Monday, July 31, 2006

Microsoft locks out security firms

According to The Register, Microsoft's recently introduced security measures will make it much more difficult for third-party software companies to integrate their security tools with Windows.

Software firm Agnitum says that Microsoft's new "Kernel Patch Protection" technology makes it virtually impossible for legitimate security firms to integrate their software with Windows, unless they use the same tactics and tricks as crackers and black-hat hackers.

Agnitum's security researchers suggest that the Kernel Patch Protection is:

susceptible to reverse engineering attacks by skilled hackers, while preventing legitimate software developers from installing software at the kernel level, unless ISVs similarly reverse-engineer access to the OS kernel. Such an approach would make it more difficult to install and maintain independent security products on Windows, Agnitum argues. Hackers, by contrast, have no need to fret about compatibility issues.

"As the vendor of Outpost Firewall Pro, we have to install at the kernel level," said Alexey Belkin, chief software architect at Agnitum. "In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers."

So, let me get this straight. Microsoft's anti-rootkit and malware software blocks legitimate non-Microsoft security products, but allows the bad guys to install malware on your Vista PC?

"Microsoft made a logical move with this attempt to protect Windows against rootkits," said Mikhail Penkovsky, vice president of sales and marketing at Agnitum. "Unfortunately, it doesn't really resolve the problem, and also makes it a great deal more difficult for independent security software developers to be fully compatible with Windows."

"Nobody knows if Microsoft has done this intentionally, but we can't avoid the suspicion that this move may have been designed to force users to rely on Microsoft and only Microsoft for Windows security," he added.

You think??? Say it ain't so!!!

No comments: