Mac OS
X presents by far the most elegant and rock solid operating
system. Windows doesn't even come close on the features they
copy, much less on anything Microsoft deems original.

I have personally used Windows, and I help Windows users
switch all the time. It is common for them to disbelieve how easy
it is to use an operating system like Mac OS X. They often ask
"What's the catch?" Well, dragonfly, there is no catch.

By the way it is not the job of Linux or Mac OS X users to help
make Windows a better operating system any more than it is a
Windows user's job to improve Linux or Mac OS X. It has nothing
to do with laziness. We choose not to use Windows regularly for
a reason. Windows is a necessary evil, for now, but many people
will drop it completely at the first opportunity. The only hope for
Microsoft is to get busy on the successor to Vista, and do it right
this time.

Have a nice day!
Posted by lesfilip (496 comments )
Link Flag
From what I can tell....
Most of the people who use OS X or Linux used to use windows at some point or another.

I used Windows for my entire life up until last year when I got sick of it. I got tired of not being able to finish working on my projects without having the program they were in freezing.

I don't know if that was the fault of my PC which was a middle of the line Acer or Windows XP.

I just got sick of it, I didn't want to waste any more time when I could be working.

I looked for an alternative. I went to my local John Lewis (store) and looked in the computer department and got talking to some of the staff, I told them what I wanted a PC for, stuff like pictures, video and just to work on and surf the internet, preferabley without daily restarts.

In the end, after much faffing about, I got an iMac.

It was the best purchase I ever made.

I've not had a single major problem in over a year. I don't have any Norton of McAfee AV software to clog things up, I can just work, in peace, doing what I want/need to do without being asked if I want to,' clean up my desktop' or be moaned at.

Most switchers used Windows once, and either got sick of it or git a virus one too many times.

Before you say it was my fault my Acer was rubbish I tried to keep it up to date, but it refused to install service pack two and other updates.

Oh and most people are too lazy to spend time to get their system to work. That's why I spend no more time messing around with drivers or install CDs, everything so far has just worked, thought that basically amounts to a second monitor, two printers and some other stuff.

Why don't you try a Mac? If you have say what you thought was wrong.

This is not a fanboy post, it's my experience so don't bash too hard please.
Posted by grandmasterdibbler (78 comments )
Link Flag
Market Share Data
Real data speaks real truths:

<a class="jive-link-external" href="http://marketshare.hitslink.com/report.aspx?qprid=5" target="_newWindow">http://marketshare.hitslink.com/report.aspx?qprid=5</a>

If Windows is in a nosedive, provide some alternate data (hint: you won't find any).

-Mister Winky
Posted by Mister Winky (301 comments )
Reply Link Flag
Don't you get it, dude?
Those 85% of people (including several big comapanies) are all plain dumb inferior poor people who don't know or don't care to know much about operating systems!
The rest are the real intelligent OS-savy superior people (especially those 3.88% ones)!

This news is a prediction, nothing more. We all know nothing is perfect (sorry Apple fanboys). And Windows is certainly not perfect either. But even if/when it is cracked, that doesn't mean Vista will instantly turn into an insecure OS, as long as Microsoft manages to patch those holes reasonably quickly, hackers won't ever have as simple job as they have now, where they have open easy access to the dll's.
Posted by Ryo Hazuki (378 comments )
Link Flag
Well... So what?
Of course it'll be broken sooner or later. Was that guy just
trying to get into the news with that incredible forcast? Of
course it'll be broken. Everybody knows that.

Charles R. Whealton
Charles Whealton @ pleasedontspam.com
Posted by chuck_whealton (521 comments )
Reply Link Flag
I use OS X and Windows
OS X is frustrating at times. Windows is frustrating at time. Whats is
even more frustrating are all the f&#38;^*&#38;^ing fanboys. Nothing keeps
people away from OS X and Linux like the users of OS X and Linux.
Posted by rapier1 (2722 comments )
Reply Link Flag
Stick with Windows, you fanboy
Since you seem to be frustrated by most major operating systems,
maybe you should just stick with Windows. You'll find more
company there.

Have a nice day!
Posted by lesfilip (496 comments )
Link Flag
Alternative to Windows: Linux OS or Mac OS X. Oh Yeah!
I've used Windows for 10 years. Keeps giving me damn problems. Last year I installed a dual-boot system: WinXP Home/Linux. One day Windows wouldn't reboot. I had to buy a new computer to make it work again. I re-installed the old hard drive back into the system, but Windows XP Home wouldn't start. Guess what did? Linux! Ha! Now with the new system HDD I have Win XP Pro. I don't have icons on the desktop and my taskbar disappeared(for a month), I just fix all the Office programs by buying freaking $400 of worthy( or should it be worthless?) software (f-ing waste of money!). For the last week I can't go online using AOL, keeps saying Windows is low in memory or disk space?!(I have plenty of disk space, &#38; no memory leaks!). I'm forced to let my sister use Linux. Bad thing: She keeps downloading Windows crap, which mostly doesn't work in Linux. I could do anything in Linux Fedora Core (I know there's newer versions of all distros, but I'm ok with this one.)that I could use with Windows. If it wasn't for all the stuff in Windows, I would have deleted it. Only wished I knew about Linux earlier. Learned about Linux during a computer course in college. Linux never crashed on me. Not even once! Windows crashes every 3 weeks(is there an automated program? Yes!)! Used Linux since March 2005.
Posted by trien29 (2 comments )
Reply Link Flag
You should just stop using computers.
Wow! You definately have problems even functioning in this computerized world. If I had even a fraction of your problems I would just give up. Most people would not blame you I am sure. It is obviously very difficult for you.
Posted by Stan Johnson (322 comments )
Link Flag
Look At Solaris 10 6/06+ for x86
It eliminates partitions, is very secure and does more than any OS on the planet and it's free!
Posted by matt_parker (52 comments )
Link Flag
Unsecure designe leads to this...
I know that many microsoft users and fans out there would desagree bu this is a reality. Unsecure designe leads to security breaches. Many services on windows are executet under SYSTEM privilege, ann we all know that none software is 100% secure. When someone finds and exploit bug in service that is run under SYSTEM privilege, he (attacker) gain that privilege for code execution. He can do anything to the system.

Now let us look what looks secure design. If service need to be run on some port below 1024 then it needs system privelege to open that port. That it is ok, but why that service keep system privilege? Why not change permissions to some other unpriveledged account that has no privilege of executing code in kernel space? That is not so hard to do. That is bad design. And as long there is bad design in start microsoft will never have secure OS.

This is applicable to other OS-es, like linux and OS X but, on linux superuser account is used only for mainterence, not internet browsing, and similar stuff. And on OS X superuser account is disabled (eg. you can not log in as root). Good design? It can be better... But it is satisfying for now.
Example: Apache web server won't run as superuser :) That is good. And if someone compromise apache he won't be able to execute code in kernel space. He will have to work harder to gain root privilege, and if you also use some stack protection algoritms and maybe novel's apparmor you are safe from most attacks.

Just my opinion.

Posted by LiquidBrain (6 comments )
Reply Link Flag
Of course it is...
Patchguard in Vista/XP-64 will be at the forefront of hacking focus. It will present a challenge and a goal to hackers across the globe. The scale and profile of this particular protection in the 64-bit NT kernel will only add to the alure of breaking it. None of this is a surprise.

However, no one can predict how long it will take to crack. Hopefully it will be later rather than sooner.

On the subject of OS's and fanboys (refuse to spell it fanbois like all the "cool" people), all this commotion over MS vs *nix vs Apple is disgusting. It really only comes down to personal preference. 99% of any arguments for or against any of the popular OS's is anecdotal.

My preference is (don't have a heart attack now) Windows. Linux is great! In fact, that's what I'm doing with my profession right now. I'm a Sr Linux Test Engineer for a company called Neoware (www.neoware.com). I also do some development with the project: mostly shell scripting but sometimes C and C++, also some x86 asm in nasm. BASH is super-powerful and it's always a rewarding feeling to get something to compile and actually work in Linux. Every day with Linux is a new challenge and it's so much fun. However, the harsh reality of the situation is that not everyone is an engineer/developer. Not everyone has the time to fsck around w/ the OS for hours just to get a damn app to compile. No matter how fun it is for me, it invariable sucks for the other 99 % of the population. This is where Windows comes in. It just works, plain and simple. Users need not know how the hell it works behind the sceens. They can be shielded from esoteric terminology likes kernels and compiling and permissions etc... The computer becomes a tool in Windows; A means to and end rather than an end in and of itself.

OS-X... eh, It's ok. Unix kernel, intuitive software, lots of sparkle. For me though, I just don't care for it. Nothing particularly special or defining about it. Seems kind of fisher-price. Don't have a heart attack. This is, again, my personal preference and I do realize that the Mac world has the most passionate, fanatic, Michael Moore loving, uber-liberal, elitist, zealots in the show. They do love their Macs don't they. &lt;sigh&gt;

Use whatever works for ya, but don't try to shove your preference down other people's throats. The reality is, if you are competant and tech-savvy enough, you can chose any OS and be happy with it.
Posted by DJRaid (5 comments )
Reply Link Flag
How can you claim to know anything about Linux and then claim it takes hours to compile a program.

Very, very few programs in linux have to be compiled by the end-user, and the handful that do are a simple 3 line process.

It is not like the user has to comb through the code and translte into machine code.
Posted by qwerty75 (1164 comments )
Link Flag
Here here
Well said.

I wish everyone would get off their high-horses and realise that we live in a free world where each and every person can decide what OS he/she wants to use. Furthermore, it would be great if people would stop trying to convert everyone else to other OSs - just let people use whatever they want to use.

Finally, every OS has its pros/cons and discussing them objectively is great, but I hate it when people judge others on the basis of what OS they use.
Posted by a85 (104 comments )
Link Flag
I Agree Totally
Windows annoys me to no end some days, and other days i love it, it depends what im trying to do. Ive used Macs before, and ive used linux. It is not always appropriate for me to screw around trying to compile apps to work with my system, and infact the only reason my webserver does not have SSL installed is because nobody releases an apache version for windows that has SSL compiled into it for some stupid reason, which nobody will comment on for some odd reason.

This is the main reason for using windows, 99% of the people out there cant bother to screw around trying to find a program to work on their proprietary system, or that will compile to work on their particular variant of linux, unix, bsd, etc.

Locking everyone out of the windows kernel, even the security people, is a good thing. If they bothered to actually "innovate" as they say that having access to the kernel allows them to do (although what they call innovate is what i call making a new user interface for 10 year old crappy code) If security companies can get past it or uninstall windows security features, how much harder is it for hackers to do it? hackers wont likely reinstall windows's security programs when they uninstall them either, so i agree with Microsoft's stance that the USER should do it if they want to do it, not a program do it for them.

If a user buys a security package and it expires, and the windows one doesnt expire, they will move back to the windows one, rather than pay money for some expensive solution that just replaces somethin windows already can do for you. Windows also has ZIP-file shell integration, yet i use 7-Zip, because i prefer the right click shell extension to the extract wizard that Windows offers, but i browse the zip files with Windows's integrated ZIP-file ability. Microsoft wants Windows to be a tool to the user, to help them do what they want to do, and not having to open a seperate program to see inside a ZIP file helps me EVERY DAY. Is Winzip losing customers? maybe. Do they have no possible way to innovate to get people to buy software from them? hardly. 7-Zip beats Winzip any day, and its free, so i use it, thats my preference, i just happen to like fast, easy, small, and efficient archive programs that work with dozens of archive formats as opposed to bloated ones that support one or two.

When Windows Firewall was added to windows, people no longer had to deal with getting a virus that installed itself before the user could update windows and get an anti-virus and firewall after a fresh install, and i like that. Its free, its very useful, its out of the way and works in the background when i dont need to change it, and it works. Norton and McAfee software packages are huge, intrusive, get in the way, slow everything down, and make you have to configure alot of options to get them working good, plus they charge you money for updates every year. I'll never use their products because of that.

Once i move to Vista and can have a system kernel that wont let me run .exe's and get some nasty virus that ruins my machine without needing a stupid program to constantly scan every file i download or run in memory, ill never look back. Mind you the 10GB size of the Vista C:\Windows folder turns me off, but i have a 160GB hard drive. Id rather have a 90% full hard drive than 50MB worth of my memory and 10% of my processor bogged down by internet security suites if i dont have to, and patchguard will go a LONG way towards that.

If microsoft is forced to remove patchguard, i would try and grab it from vista rc2 and get it to work in the retail version. Just because the security companies dont want to have to actually do work to continue selling products, doesnt mean i should have to go without security unless i dish out more money than i already have on my computer.

Why is security even "sold"? it should have been a feature long ago, but microsoft cant do it because they know the "security" companies dont want that, thats why they pay people to make viruses.
Posted by TheMikeness (12 comments )
Link Flag
Those who don't learn from history are doomed to repeat it...
...and Microsoft is repeating it hard. The more it, as a company, shoots itself in the foot with its largest supporters, the more it hurts itself in the long run.
Posted by mgss0lidsnak3 (18 comments )
Reply Link Flag
Why switch to Vista
I'm a consultant that visits many large corporations. Will they be making the switch? Probably not right away. Many of my clients are still running on Windows 2000 systems and didn't even switch to XP.

A peer of mine and I do a lot of similar work and even collaborate on projects. He uses XP, I use Windows 2000. There is nothing that his system will do that mine won't. We compile the same source code, play the same games, network the same way, run similar application suites, etc.

What does vista give you besides eye-candy? More DRM, more kernel protection, more limits on what you can and cannot do with YOUR computer. But, what does it let you do that your present system cannot do? Nobody has yet to answer that question. Until that 'something' is defined, there is really zero value in buying Vista.

I recently lost a power supply that cost me a CPU/Motherboard. I installed the new parts on my Win2K box, added some RAM, a disk drive, upgraded my DVD drive, changed video card and a few other things. Rebooted. The system prompted me for the new drivers... I'm fully up and running with a dozen hardware changes in less than 3 hours. Try that with XP! Try that with Vista!!

If it ain't broke, don't fix it. On person wrote that 99% of users need a system that just works. What percentage know to properly migrate a windows system such that everything works and all the files, applications and such are there too? Not many.
Posted by BillTheCat (28 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.