The game of ping-pong between Microsoft and third-party security software vendors seemed to be over last week when Microsoft announced its plan to share the source code of its Kernel Patch Protection mechanism.
Kernel Patch Protection (KPP), also known as PatchGuard, is a new security measure introduced by Microsoft for the Windows Vista x64 operating system. Its goal is to prevent malware from replacing a part of Microsoft's core code with its own, thus exploiting the operating system. An unfortunate side effect, however, is the limitations this places on third-party vendors of security software – limitations that are confirmed by security researchers from around the world.
As early as July 2006, Agnitum, along with fellow firewall provider Sunbelt, raised concerns about the introduction of Kernel Patch Protection; larger vendors like Symantec and McAfee raised the same questions later. As a result, the European Commission issued a warning to Microsoft that it must not shut out rivals in the security software market. The commission asked security vendors about issues they might have with Vista and has confirmed it will take action if it believes Microsoft is breaking antitrust laws.
Given little other choice, Microsoft evidently decided to take a step back -- at least officially. On Friday October 13th, Microsoft said it would modify KPP to let third-party security vendors bypass it with their software and give end users the ability to choose their preferred security supplier. To do this, Microsoft would create an Application Programming Interface (API) to let third-party developers access the kernel and disable the Windows Security Center in Vista.
This certainly sounded promising -- Microsoft did, after all, decide to make the changes after being pushed into a corner by the European Commission and major third-party security vendors. But with Vista due to ship in a few weeks, we weren’t exactly getting a lot of time to provide users with greater choice in their selection of security tools..
I guess we should also have taken note that Microsoft made this announcement on Friday 13th – not a date known for good news over the course of history. Because what did we learn today? According to TechWeb
“Microsoft won't roll out the APIs for PatchGuard in the first edition of Vista, but will unveil them with the first Service Pack. Typically, Microsoft deploys an initial Service Pack 12 to 18 months after the release of an OS.”
We’ve contacted Microsoft to try to get this sorted out. We hope. From Agnitum's point of view, Microsoft has made a positive decision – but we don’t have the API yet to analyze it. And of course the biggest losers here are going to be the users. Unless Microsoft makes good on its original announcement to make the KPP APIs available this week, the likelihood is that Vista will ship with a “choice” of security solutions from one vendor – Microsoft. A company not exactly widely acclaimed for its attention to computer security.
We’ll let you know when we hear back from Microsoft. Stay tuned!
Director of Sales and Marketing, Agnitum Ltd.