Microsoft Releases Vista Kernel APIs To Rival Security Firms

FOR IMMEDIATE RELEASE
(Free-Press-Release.com) December 21, 2006 -- Microsoft has released draft APIs designed to mollify third-party security software developers that are angry over the company's decision to wall off the kernel in the 64-bit edition of Windows Vista.

The application programming interfaces are meant to give security software makers access to information heading into the Vista kernel so that they can create software similar to what they now write for Windows XP and Vista 32-bit. That software often "hooks" into the kernel to monitor behavior that could indicate that malicious code is trying to hijack the computer.

"We are delivering the first draft set of these new APIs for Windows Vista [which] have been designed to help security and non-security ISVs [independent software vendors] develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection," said Ben Fathi, Microsoft's Windows security chief, in a statement.

Kernel Patch Protection is the name Microsoft has given to a set of technologies first implemented in Windows XP 64-bit, and extended in the 64-bit version of Vista. Also known as PatchGuard, it locks out all access to the operating system kernel, and is meant to stop both malicious code and third-party software from making changes at the kernel level. Microsoft has repeatedly touted PatchGuard as an important defense against rootkits and other advanced malware.

But several prominent security vendors, notably Symantec and McAfee, objected to PatchGuard this fall, called Microsoft's decision wrong-headed, and rebuffed its claim that APIs would solve their problems.

Wednesday, Symantec refused to comment on the draft APIs. "Symantec has received the draft APIs regarding PatchGuard and is currently evaluating the information and awaiting additional information from Microsoft," Symantec spokesman Mike Bradshaw wrote in an e-mail.

Under pressure from the European Union's antitrust watchdog, Microsoft in mid-October promised to design and deliver APIs that would let others access data going to the kernel. Although some analysts praised the move as an "acceptable compromise" between Microsoft and its security partners, vendors soon scoffed at the idea.

The draft APIs include ones that govern whether applications are allowed to launch or be manipulated, and others that will prevent tampering with running security processes.

Microsoft has also posted a Word document that outlines the criteria it uses to evaluate and prioritize the kinds of APIs it will develop.

Author: Gregg Keizer
Source: http://www.informationweek.com/