Sunbeltblog comments
I'm still confused. I hear both sides of the argument; there is a lot of noise, but little facts:
1. All these malware threats that they say Patchguard leaves exposed, are they saying these threats today can compromise a patchguard-protected Vista or are they saying theoretically, new threats can break in to the Vista kernel?
2. Are these security vendors so stupid that hackers can attack the Vista kernel but they (the security vendors) can't get in except thru the front-door? If this is true, then security vendors will always be slamming the barn door shut after the hackers have already stolen the horses.
3. What's the story with Mac OS and generic Linux OS? Do they allow access to the kernel carte blanche or do they have "patchguard" like protection? Let's get a level playing field and talk about what is current state of technology in all OS, not just Vista.
Is Microsoft really doing something more secure that no one else has done and security vendors are crying, or do other vendors already lock down their kernel or do they provide front-door security API's that allow everything the security vendors want in Vista?
"Microsoft has agreed to provide code so that software companies can provide their own security add-ons to its Vista operating system." http://news.bbc.co.uk/2/hi/techn...ogy/
6058512.stm
I'm still confused, too.
My take is that Vista64 is the beginning of the kernel lockdown that must take place for PC-based DRM to be trusted by Hollywood. It's not just a case of protecting the kernel from *malicious* software. Microsoft has to approve every piece of kernel code and okay what it does.
A completely non-malicious driver that ran in the kernel and grabbed digital audio would be a disaster for Microsoft, because it would allow users to copy unprotected audio. Microsoft's entertainment partners would refuse to release content that could be used on the PC platform, which would destroy a lot of Microsoft's future plans.
Symantec's concern is that "has agreed to provide" is a promise for the future by Microsoft; there are currently no public APIs for this. Also notice that Microsoft is *not* saying they will allow Symantec kernel access. They are saying they will create APIs that let Symantec do what they need to do without being in the kernel.
Commenting by HaloScan
