Security Firm Bypasses Patch Guard 122
filenavigator writes, "This week the security firm Authentium found a workaround for Patch Guard, the security feature Microsoft has embedded into the 64-bit version of Windows. It is supposed to keep out unsigned drivers, kernel modifications, and security company competitors. With Authentium's workaround it can be turned off, software installed, and turned right back on. Microsoft immediately responded by saying their reckless ways are endangering the security of Windows users and that they will disable this hack quickly."
Nice Anti-Microsoft blurb - good job, editors (Score:5, Informative)
Uhm. Yes. According to -some- security company competitors whose entirely livelihood depends on Windows being as insecure as it is? Certainly not according to Microsoft itself.
"Microsoft immediately responded"
really?
Microsoft doesn't respond anywhere in that article. In fact, page 2 (yes, it's one of THOSE articles) specifically reads:
"Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move."
So where -did- they respond?
"by saying their reckless
and that whole article doesn't contain the word 'reckless' at all. So where did they say this, again?
Mind you, the article itself is in error when on page 2 it states:
"Next Page: Microsoft defends itself."
And when you get to page 3, you get:
- a symantec spokesperson
- an industry watcher, possibly:
- Andrew Jaquith of Yankee Group
But absolutely no Microsoft. So where is Microsoft defending itself?
Don't get me wrong, I think PatchGuard probably has more holes than a slice of Swiss cheese... but the submitter's text needs redacting, and the original article could do with an -actual- statement from Microsoft.
Re:Reckless? (Score:3, Informative)
Re:Wayback Machine... (Score:3, Informative)
Sure, 64-bit means a memory cap so high it is very unlikely you will ever reach it, but what is the highest one machine is going to have? 8GB? 16GB? Even with that much memory, a paging file can sometimes increase performance. It may be because of architectural design faults. At one point Linux would run faster with a Swap-FS on a ramdisk than with no swap at all. (I'm completely unaware of when or if that has changed.)
Biased story submission, (Score:3, Informative)
But the article reads differently. "Microsoft representatives didn't immediately respond to calls seeking comment on Authentium's move. O'Donnell said that Authentium has informed Microsoft of its work, and that the software company asked it to abandon the tactic and wait for its new APIs
Unsigned drivers necessary for now (Score:2, Informative)
Re:thoughts on patchguard (Score:3, Informative)
Nope,
I can build my Linux kernel without module support. Your module is not going to get loaded.
Enjoy,
Re:MS PhotoEditor will outperform Adobe by 100x (Score:5, Informative)
PatchGuard is only there to discourage apps that hook the syscall table (an inherantly unsafe operation) and make other modifications to the kernel's private, volaitle internal interfaces. When Windows NT was written, the MS devs never expected 3rd party devs to go poking around with the kernel's private interfaces, and are rightly disgusted when those 3rd party software programs cause problems because of it. Compare this to Linux: you are free to maintain your own custom build of the kernel, but in the mainline, all the kernel interfaces are so volaitle, every minor revision is binary incompatible with the rest. You'd never get a device driver accepted into the mainline if it depended on private interfaces that break every revision, even on a source level. Microsoft is well within their prerogative to make changes the Windows kernel's internal, private interfaces. This doesn't work too well when 3rd party apps are dependent on them never changing, especially when Windows crashes because of it. PatchGuard is a technical speed bump to make it harder for 3rd party software companies to screw with the kernel's internals. Microsoft knows that it's an unwinnable arms race [msdn.com], but hope that the 3rd parties will decide it's just easier to stick to the kernel's public interfaces. Microsoft is willing to create new stable public interfaces to support the necessary behavior.
The only thing I can think of that you might be talking about for reduced performance is if you meant no intermediate buffering when you said "direct disk write". The FILE_FLAG_NO_BUFFERING and FILE_FLAG_WRITE_THROUGH [microsoft.com] buffering options are unrelated to direct disk access (which actually means bypassing the filesystem to access the block device directly). Write through and unbuffered IO aren't going anywhere.
As for special hooks that MS applications get into the OS that no one else gets, how about an actual example?
Re:thoughts on patchguard (Score:3, Informative)
Eivind.
The Microsoft statement is behind the other link (Score:3, Informative)
Perhaps this link was added to the slashdot summary after you posted your comment for all I know, but the slashdot summary that I read had two links, and I found that statement quite clearly after following the first link [intelliadmin.com]. About the 13th paragraph down in that article states, complete with the additional link that I've included here:
So no points for grammar in that sentance (which I copied verbatim), but it seems to explain quite clearly what the Microsoft criticism is. That second linked article begins with the paragraph:
...and goes on for quite a while. Is this the statement you meant?