Skip the navigation

Q&A: Microsoft exec defends company in Vista kernel dispute

'Some vendors ... want the operating system to be insecure,' says Stephen Toulouse

October 6, 2006 12:00 PM ET

Computerworld - Symantec Corp. and McAfee Inc. say that a Microsoft Corp. technology called Patch Guard -- which blocks access to the 64-bit Vista kernel -- will make it harder for third-party security vendors to deliver certain features in their products. In a full-page advertisement in London's Financial Times this week, McAfee charged that Microsoft's decision to "shut-off access" to the kernel amounts to anticompetitive behavior. The two security vendors also accuse Microsoft of other tactics designed to make life harder for independent security vendors at a time when the software giant is expanding its own presence in the security field. In an interview with Computerworld, Stephen Toulouse, senior product manager with Microsoft's security technology unit, explained his company's position.

Excerpts from that interview follow:

Why did Microsoft decide to restrict access to the 64-bit Windows kernel? The biggest concern has been rootkits that can hide themselves from detection software and antivirus software. When you have a situation where code that is not part of the operating system can run at the same level as the kernel, that is not good because the kernel can't necessarily figure out what is good and what is bad.

In the 32-bit version of the [operating system] there has always been these undocumented and unsupported ways of modifying the kernel while it is running. That introduced stability problems, performance problems and security problems because attackers can use them, as well. These unsupported, undocumented ways of modifying the kernel have never been used by Microsoft and their use by other vendors is frowned on. We don't believe that it is good for the user experience to modify the kernel while it is running. When changes are made to it in unsupported fashion, you introduce instability.

So, what we felt the right thing to do for the 64-bit platform was to prevent the use of these unsupported functions and instead try to implement safer documented ways of implementing the same functionality.

What does Patch Guard do for Windows? I think it is important first off from our perspective to note that one of the things that customers have been very clear about with Windows and all of our products is that we've got to fundamentally raise the security of those products. That has been very, very clear feedback from our customers. One of the ways we are doing that on our 64-bit platform is this implementation that is known as kernel patch protection or Patch Guard. It is actually not new. We have been shipping operating systems with kernel patch protection for a couple of years now. The feature is also in Windows XP 64 and Windows Server 2003, 64-bit.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!