RealTime IT News

Vista's PatchGuard Bypassed?

A security vendor announced it has found a way to bypass a controversial security measure in Microsoft's upcoming Vista operating system.

Florida-based Authentium said it can't wait until the software giant provides an approved path to Vista's walled-off kernel.

The announcement is the latest chapter in a long-running battle between Microsoft and vendors, such as McAfee and Symantec .

The companies believe the software maker is dragging its heels on giving kernel access, giving Microsoft's own security offerings an unfair advantage.

PatchGuard, already available in the 64-bit version of Windows XP, won't be available for Vista until November, when Microsoft is set to first release the operating system.

When a breach of the kernel is attempted, PatchGuard causes systems to lock-up, displaying a blue screen.

Authentium says it has found a way around PatchGuard, enabling it to offer customers earlier access to its platform that includes firewall, antivirus and other security features.

While Microsoft said it will work with security vendors to create agreed-upon hooks into the kernel, the process could take months, a delay Authentium said it couldn't tolerate.

"We are not in the business of standing still," Corey O'Donnell, vice president of marketing for the Palm Beach Gardens, Fla. Authentium. "Hackers aren't going to wait," he told internetnews.com.

The company said its ESP Enterprise Platform includes the bypass, which disables Vista's security, launches the Authentium product, then re-enables PatchGuard.

O'Donnell said PatchGuard's security is trivial.

"It is a deterrent to mediocre hackers" but not likely to stop others, O'Donnell said. Indeed, other vendors have said PatchGuard has been defeated.

The bypass of PatchGuard "demonstrates it can be done and will be done," O'Donnell said.

Microsoft said PatchGuard "is not a silver bullet, rather it's part of a defense-in-depth approach to making Windows Vista more secure," a spokesperson for the software maker told internetnews.com in an e-mailed statement.

The company said it was aware of ways to subvert the kernel protection and has patched them in current builds of Vista. It said no ways to subvert the security exists now.

The news brought the ire of Microsoft, which sees improved security a major selling point for Vista. Responding to the claim PatchGuard was defeated, Microsoft said bypassing PatchGuard put Authentium users at risk. The software maker said holes in PatchGuard would be patched, leaving security vendors that went around the Microsoft wall out in the cold.

Bypassing PatchGuard puts "customers at risk by developing approaches to try to bypass Kernel Patch Protection (PatchGuard) and as a result, reducing the security of Windows," Microsoft said. PatchGuard will issue a security patch closing any loopholes.

"We hope it wouldn't come to that," O'Donnell said. However, the security company would change its software if Microsoft did remove the route into the kernel.

Symantec, which has fought with Microsoft over access to the Vista kernel, rejected the idea of its security software bypassing PatchGuard.

"We feel it is much better to work with Microsoft on these issues, as opposed to against them, as we've done for year," Chris Paden, a Symantec spokesperson, told internetnews.com.

Symantec will not risk its users being crashed by PatchGuard, according to Paden.

After arguing Microsoft was not answering its concerns, Symantec said preliminary discussions "are an encouraging step in the right direction." Last week, Microsoft met with Symantec and other vendors to iron out the issues over kernel access.

Authentium said Microsoft's current discussions over security measures in Vista "is like a debate against one party." Microsoft's focus is on software, not security.

O'Donnell said security vendors aren't telling Microsoft how to write software. "We'd say never start the machine." Likewise, Office, Vista -- those priorities run counter to security, he said.

However, Authentium said it isn't Microsoft's foe. The company told the software giant weeks ago how it bypassed PatchGuard. Microsoft and Authentium technicians still hold weekly meetings.

"We've got Microsoft's back, O'Donnell said.