Forgot your password?
typodupeerror

Microsoft Locking Out Anti-Virus Makers? 135

Posted by Zonk
from the protecting-their-business dept.
twitter writes "Anti-virus makers have more to fear than stonewalling by Microsoft if a report by Agnitum, maker of Outpost Personal Firewall, is right about recent trusted computing changes. All the problems were summarized in a choice Register quote, 'In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers.'"
This discussion has been archived. No new comments can be posted.

Microsoft Locking Out Anti-Virus Makers?

Comments Filter:
  • ORly? (Score:4, Informative)

    by Umbral Blot (737704) on Saturday July 29, 2006 @03:56PM (#15807101) Homepage
    As someone who has written drivers for Windows before I think Microsoft's patch is a step in the right direction. It is simply too easy to spy on the user and hide the driver under the current system. If that means that anti-virus software has to be updated, and has to bug the user with more "are you sure this is OK" boxes ... well tough, sometimes that is the price of security.
    • Re:ORly? (Score:5, Insightful)

      by tyler.willard (944724) on Saturday July 29, 2006 @04:12PM (#15807173)
      Ya RLY. Too easy? At ring 0 *everything* is, and should be, visible/alterable. That's the whole point of ring 0 existing in the first place. There is another concern as well: If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products. As it stands now, SoftICE has been discontinued and sysinternals has been acquired. I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.
      • Re:ORly? (Score:2, Insightful)

        by Anonymous Coward
        It's not just a matter of not having the tools... Trusted Computing hardware allows the running of encrypted code. You'll never know what Microsoft is upto, because your own PC hardware works to stop you.
        • Yes, this is certainly something to be concerned about, but there are a lot of obstacles, some that involve hardware, that don't rely on encrption.
      • by Anonymous Coward
        Dogs are eating dog food.
        Cats are eatin gcat food.
        Bush is doing something stupid.
        Shaq is eating.
        Grass is growing.
        MSFT's bill for breaking EU law went up.
        MSFT lies.
        Vista is just that... a vista.
        Linux is pwning server rooms across america.
        Ballmer is throwing chairs.
        Ballmer is cursing Google.
        Ballmer heard repeating "developers, developers, developers" from people outside his bathroom window...

        You see, the world just makes sense.

        • Israel is killing civilians.

          The US is losing in Iraq.

          Tony Blair is sucking Bush's dick.

          Pam Anderson got married again - to the same guy.

          Mel Gibson is drunk and spewing anti-Semitic crap.

          Yup - a normal day in the neighborhood.

      • There is too much going on in Ring 0 as it is.. I am all for MS keeping drivers out of there.. This is where BSOD come from, hardware failure or kernel lvl drivers.

        I spend a week last year tracing the source of a intermittent problem on a new server, turned out that a antivirus products kernel drivers was leaking kernel memory at a slow rate.. After a reboot, depending on how many times a file was accessed it would just cause the systems to stop responding to requests.

        As far as I am concerned only the OS sh
        • Do tell me how you make Antivirus and Firewalls which arent on ring 0. :P
          They are there because they have to be there.
      • Re:ORly? (Score:3, Interesting)

        by Crayon Kid (700279)

        If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products.

        But how can it be done? From the Agnitum story I for one understood that it's not possible to achieve this.

        Sure, they can actually and fully deny access to low level kernel functions to every piece of software, but in that case how will certain things get done? Some stuff needs access to get it's job done. Obviously not a choice.

        Or,

        • > Or, they can just not document the API (which I get the impression is
          > what they're trying to do now), in which case people will reverse engineer
          > the software that uses it and they'll find out how what they need to know.
          > Malware writers and legit software writers alike.

          Legit software writers *cannot* reverse engineer. I think that in USA under the DMCA it is prohibited to overcome secuity measures by reverse engeenering. FIXME
          • We can and do.

            At least, we can 'clean room' reveng.

            You do it with two people. One pokes around and takes notes. The other implements based on the notes. The DMCA doesn't prevent this as long as there is a non-infringing use of the protection bypass (i.e., writing drivers)
        • by Cylix (55374)
          A conversation overheard between Ring0 and MSFT

          "I'm going to show these people what you don't want them to see. I'm going to show them a world without you... a world without rules and controls, without borders or boundaries. A world... where anything is possible. Where we go from here is a choice I leave to you."

          Ok, sounded cooler in my head... it's still moderately funny though :P
        • "'If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products.'

          "But how can it be done? From the Agnitum story I for one understood that it's not possible to achieve this."

          DRM. Once the CPU vendor and OS vendor are the only people with total control over computers, the computer s will only do what said vendors allow them to. Or at least that's the way they think it should be.
        • *sigh*

          The user is supposed to know what is legit and what is not.

          Honestly, there are a number of people out there who simply should not be using computers - or at the very least, not running with Administrative privelidges. This is not an elitist thing. This is a training and intuition thing.

          I mean, phishing sites pretty much THRIVE on people not checking the URL in a link - something that just comes naturally to those aware of the issue. Viruses are spread not by using insecure software, but by opening
      • > I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.

        Just the more reason to ditch unaudited proprietary operating systems, and use something more open. OpenBSD's aproach to security is much better than Windows + 100 (potentially buggy) commercial "security" apps. And it's free.
      • I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.

        Prorammers have long understood that, especially at the kernel level, the only way to understand what's happening down there is to study the source code (and, in some cases, the machine code that it compiles to). Anything else is at best a summary, and at worst a parody of what's really going on.

        Face it, with a binary-only kernel, t
    • Re:ORly? (Score:2, Insightful)

      by staticsage (889437)
      The only problem is no matter how many "are you sure this is OK" boxes you throw at some people, they will still blindly click Yes...
      • They click yes until it is tech support trying to get them to click yes. Then they click on everythng but yes.
      • Re:ORly? (Score:3, Interesting)

        by Traiklin (901982)
        and I know first hand how easy it is to.

        I decided to try out vista one time and it installed and ran perfectly fine on my computer, the only drawback to it was EVERYTIME I wanted to open a folder or program a window would pop up asking me if I was sure I wanted to open it (apperantly Microsoft doesn't even trust themselves cause I was opening Windows Media Player 11 when I got the most windows) after about the 20th popup window asking me if I wanted to open a file I knew was ok I just started clicking ye
      • Re:ORly? (Score:3, Insightful)

        by cheater512 (783349)
        And the more boxes you throw at them the less likely they are to read it.

        /me makes a automatic 'Yes' clicker and sells it for $10.
      • To keep bots from utilizing forms on my web pages I use a captcha. Similarly, to prevent mindless clicking of the "Yes" button, maybe there should be a captcha. For more dangerous tasks, force the user to demonstrate knowledge of what they're about to do by asking them a question about it. " You're about to run a script you downloaded from the internet as root. What is the root account? a) A plant that grows in southern brazil. b) An account at the IB where my taxes are calculated. c) A user profile that
    • I think Microsoft's patch is a step in the right direction. It is simply too easy to spy on the user and hide the driver under the current system.

      Well, it would be great if it were not so easy to circumvent. Typical of M$ "security", this change is just another inconvenience to the legitimate user.

      • Re:ORly? (Score:3, Interesting)

        by werewolf1031 (869837)

        Typical of M$ "security", this change is just another inconvenience to the legitimate user.

        This isn't about inconveniencing the legitimate user. It's about inconveniencing the legitimate developer. The black-hat hackers will still get in once they figure out ways around this, and since the legit devs will be locked out by no-reverse-engineering laws, the legit users will be forced to rely on MS and only MS for security. It's another win for MS monopolization in the guise of "enhanced security".

    • Did you even READ the article?

      This is not in the least about more "are you sure this is OK" boxes, as you suggest. No amout of "are you sure this is OK" boxes makes any difference. Instead of popping up an "are you sure this is OK" box, Microsoft simply forces Windows to BlueScreen and die.

      This is not about "anti-virus software has to be updated", as you suggest. Microsoft has completely locked out any reasonable means of updating the security software. The article says that the only avilable route for secu
  • by The Real Toad King (981874) <toadking@toadking.com> on Saturday July 29, 2006 @03:57PM (#15807103) Homepage
    By making its kernel and software more closed, they're just locking out new developers and applications. If they keep this up, Windows may only be able to run Microsoft Software.
    • If they keep this up, Windows may only be able to run Microsoft Software.

      This is precisely what they're looking to do, and it would appear as if their short-term vision has completely blinded them to the long-term consequences of what they're doing. I wish them all the success in the world with it.
    • by RightSaidFred99 (874576) on Saturday July 29, 2006 @04:03PM (#15807135)
      They're not locking anybody out. It's silly to think that developers should have full access to every single internal structure or API call. It's called "bad design principle". It means they can't change things internally.

      The real problem may just be limitations in the API they _ARE_ providing. That's fine, work with them on it. Don't whine that their internal structures and kernel level calls are changing - you are NOT supposed to use those anyway.

      • It is *not* a bad design principle. By their nature advanced utility and security products need to have total access. Malware authors aren't going to limit themselves to the official apis. Unless of course you are of the opinion that they will make this absolutely bulletproof and there won't be any exploits to worry about....
        • by CodeBuster (516420) on Saturday July 29, 2006 @04:56PM (#15807352)
          Ok, fair enough, but to what extent is Microsoft liable if your attempted hacking, even if your purpose is noble, results in damage to the kernel? If you use a product or modify that product in a way that the manufacturer never intended then how can you say that it is the fault of the manufacturer that your modifications, hacking, or misuse cause the product to fail? The malware writers will of course do what they want and the anti-virus writers have made it their business to try and stop them. However, the anti-virus writers must accept responsibility for their own products even though they don't fully control the underlying system...that was part of the risk they took when they got into the business.
          • They aren't liable. This has been going on forever. I'll grant that they do get bad PR. E.G., most BSODs (fatal exception in ring 0) tend to come from third party drivers but MS gets gigged for it. As far as taking a risk "by getting into the business", this is irrelevant. Again, utility and security products are a special case in software. For years, Redmond has worked closely to assist these companies with whatever kernel hackery was needed. Now they're getting into the game themselves and restrict
      • by kripkenstein (913150) on Saturday July 29, 2006 @04:42PM (#15807284) Homepage
        They're not locking anybody out. It's silly to think that developers should have full access to every single internal structure or API call.

        Fair enough. But, consider this: do you really believe that developers of Microsoft security products (firewall, antispyware, OneCare, etc.) will NOT have access to whatever API they ask for? That if they need access to one, a technical solution will not be devised?
        • do you really believe that developers of Microsoft security products (firewall, antispyware, OneCare, etc.) will NOT have access to whatever API they ask for? That if they need access to one, a technical solution will not be devised?

          I have a friend that was working on the transactional file system for Vista and I asked him a similar question regarding undocumented APIs. Hi answer was two-fold.
          Part 1 of his answer was that normally if a developer requires access to a system process that is not currently e

      • by grcumb (781340) on Saturday July 29, 2006 @06:51PM (#15807708) Homepage Journal
        "It's silly to think that developers should have full access to every single internal structure or API call. It's called "bad design principle". It means they can't change things internally."

        WTF? I understand what you're getting at, but please think about what you've just written for a second.

        It's not at all silly to give developers full access to your system internals, as long as you're clear about the repercussions of using them. In fact, there's a whole bunch of developers using this stuff called FOSS, which is based entirely on this principle.

        I know, I know; your point is that if developers depend on a certain implementation, then the vendor is forced to continue supporting it forever, which, according to your reasoning, leaves them with no further room to grow or innovate. Unfortunately, that perspective is just bollocks. FOSS developers deal with this every day, and they've found a perfectly workable process:

        Supported APIs are marked as such. Deprecated APIs are marked, too, with the clear warning that past this version, you're on your own. Unsupported interactions with the internals are marked - not fenced, but simply labled Here Be Dragons. You're welcome to venture there if you want, but don't go asking for help if something goes wrong. Most developers benefit from a better understanding of how the whole system works, and can in fact suggest or offer improvements in upstream functionality as well as better implementing their own.

        I'd be fascinated to know why you think that things are somehow different for Microsoft than they are for IBM or Novell.

      • It's silly to think that developers should have full access to every single internal structure or API call.

        "Tenet 6. APIs. ...Going forward, Microsoft will ensure that all the interfaces within Windows called by any other Microsoft product, such as the Microsoft Office system or Windows Live(TM), will be disclosed for use by the developer community generally."
        http://www.microsoft.com/presspass/newsroom/winxp / windowsprinciples.mspx [microsoft.com]

      • "They're not locking anybody out. It's silly to think that developers should have full access to every single internal structure or API call. It's called "bad design principle". It means they can't change things internally."

        Unless of course your code is INTENDED to function as part of the internal structure. That is why everyone should have access to every internal structure and API call. There is no reason that microsoft should be the only ones able to add filesystems to windows for instance. Or to hack on
    • Locking out all but trusted software and hardware (maybe), you claim? Egads, this sounds a whole lot like the Apple plan: "If they HAVE to buy everything from us, we'll be rich." MS would never lock out competition. As [pieterh] pointed out (though they were trying to insult MS at the time), encouraging others to dump billions into development has saved MS money in the long run, plus they reap the rewards. If the platform is stronger, more people will buy it, write for it, etc. The user experience is grea
      • Apple may be bundling software, but the difference is that the user is _totally free_ to use competitor's software. I use other browsers, other word processors, and other multimedia software than those supplied by Apple alongside their products. Competitor's software is not crippled. Yet you have no problems defending Microsoft trying to make everybody use only their software. Microsoft was _convicted_ of anti-trust violations in the US and Europe (and is being investigated in other regions too) not bec
        • Microsoft never made it difficult / impossible to install a 3rd party media player on any system they've ever made. Nor did they do that with a browser. That's the line fed by money-grubbing anti-trust lawyers to uninformed users.

          The primary argument the ACTUAL anti-trust lawsuit was based on was that Microsoft was leveraging the dominance of one product to the advantage of the other, giving it an "unfair competative advantage". The fact that Windows Media Player came pre-installed made paying for a prod
          • Just transfering unencrypted files to and from an iPod constitutes a crime (according to Apple legal) if you aren't using iTunes. //technically// using the Windows Explorer to do so is a violation of the "terms and agreements" you apparently agree to when you buy an iPod.

            You can cite that, right? Because there aren't any "terms and agreements" governing the use of an iPod, disk mode is an advertised feature, and breach of contract is usually a civil offense.

    • And that would make Microsoft rather happy. Being able to run ONLY microsoft, and then get useres on the 'lease plan' ( remember their 'free PC' concept? ) to insure a perputual income.
    • If they do that then we are back to the same issues that got them in trouble with IE. AND they would be violating the Anti-Trust settlement with the DOJ. Only MS having the ability to write software that operates at the highest privelege level is a monopolistic practice. Then again it may force more people to Linux and the *NIXs of the world which could be good. Don't give me the typical stupid /. reply of there being a Republican in the White House and thus it doesn't matter what M$ does. It matters a grea
      • Only MS having the ability to write software that operates at the highest privelege level is a monopolistic practice.

        I never quite understood why they can't be allowed to do whatever they want with their own software. Don't like it? Don't buy it. Very simple.

        If I, John Doe, write a program right now and warn potential users that upon running it will find and delete competition software, what would happen? People either wouldn't install it, or install it knowing what will happen. Very simple.

        But because Mic

        • But because Microsoft is already big and Windows is all over the place and people are already using it, they can't be allowed to do this. That about sums it up? No, because they are under DOJ orders to allow other folks software to INTEROPERATE. What they are doing will make software from folks like Anti-Virus and Spyware unable to do that, just like back in the days ( you ARE old enough to recall the 1990's right?) of the Netscape vs IE issues. When you hold an incredibly dominating position in the market


    • As I've said before, Microsoft's biggest resources are Huey, Dewey and Louie (Marketing, PR, and Sales).

      They have two tasks before them right now: Vista. That seems like one, but it's two. First, there's the standard upgrades and new machine purchased as well as any corporate issues. Secondly, and far more importantly, they're going to try and pry corporations from sitting pat. There's a lot of corporate licenses which are still running Win2K, both server and terminal, Visual Studio 6 (+SP6), SQL 200
    • One more step towards world domination
    • By making its kernel and software more closed, they're just locking out new developers and applications. If they keep this up, Windows may only be able to run Microsoft Software.

      Whereas now, Windows can run all sorts of software. For example, you can run all sorts of office software - MS Office, and... umm, well, how about web browsers, there is IE, and some other thing with 10%... multimedia-wise, you can run WMP, or... well, there must be something I'm forgetting.

      Seriously, though: this is how Micro
  • by Vampyre_Dark (630787) on Saturday July 29, 2006 @03:58PM (#15807108)
    Microsoft has actually been bending over the backwards to help the anti-virus companies properly integrate their products into the new windows Vista. The problem comes from miscommunication. Billy is using his new speech-to-text program for all correspondece.
  • by pieterh (196118) on Saturday July 29, 2006 @04:00PM (#15807120) Homepage
    So how does this fit with Microsoft's 12 Windows Principles [microsoft.com]?

    Oh hang on, nowhere in those principles does it mention anything about giving competitors open access to Windows systems. Maybe this one:

    "Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for application developers and Web site creators to build innovative products on the Windows platform -- including products that directly compete with Microsoft's own products."

    Translation: We love products that compete with us, so long as they run on Windows, because it just means you're doing the R&D work for us. Hey, that's how we got to be so large, by taking ideas from other people, so why stop now?
  • Better Summary (Score:5, Insightful)

    by RightSaidFred99 (874576) on Saturday July 29, 2006 @04:01PM (#15807127)
    "Our software doesn't work, we're pissed."

    They are basically saying that they want the existing weak kernel model to continue to be supported because at least it allows them to do things they way they have been for a long time. This is, of course, stupid. It's like my locksmith not wanting me to get a new door because his equipment won't work with it, even if the new door theoretically provides the basis for better security long-term.

    I'm not saying the new intercept model is great, I'm saying the answer isn't "leave it like it was". Instead of whining, why don't they engage Microsoft and figure out what exactly they need. Regardless of what your average wanker things, Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.

    • Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

      Despiste all the improvements about user security, firewall etc... I don't think that any serious company will try to sell a new PC with Vista and no antivirus at all.
      • Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

        http://www.microsoft.com/whdc/driver/kernel/64bitp atch_FAQ.mspx [microsoft.com]

        From the FAQ:

        [snip]
        Q. Patch protection prevents my application or driver from running. What are my options?
        A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with
        • From what I've seen with beta drivers in Vista, it tells you explicitly what driver caused it. "nVidia Display Driver has attempted to alter and possibly destabilize your system" and then the driver is (somewhat glitched) stopped. Definitely more friendly than old school BSODs. We shall see how the final Vista plays out.
      • Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

        An interesting sentiment, but look at it from the perspective of Microsoft. They have built a system which they are bound to support, but for which they have not provided certain features that may be needed by certain types of software, namely kernel hooks and the like, because these types of "features" are availab
      • Microsoft shouldn't make it a priority to contact anybody regarding these issues. Software vendors are responsible for whether or not their programs work properly. If they need Windows to have certain capabilities that it doesn't appear to, then they need to make contact with Microsoft. At that point, Microsoft should either explain how such a thing can be done, or explain why such a thing shouldn't be done, or make it possible.
    • by Sycraft-fu (314770) on Saturday July 29, 2006 @04:34PM (#15807260)
      Prrogrammers are lazy, that's just how it goes. I remember all the Strum und Drang over Windows 2000 and it's new audio model. Basically, MS did a revamp of how audio was handled in 2000. It's a much better model. However it was different from what the pro audio companies were used to so they cryed about it. I had a $600 10-channel pro card at the time. When 2k came out, I wanted to switch. However they had no 2k drivers, you had to install the NT drivers which did work, but were a pain in the ass. They said "There will never be Windows 2000 drivers, 2000 is unsuited to audio."

      What they were worked up about was the kernel mixer, a subsystem that introduces 30ms of latency to audio. Now of ocurse this isn't a problem, first because the drivers are aware of this and do time compensation so it only matters for live sound-on-sound recording (meaning you are playing something that a musician is listening to and recording what they are doing) and you can bupass teh kernel mixer anyhow.

      Well finally they figured that out (it's in the documentation for the new driver model) and they released a driver... That only supported 2 channels of the 10 on the card. They claimed that the new driver model didn't support more than 2 channels on a card. I e-mailed MS about this and I think they were sufficiently supprised by the stupidity of the question that they responded. they pointed out that not only could they enumerate the device as multiple 2-channel devices (as you had to do in Win98 and NT since they only supported 2 channels) but WDM could handle real multi-channel devices as well.

      Some e-mails back and forth with the company and finally they came out with a functioning WDM driver for their card. These days, their cards have ONLY WDM drivers available, they don't support 98 or NT anymore. However it was like pulling teeth to get them to learn the new method of doing things. Not because it was worse, it's not, but because they just wanted to keep doing things how they had in the past.

      I'm sure that's basically what this is. MS has changed the way things work, if it's better or not one can debate, but it's not to screw the AV companies over. They are just being whiny because they don't want to have to change the way they do things.
      • Excellent point. I had the same problem with my pro audio hardware. I remember how "Windows 2k was just not for audio" and that "there were never going to be wdm drivers" for certain hardware. Today, wdm is a terrific way to drive audio cards, allowing for more channels, less latency and better all-around performance. Just because the lazy programmers finally had to bite the bullet. I remember being told by several vendors that Win2k and WinXP were not going to be any good for audio production and that
    • I stopped reading the article after these morons complained that that can't use a 32bit function pointer to 32bit code to hook kernel calls in 64bit Windows...
    • No, it's not that simple. They're pissed because MS is dictating how the should design their products. Furthermore, they're doing it with an attitude of "yeah, you used to do this directly, but now you'll have to trust us to give it to you....maybe.". You can still have a robust kernel and have third parties able to interract with and extend it, take Linux or BSD for example.
    • No, it's like Locksmiths petitioning the state not to mandate that only one type of "new secure door" be used going forward, the specs of which will be kept a state secret.
    • You use the wrong example for the locksmith. It should be this is like your locksmith rekeying the locks on your house with a special key that only they can produce and you must get from them. This is much like the automakers did with "smart" keys. It used to be if you needed an extra car key, you could get a copy made for a dollar or so. Now, you have to go to the dealer and pay $35 or more, depending on make or model.

      Has the "new" car key approach made it harder to hack or steal cars, no, just more of
    • Our software doesn't work, we're pissed. ... Instead of whining, why don't they engage Microsoft and figure out what exactly they need. ... Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.

      You must have read a different report. The one I read said that Microsoft was broken and they won't let anyone fix it. The M$ security model was easy to circumvent and that circumvention was the only way to get what they need to watch out for all the dirt b

    • No, it is a lot more like the locksmith telling you to get a new door, one that you can only get keys from him, because it has better security, and it looks pretty.
    • I tried to use Norton in one of my applications. It would have been very nice to be able to scan a user provided file with an antivirus application, but I couldn't find an API. All I was looking for was something like Microsoft Word had -- for a given user file, scan it and tell me if it is infected or not. Symantec wouldn't provide any information "for security purposes."
  • by LaNMaN2000 (173615) on Saturday July 29, 2006 @04:10PM (#15807164) Homepage
    Mirosoft started treating device driver that were not 'certified' for Windows XP differently in the installation process. the certification process is expensive and I have had numerous drivers that generated warning prompts because the manufacturers did not pay the Microsoft tax. I had a feeling that it would only be a matter of time before Microsoft created its own 'digital signature' like process for certifying system or application software.
    • by gnuman99 (746007) on Saturday July 29, 2006 @04:34PM (#15807263)
      It is called "Designed for Windows" program. Yes, applications have to be signed. And yes, you have to send a copy to MS so they can verify if you follow guidelines when they get 1000s of core dumps from your application. Or complaints about spyware and crap.

      http://www.microsoft.com/winlogo/default.mspx [microsoft.com]

      Yes, it costs money because you have to buy a digical certificate from Verisign. And send the software on a CD to MS, so a postage stamp there too.

      And yes, MS will probably start treating software from unknown vendors differently than those that have registered. But afterall, how can you blame them with all the spyware screensavers and other crap.

      We already see digital signatures in Linux like Debian. Untrusted repositories get flagged as "WARNING!! Untrusted source. WARNING!!". Microsoft should be doing the same to protect its user base.
      • by bogado (25959) <bogado.bogado@net> on Saturday July 29, 2006 @05:37PM (#15807497) Homepage Journal
        If the user can choose on who he trusts, then it is okay. In my fedora computer I can easily install install a new source to my software and say that all packages signed by this source is okay to go in. I can also de-install a default source if they show that they are not trustworthy.

        If the windows user has the same set of choices, then it is okay, but if MS is the only one who can bless application to install or run without warnings in the windows plataform and there is nothing I joe user can do to change this, then I believe it is a problem.

        Just imagine if MS will give its blessing to all the open source software that is available now for windows. The answer is no, and the author will probably naver even ask for such bless for the simple fact the it will cost money. Now if the windows user could just say to his system that the software package with the signature of that John Doe who happen to signs all kinds of open source software and distributes them in his site, then it is fine. Just like I can install software from Livna that packages software that redhat simply don't want, and will never do, to distribute due to legal problems.
    • In fact in Win64 from Vista on up, unsigned kernel-level code cannot be installed [eweek.com]. You need to use a not-cheap signature from a trusted authority.

      This is one of the holes in the Agnitum Whine Paper - they ignore the fact that the code they say could easily hack past the patching would have to be signed, which presents serious problems for a hacker.
  • by r00t (33219) on Saturday July 29, 2006 @04:19PM (#15807202) Journal
    Binary patching a kernel is just plain wrong. It's an unstable hack.

    You're supposed to patch the kernel source and recompile. Oh...
  • Simply by unleashing Vista on consumers, Microsoft created a two billion dollar software industry to secure that product.

    If AV makers can keep 60% of that total among themselves, then their own collective piece of the pie is sufficient, and they can let their marketing departments fight the other AV marketing departments for marketshare.

    Compare 5 boxes of antivirus software at Wal-Mart these days, and you see identical packaging. These companies are either used to being told what to do, or else lack origi

  • by TheNoxx (412624) on Saturday July 29, 2006 @04:23PM (#15807223) Homepage Journal
    How exactly are they going to keep up with all of the new viruses/trojans/etc released for Vista? I know it's supposed to be "so goddamn secure", but nothing's foolproof, let alone a silly little MS product.

    I dread to think how bad the current state of spyware/adware and malicious code would be if MS made themselves the end-all for anti-virus protection in XP. What a monumental fuckup Vista will be.
  • While this will almost certainly be a complete flop in terms of preventing malware from patching the kernel, it may still be a good thing for people's security.

    By far the best thing that could happen to the security of Windows would be if everybody forgot the personal firewalls, Norton Virus, etc., and used external boxes for these purposes. By the time anything running inside of Windows has a chance to try to do the job, it's too late. Windows is extremely large and complex, with myriad routes from almos

  • by Dogun (7502) on Saturday July 29, 2006 @04:28PM (#15807234) Homepage
    You can do your antivirus activites just fine using supported methods and interfaces, and it doesn't require patching kernel code.

    Filesystem filter driver. Possibly some other filter drivers. Cleaning service. Low-privilege interface. That's all you need.
  • Microsoft's New OS to Run Exclusively Microsoft Products

    October 28, 2010

    REDMOND, Wash. — Microsoft has just made a last-minute change in plans for it's newest operating system, Windows Vista.

    The operating system, scheduled for release this December, will now only run Microsoft products, according to CEO Steve Ballmer.

    "This is a very exciting time for us all," announced Ballmer. "For years, end-users have been forced to choose between products by third party developers and Microsoft. Now, t
  • by buckhead_buddy (186384) on Saturday July 29, 2006 @04:33PM (#15807258)
    While Linux, BSD, and (past) OSX developers are used to an open kernel, Microsoft has a long tradition of security through obscurity. Microsoft has also not had a problem with rolling over competitors and even collaborators with a lock-out technology when they feel they are in a position to make more money. Those arguments are common and they won't even make a blip on the conciousness of most people.

    What would really get Microsoft to pull it's greedy hands out of making "security services" the next extension of its monopoly powers? I think it would be when the Ralph Naders, and liability lawyers take Microsoft becoming the sole provider as admission of making a product with a faulty design and trying to profit from it.

    If you want to make Microsoft open it's doors and keep it's hands off the security market, then you need to make noise about this new tactic as being a tacit admission of faulty products and trying to profit from supplying the broken product and the fixes. Perhaps then, Microsoft might be eager to open the kimono for third party or independent review.
  • I'm the first to shout hooray for a secure platform. But trying to lock out what cannot be locked out isn't security, it's stupidity. Now, I know that "being secure" is just the frontend to sell TCP, but at least a frontend should hold some water 'til it's sold.

    Locking out competition by rising the cost to produce for a certain platform is a BAD idea. See IBM's Microchannel architecture for reference. And that was hardware, something you can't simply copy instead of shelling out the dough for the higher cos
    • Two core elements of a sensible security model for me is notifying the user of something he might not want done, and allowing him to turn off superficial alerts so that he can concentrate on the real problems. Now I forget what the feature is called that Microsoft implemented that is supposed to do this sort of thing, but all the reports seem to be saying that it's been flagging superficial stuff like deleting a shortcut from the desktop and I haven't been hearing reports of it catching really serious stuff
  • Agnitum Outpost (Score:3, Interesting)

    by bananaendian (928499) on Saturday July 29, 2006 @04:35PM (#15807264) Homepage Journal

    I've been using a free version Agnitum's Outpost firewall [agnitum.com] for several years now on my w2k machine and its a clever little program, far simpler and thinner than the offererings from the major players. However like any good firewall program it does require the user to make very technical decisions on network traffic permissions whenever a process tries to contact the internet. Now before I praise it for not letting a process (virus/spyware/legitware) do a thing I don't want for the last couple of years, I do have to mention a disclaimer that in addition I've got the latest security updates for w2k, a NATted hardware firewall on the router and generally secured my system according to NSA's manuals [nsa.gov].

    Unlike in a Unix environment, in Windows the basic security concepts aren't required of the user. Windows computers despite the networking or even server capabilities are still built upon the philisophy of Personal Computer where the user has total control but also total responsiblity for what the software does. Microsoft's attempts to somehow augment security on top of this flawed concept is not going to succeed and in fact seems to be going the opposite way. Certainly my w2k box is easier to make secure than XP with its 'security improvements' and it seems Vista will make it impossible for the user to secure the computer that he's supposed to own and control.

    Sadly I will try to stick with poor old w2k as long as possible but eventually I might have to resort to going the OSX way...

    • Windows computers despite the networking or even server capabilities are still built upon the philisophy of Personal Computer where the user has total control but also total responsiblity for what the software does. Microsoft's attempts to somehow augment security on top of this flawed concept is not going to succeed and in fact seems to be going the opposite way. Certainly my w2k box is easier to make secure than XP with its 'security improvements' and it seems Vista will make it impossible for the user to

      • Sane post regarding Windows spyware on Slashdot shocker!

        You're completely correct, Windows should not be blamed for the programs that run on it or the people that made them. I could bet you that if there were spyware for Linux then it wouldn't be the KDE/Gnome/kernel teams who would get blamed :)
  • Hah (Score:1, Insightful)

    by flimflammer (956759)
    I love these controversal subject names. Really gives you that "We hate Microsoft and are damn well proud of it!"

    The title just smells of "We dont like other anti-virus makers and want to block them", when the real subject is more "We're securing our kernel better than before, making it harder to dig into things people shouldn't be. Work around the changes in our internal api if you want to continue doing the things you do."

    I see this as nothing more than making a mountain out of an ant hill.
  • have been modded -1 trolls

    nobody may have ever been fired for buying microsoft product

    but nobody has ever been modded down for flaming Microsoft on slashdot

    for fuck sake people have been bitching at m$ to secure the kernel better in future windows versions now they do and they are locking out the competition. If I was m$ i'd be really bummed out by this until I looked around and saw my huge piles of money laying around all over the place then I would be feeling ok again.
  • This is MS's OS. They do not give it to you or the anti-virus company. It is leased to you. That means that MS owns it and all the data that they claim that they own (i.e. the data that you produced on their OS). If they want to lock out anti-virus companies, I do not understand where the issue is. If these companies do not like it, then they should consider a new line of work on a different OS.

    Sad to say, but there really is no need for anti-virus on other system. Yes, I know that Virus do occur on Appl
    • > It is leased to you.

      No, it is licensed.

      > That means that MS owns it and all the data that they claim that they own (i.e. the data that you produced
      > on their OS).

      They do not own content produced from the OS, if this was the case no company would use Windows... you're implying that if someone wrote a program underneath Windows, that Microsoft would own it. If you think this, you're completely ignorant.
      • Read MS's EULA. If you use the OS, then you agreed to it.

        What I keep in mind is that the current ppl in control are very motived to find more money for themselves. MS and Hollywood are LOADED, and appear to be happy to spread it.
    • As much as I dislike MicroSoft, I have to agree with you, which is why I can't figure out why companies still write software for Windows. If you do, and your product is reasonably successful, there are only two options for your future: 1) you'll get bought out by Microsoft, or 2) Microsoft will come out with a competing product and put you out of business. This has been obvious since Microsoft came out with Windows 95 and all but killed Novell. Personally, I think they were just about ready to do the same t
      • Actually, MS tried to buy Intuit, but the feds said no. Then the net and Linux got in the way of MS being able to kill them outright. Now, MS Money is bigger than quicken. The only thing keeping Intuit going is TurboTax.

        I taught at TT back in '98(or 99). I saw a running version of TT on Linux (I was not really suppose to talk about it, but it was more than 5 years ago). Apparently, the sales ppl fought doing it on Linux. Sad. I suspect that MS pays off a LOT of sales ppl.
  • ... that Micro$oft is not capable of providing a properly secure system.

    Programs running in userland should not be capable of modifying ANY part of the system.

    The only time that system files should be even capable of being modified is when the system's administrator / root user is logged in with root/admin permissions - and then ONLY the root user should be capable.

    Why should a program running with the permissions of a user be capable of performing as if it had permissions of an administrator?

    The kernel sho
    • In Vista, programs normally run without admin privileges even when you're supposedly logged on as an administrator. It's much like OS X's handling of administrators, though not at the technical level (NT has no setuid).

      The problem is that Microsoft is preventing certain things from happening even when you *are* running as a trusted user. In Vista 64, you *cannot* load an unsigned kernel driver, even if you are a maximum-privileged user mode program. This is retarded, because such a user mode program can
  • This new kernel patch protection should be viewed as safety against badly coded legitimate drivers, not security against a rootkit.

    Rootkit authors are some of the best programmers and reverse engineers in the world. Does anyone *really* think that rootkit authors won't find a way around ci.dll? Even Vista 64's requirement that all kernel drivers be signed is a real joke. As long as it is possible to write to \Device\Harddisk0\Partition0 (NT's /dev/hda) from user mode as administrator, a rootkit can simpl
  • It's like an elemental system in an RPG. Windows is weak against hacks, but strong vs. clueless users. Unix variants are weak agains end user sympathies, but hardened against hackers and what not. Throw Linux at a clueless user or force a unix guru to use Windows and you're likely to kill maim or outright destroy them both. I guess Macs could be considered the "non-elemental" kills-all system. it really is like a game, but it's too bad it really isn't any fun at all.
  • >> we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers

    Go ahead and use them. Going by how long it normally takes Microsoft to respond, you've probably got at least 6 months before they close the hole you use, and MS don't know how to write secure code so there will always be some hack-attack you can use.
  • It seems to me that just about everything you hear about in the news lately seems to fit the theory that MS is actively *trying* to get people to go over to OSX. WGA, AV vendors being stonewalled, licensing issues, etc. MS is in a dominant position now greatly because of piracy of their product, even Bill Gates admitted to that years ago. But what happens when it's no longer possible to easily pirate windows?

    Large corporations will put up with it more than an individual user will, but what happens when t

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Working...