DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » Vista and security - are Microsoft doing the right thing?
Vista and security - are Microsoft doing the right thing?

This is something I have thought long and hard about and as such I have to caveat things by saying this is my opinion and that I am no more informed than any other member of the public or IT community.  Having said that, I have done my time as a Windows Developer and even once worked on emulation systems such as Wine.  These protections will be coming to all OSs - so Vista, Longhorn, SBS - all of them!  I really think this is some of the worst mud slinging I have seen in a long time and much is wrong!

So what have I seen in the Press.

  • McAfee and Symantec have complained that they want the ability to ignore the APIs in Vista and bash at the Kernel directly for security services.  However, Kernel code has to be signed for the integrity of the system.
  • Microsoft will not stick to the rules above and will gain advantage by using unknown APIs
  • That the security prompts and center can not be turned off
  • That Microsoft is right to make these changes and want to increase the integrity of the system

As someone who once worked on a large secure project I recognise the types of controls Microsoft wants/has to put in place on the Kernel - something that has been around since Windows XP 64-bit addition based on Server SP1 (yes it was).  When you have a look at all the nasties out there, some (rootkits often) place drivers on the system to do the "hiding" from you.  A driver sits in the kernel and can see and change almost anything that goes on in there - if you are compromised in the Kernel, they you are hosed!!  You will never know it and your tools will tell you everything is fine.  If you allow some people to not obey these rules, then the dishonest ones will not be hindered by it.  Yes it can be disabled, but why would you as a user want to turn it off?  I even saw someone say that the Kernel is where the holes are, so it is important that rather than fixing the issues, MS was better off leaving it to others.  Well, why not have Ms produce a better kernel and then most users would be happy.

Second, long, long before I worked for Microsoft there was rumours of secret APIs that MS used to keep the upper hand, however when working with WINE all those years ago, we did not find secret APIs, we found APIs that were old - say Windows 3.0, depreciated by Microsoft, but still being used by some programs.  Microsoft keeps these often for compatibility reasons, but strongly advice programmers to use something else.  An example of this is discussed here with the changes to IE (IELaunchURL()).  It is incredibly easy to check to see what API calls are being made by a DLL or program, so the concept of secret calls is just barmy!!  What is more, we hold regular meetings with people like the AV vendors to ensure they write code that is good for the OS - have you ever seen a BSOD caused by an AV Vendor, or an application stop working... that is why we do this.  Microsoft publicly calls for people to have AV on their systems - have a look at http://www.getsafeonline.org for details.

Finally, on the bad press front, is the statement that things like Security Center can not be disabled - well, you can do this today, so I doubt it is really going to go away - having said that - one AV vendors console really does my head in - enough for me to remove their product and put someone else's on - I really want to be able to disable some features they offer and sometimes this is just not possible in 3rd party products without a painful re-install!!

I then saw this article and it made me feel better - someone who says that MS is not playing unfairly, yet it is someone that MS's AV products (which are charged for separately and not part of Vista) would compete against!!

Microsoft's new operating system Windows Vista will not make it more difficult for antivirus companies, Kaspersky Lab said on Friday, contradicting rivals.

In an open letter this week, U.S. antivirus maker McAfee accused Microsoft of weakening users' protection by no longer co-operating with computer security providers and denying them access to the core of the Vista system.

"From what we have seen of Vista, we cannot tell that Microsoft is blocking access to the core," Natalya Kaspersky, CEO of Kaspersky Lab, a Russian computer security company. "It would not make any sense for them (Microsoft) to stop working with other computer security companies, because it would make their system more vulnerable to attacks."

Source: Microsoft's playing fair with security rivals, Kaspersky says | CNET News.com

Well, that is the end of my rant - comments welcome.

 

ttfn

 

David

Posted Mon, Oct 9 2006 9:55 AM by David Overton
Filed under: , , , ,

Comments

Tim Long wrote re: Vista and security - are Microsoft doing the right thing?
on Sun, Oct 15 2006 2:38 AM

I'm totally behind Microsoft locking down the kernel. The kernel is responsible for managing system resources and keeping everything secure. Once you start letting in third party stuff, no matter how well-intentioned, you can't guarantee to do that any more. I never came accross a mainframe operating system that allowed third parties to modify the kernel willy-nilly. Windows never should have allowed third parties to put files in any of the system folders, in my opinion. System File Checker was a good step but I think it is far better to completely lock down the kernel.

I'm more concerned about some OEM builds out there that come bundled with third party security suites pre-installed and make it really easy for users to turn off the standard Windows Firewall without really knowing what they've done. Then they have the cheek to tell you that the built in Windows Firewall is "redundant". Way too aggressive.

Add a Comment

(required)
(optional)
(required)
Remember Me?

(c)David Overton 2006-23