The kernel has become the new target of malware authors, who seek to alter the way in which the kernel operates. For example, rootkits operate in so-called "kernel space" and allow the malware author to hide files and system processes from the system and security software. Thusly, a virus or something equally horrid might be running on your system, but you will not see it in task manager, and you will not see the program’s files on your hard drive. Naturally, this is a cause of great concern.
Security is high on the agenda for Microsoft in their new operating system, Windows Vista, and so they have turned their attention to kernel security in a big way. They have applied new security features to the kernel which they believe will make it much harder for malware such as rootkits to operate.
However, Symantec has released a report outlining some weaknesses in the kernel protection mechanisms built into Windows Vista. They claim that features in the Windows Vista kernel obstruct innovations by antivirus and other security applications. If security vendors cannot access the kernel, they claim, it cuts down on their ability to innovate new security products.
"These new technologies, along with Microsoft’s unwillingness to make compromises in this area, have serious implications for the security industry as a whole," said Oliver Friedrichs, director of emerging technologies in Symantec Security Response.
"If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and original equipment manufacturers can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems."
Furthermore, Symantec claims that malware authors have already successfully demonstrated ways to circumvent Vista's kernel security features. All that is being done, they claim, is that Microsoft is making it harder for Symantec and other similar firms to create security solutions; Vista will not be safer from the blackhats as a result.