Will Microsoft Shut Out Internet Security Competition By 2008?
Like many Internet security vendors, we’ve been closely watching Microsoft’s latest actions with regard to Kernel Patch Protection (KPP). It’s our conclusion (and no doubt the same conclusion has been reached by many other vendors), that Microsoft’s promise to release its API will have little or no effect on a situation some security experts are already calling “shutting down the competition in the Internet Security market”. Hallowe’en is coming soon, but the prospect of end users relying on Microsoft for Internet security is much scarier, in our view.
The official story:
As early as July 2006, we raised concerns about the introduction of Kernel Patch Protection; larger vendors like Symantec and McAfee raised the same questions later. As a result, the European Commission issued a warning to Microsoft that it must not shut out rivals in the security software market. The commission asked security vendors about issues they might have with Vista and has confirmed it will take action if it believes Microsoft is breaking antitrust laws.
Given little other choice, Microsoft evidently decided to take a step back -- at least officially. On Friday October 13th, Microsoft said it would modify KPP to let third-party security vendors bypass it with their software and give end users the ability to choose their preferred security supplier. To do this, Microsoft would create an Application Programming Interface (API) to let third-party developers access the kernel and disable the Windows Security Center in Vista.
The real facts:
Last week – as reported by TechWeb and eWeek, among others -- we learned that Microsoft won't roll out the APIs for PatchGuard in the first edition of Vista, but instead now plans to deliver the APIs with the first Service Pack to Vista. This promises to be a long wait, because, typically, Microsoft doesn’t deploy an initial Service Pack until 12 to 18 months after the first release of an OS.
Consequences:
Why is it so risky to use KPP to provide kernel security for computers running Vista x64 rather than a third-party security solution?
Here’s an analogy. Today, every house has a different lock on its front door; in the same way, you can use any security product you want to protect your computer. Now imagine if every house in your city were required to use the exact same lock on its front door. As soon as a burglar figures out how to crack that lock, he can freely enter and steal from any house. This is what 64-bit Windows security will look like with PatchGuard.
This is not just a bad science-fiction movie. Microsoft was apparently embarrassed into changing Kernel Patch Protection after malware experts attending the Black Hat conference in August 2006 saw a presentation that demonstrated how to break into the Vista kernel.
How does that inspire confidence? How does that better protect users?
If it isn’t already happening, every cyber criminal in the world will target Kernel Patch Protection. If Microsoft gets its way, the only protection 64-bit OS users will have will be to totally depend on how fast Redmond is able to release security patches.
If history is any indicator, we’re in for a long series of “patch Tuesdays.”
Why is Microsoft doing this?
We believe that Microsoft is executing a series of logical steps aimed at shutting down the competition and winning a significant share of the security software market. The classic series of “Competitive Strategy” books by Michael E. Porter state that one of the best methods to secure your market position is to create technology barriers that prevent your competitors from entering the market.
Since x64 computers are just starting to enter the market, it also makes sense for Microsoft to focus on this segment. They are clearly expecting fewer objections from the competition in this space, as it will take a couple of years for the majority of users to migrate to x64.
At this point, it’s not clear whether Microsoft’s strategy with respect to Vista x64 and Kernel Patch Protection measure is legal – that’s being considered by the European Commission and other legislative bodies. What really bothers us as a security vendor is the fact that Microsoft is using its position of power to make all users rely on Microsoft and only Microsoft to secure their systems.
Every “patch Tuesday” proves again that a choice of one vendor is no choice at all.
In security, this is especially true. Microsoft’s Kernel Patch Protection is already broken. It is going to be attacked continually – and broken again and again.
What should users do?
Our best recommendation at this point is to not move to 64-bit computing under Windows Vista until Microsoft provides third-party security vendors with the ability to give you, the customer, a choice in whose security software you use.
Mikhail Penkovsky,
Director of Sales and Marketing, Agnitum Ltd.
The official story:
As early as July 2006, we raised concerns about the introduction of Kernel Patch Protection; larger vendors like Symantec and McAfee raised the same questions later. As a result, the European Commission issued a warning to Microsoft that it must not shut out rivals in the security software market. The commission asked security vendors about issues they might have with Vista and has confirmed it will take action if it believes Microsoft is breaking antitrust laws.
Given little other choice, Microsoft evidently decided to take a step back -- at least officially. On Friday October 13th, Microsoft said it would modify KPP to let third-party security vendors bypass it with their software and give end users the ability to choose their preferred security supplier. To do this, Microsoft would create an Application Programming Interface (API) to let third-party developers access the kernel and disable the Windows Security Center in Vista.
The real facts:
Last week – as reported by TechWeb and eWeek, among others -- we learned that Microsoft won't roll out the APIs for PatchGuard in the first edition of Vista, but instead now plans to deliver the APIs with the first Service Pack to Vista. This promises to be a long wait, because, typically, Microsoft doesn’t deploy an initial Service Pack until 12 to 18 months after the first release of an OS.
Consequences:
Why is it so risky to use KPP to provide kernel security for computers running Vista x64 rather than a third-party security solution?
Here’s an analogy. Today, every house has a different lock on its front door; in the same way, you can use any security product you want to protect your computer. Now imagine if every house in your city were required to use the exact same lock on its front door. As soon as a burglar figures out how to crack that lock, he can freely enter and steal from any house. This is what 64-bit Windows security will look like with PatchGuard.
This is not just a bad science-fiction movie. Microsoft was apparently embarrassed into changing Kernel Patch Protection after malware experts attending the Black Hat conference in August 2006 saw a presentation that demonstrated how to break into the Vista kernel.
How does that inspire confidence? How does that better protect users?
If it isn’t already happening, every cyber criminal in the world will target Kernel Patch Protection. If Microsoft gets its way, the only protection 64-bit OS users will have will be to totally depend on how fast Redmond is able to release security patches.
If history is any indicator, we’re in for a long series of “patch Tuesdays.”
Why is Microsoft doing this?
We believe that Microsoft is executing a series of logical steps aimed at shutting down the competition and winning a significant share of the security software market. The classic series of “Competitive Strategy” books by Michael E. Porter state that one of the best methods to secure your market position is to create technology barriers that prevent your competitors from entering the market.
Since x64 computers are just starting to enter the market, it also makes sense for Microsoft to focus on this segment. They are clearly expecting fewer objections from the competition in this space, as it will take a couple of years for the majority of users to migrate to x64.
At this point, it’s not clear whether Microsoft’s strategy with respect to Vista x64 and Kernel Patch Protection measure is legal – that’s being considered by the European Commission and other legislative bodies. What really bothers us as a security vendor is the fact that Microsoft is using its position of power to make all users rely on Microsoft and only Microsoft to secure their systems.
Every “patch Tuesday” proves again that a choice of one vendor is no choice at all.
In security, this is especially true. Microsoft’s Kernel Patch Protection is already broken. It is going to be attacked continually – and broken again and again.
What should users do?
Our best recommendation at this point is to not move to 64-bit computing under Windows Vista until Microsoft provides third-party security vendors with the ability to give you, the customer, a choice in whose security software you use.
Mikhail Penkovsky,
Director of Sales and Marketing, Agnitum Ltd.
posted by Agnitum BLOG at 10/23/2006 05:54:00 PM
Bookmark this post: 
2 Comments:
I suppose the danger of this and other steps taken by Microsoft is that it will become just too difficult to use its products. Steve Jobs must be laughing.
Hi John, I think you are absolutely right. The most dangerous thing is that Microsoft is playing with security, which can have grave consequences.
Good joke about Steve Jobs, LOL ;-)
Alexander Kariagin
Post a Comment
<< Home