Symantec condemns Vista kernel security

By Derek Sooman on August 11, 2006, 5:00 AM
The kernel is the fundamental part of an operating system. It is a piece of software responsible for providing secure access to the machine's hardware to various computer programs - it manages the system's resources and facilitates communication between hardware and software. It is the heart of the operating system.

The kernel has become the new target of malware authors, who seek to alter the way in which the kernel operates. For example, rootkits operate in so-called "kernel space" and allow the malware author to hide files and system processes from the system and security software. Thusly, a virus or something equally horrid might be running on your system, but you will not see it in task manager, and you will not see the program’s files on your hard drive. Naturally, this is a cause of great concern.

Security is high on the agenda for Microsoft in their new operating system, Windows Vista, and so they have turned their attention to kernel security in a big way. They have applied new security features to the kernel which they believe will make it much harder for malware such as rootkits to operate.

However, Symantec has released a report outlining some weaknesses in the kernel protection mechanisms built into Windows Vista. They claim that features in the Windows Vista kernel obstruct innovations by antivirus and other security applications. If security vendors cannot access the kernel, they claim, it cuts down on their ability to innovate new security products.

"These new technologies, along with Microsoft’s unwillingness to make compromises in this area, have serious implications for the security industry as a whole," said Oliver Friedrichs, director of emerging technologies in Symantec Security Response.

"If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and original equipment manufacturers can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems."

Furthermore, Symantec claims that malware authors have already successfully demonstrated ways to circumvent Vista's kernel security features. All that is being done, they claim, is that Microsoft is making it harder for Symantec and other similar firms to create security solutions; Vista will not be safer from the blackhats as a result.




User Comments: 6

Got something to say? Post a comment
slake said:
"They claim that features in the Windows Vista kernel obstruct innovations by antivirus and other security applications. If security vendors cannot access the kernel, they claim, it cuts down on their ability to innovate new security products."- now that is lame. Hey MS will you open up your new kernal so hackers can write code we can offer anti-apps for?
howard_hopkinso said:
That`s rich, coming from one of the worst antivirus crapware vendors around.If I remember rightly, it wasn`t that long ago, Symantec admitted to using a rootkit type feature in Norton system works.Maybe that`s why their so against Microsoft making the kernel so hard to access.Regards Howard.
Phantasm66 said:
I wouldn't be surprised if some EU court orders Microsoft to make Vista more insecure so that companies like Symantec can still make money off of it.What a load of flipping nonsense.
spike said:
It has been long wondered what would happen with the major security bods if Windows suddenly became perfectly secure. I guess we're a step closer to the answer now! lol
slake said:
[b]Originally posted by Phantasm66:[/b][quote]I wouldn't be surprised if some EU court orders Microsoft to make Vista more insecure so that companies like Symantec can still make money off of it.What a load of flipping nonsense. [/quote]Oh that was good. Thank you!
Mictlantecuhtli said:
I guess this is about updated kernel patch protection which applies for not only Vista but XP and 2003 x64 versions too.I chose not to install the [url=http://www.microsoft.com/technet/security/advisory/9147
4.mspx]patch[/url], because it broke my firewall application ([url=http://www.tinysoftware.com/home/tiny2?la=EN]Tiny Firewall AMD64[/url]).I don't find Windows builtin firewall good enough, and I haven't found a better alternative, and I've already paid for Tiny Firewall.The patch protection [url=http://www.microsoft.com/whdc/driver/kernel/64bitpatch_
AQ.mspx]FAQ[/url] was published on January 19th 2006, so I wonder why there have been no updates for broken applications.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.