Microsoft is fine-tuning the final security model for the Windows Vista operating system and not everyone is happy with the changes.
Last week, industry analyst firm Gartner warned companies to hold off on upgrading to the 64-bit version of Windows Vista if the firms rely on host-based intrusion detection systems. Windows Vista is due out to consumers at the end of January 2007, and incorporates several security technologies including PatchGuard, which prevents third parties from modifying the core system software. However, Microsoft's promise to negotiate with independent software vendors (ISVs) to allow access to security features of the kernel will not likely deliver any changes until Service Pack 1 (SP1) for the operating system, Gartner analyst Neil MacDonald said in the research note.
"With antitrust concerns temporarily satisfied, Microsoft may feel less pressure to make kernel modifications quickly," MacDonald wrote. "Pressure ISVs and Microsoft to work together to achieve rapid development of a mutually acceptable, trusted methods of interacting with the Windows kernel, starting with SP1 and evolving over the next several years."
Microsoft made another change in the latest release candidate of Vista to head off an attack proposed by Joanna Rutkowska, a security researcher at COSEINC, at the Black Hat Security Briefings. The attack, known as the pagefile attack, subverts Microsoft's protections against unsigned drivers. However, the software giant's fix for the problem is a quick solutions, but one that also requires limiting legitimate programs to work.
A number of security companies have taken Microsoft to task for its PatchGuard protections, because it limits their ability to offer enhanced security for 64-bit computer systems, which are being quickly adopted by consumers and corporations. Symantec, the owner of SecurityFocus, is among the companies reportedly impacted by the security measures.
Rutkowska supports the PatchGuard changes, which have been available in all 64-bit versions of the Windows operating system since Windows XP, but argued that the security model for signed drivers needs better protections.
Posted by: Robert Lemos