Feeds

Developers cry foul over Windows kernel security

Lock-out

Choosing a cloud hosting partner with confidence

Recently introduced security measures by Microsoft will make it more difficult to integrate third-party security tools with Windows, according to a rival personal firewall firm.

Agnitum reckons that the introduction of Kernel Patch Protection by Microsoft will force independent security software vendors to adopt the same tactics as hackers in order to get their code to work.

Security researchers at Agnitum - best known for its Outpost personal firewall product - reached this conclusion after an analysis of Microsoft's Kernel Patch Protection approach. The technology is designed to limit the exposure of Windows machine to rootkits, which are forms of malware that hide their presence on infected systems, by restricting access to low-level kernel functions.

But Agnitum thinks the approach is susceptible to reverse engineering attacks by skilled hackers, while preventing legitimate software developers from installing software at the kernel level, unless ISVs similarly reverse-engineer access to the OS kernel. Such an approach would make it more difficult to install and maintain independent security products on Windows, Agnitum argues. Hackers, by contrast, have no need to fret about compatibility issues.

"As the vendor of Outpost Firewall Pro, we have to install at the kernel level," said Alexey Belkin, chief software architect at Agnitum. "In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers."

Kernel Patch Protection protects low-level system activities such as the file and registry operations of the Windows kernel. Program that gains access to the kernel can, for instance, hide a folder on the hard disk and make it impossible to delete that folder using standard tools. The technology is slated for delivery with Windows Vista and 64-bit versions of Windows. Agnitum describes Microsoft's approach as misguided, if not deliberately anti-competitive.

"Microsoft made a logical move with this attempt to protect Windows against rootkits," said Mikhail Penkovsky, vice president of sales and marketing at Agnitum. "Unfortunately, it doesn't really resolve the problem, and also makes it a great deal more difficult for independent security software developers to be fully compatible with Windows."

"Nobody knows if Microsoft has done this intentionally, but we can't avoid the suspicion that this move may have been designed to force users to rely on Microsoft and only Microsoft for Windows security," he added. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?