Q&A: Microsoft exec defends company in Vista kernel dispute
'Some vendors ... want the operating system to be insecure,' says Stephen Toulouse
Computerworld - Symantec Corp. and McAfee Inc. say that a Microsoft Corp. technology called Patch Guard -- which blocks access to the 64-bit Vista kernel -- will make it harder for third-party security vendors to deliver certain features in their products. In a full-page advertisement in London's Financial Times this week, McAfee charged that Microsoft's decision to "shut-off access" to the kernel amounts to anticompetitive behavior. The two security vendors also accuse Microsoft of other tactics designed to make life harder for independent security vendors at a time when the software giant is expanding its own presence in the security field. In an interview with Computerworld, Stephen Toulouse, senior product manager with Microsoft's security technology unit, explained his company's position.
Excerpts from that interview follow:
Why did Microsoft decide to restrict access to the 64-bit Windows kernel? The biggest concern has been rootkits that can hide themselves from detection software and antivirus software. When you have a situation where code that is not part of the operating system can run at the same level as the kernel, that is not good because the kernel can't necessarily figure out what is good and what is bad.
In the 32-bit version of the [operating system] there has always been these undocumented and unsupported ways of modifying the kernel while it is running. That introduced stability problems, performance problems and security problems because attackers can use them, as well. These unsupported, undocumented ways of modifying the kernel have never been used by Microsoft and their use by other vendors is frowned on. We don't believe that it is good for the user experience to modify the kernel while it is running. When changes are made to it in unsupported fashion, you introduce instability.
So, what we felt the right thing to do for the 64-bit platform was to prevent the use of these unsupported functions and instead try to implement safer documented ways of implementing the same functionality.
What does Patch Guard do for Windows? I think it is important first off from our perspective to note that one of the things that customers have been very clear about with Windows and all of our products is that we've got to fundamentally raise the security of those products. That has been very, very clear feedback from our customers. One of the ways we are doing that on our 64-bit platform is this implementation that is known as kernel patch protection or Patch Guard. It is actually not new. We have been shipping operating systems with kernel patch protection for a couple of years now. The feature is also in Windows XP 64 and Windows Server 2003, 64-bit.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts