Vista’s PatchGuard Bypassed?

A security vendor announced it has found a way to bypass a controversial
security measure in Microsoft’s upcoming Vista operating
system.

Florida-based Authentium said it can’t wait until the
software giant provides an approved path to Vista’s walled-off kernel.

The announcement is the latest chapter in a long-running battle between Microsoft and vendors, such as McAfee and Symantec .

The companies believe the software maker is dragging its heels
on giving kernel access, giving Microsoft’s own security offerings an
unfair advantage.

PatchGuard, already available in the 64-bit version of Windows XP, won’t be
available for Vista until November, when Microsoft is set to first release the operating system.

When a breach of the kernel is attempted,
PatchGuard causes systems to lock-up, displaying a blue screen.

Authentium says it has found a way around PatchGuard, enabling it to offer
customers earlier access to its platform that includes firewall, antivirus
and other security features.

While Microsoft said it will work with security vendors to create agreed-upon hooks into the kernel, the process could take months, a delay
Authentium said it couldn’t tolerate.

“We are not in the business of standing still,” Corey O’Donnell, vice
president of marketing for the Palm Beach Gardens, Fla. Authentium. “Hackers
aren’t going to wait,” he told internetnews.com.

The company said its ESP Enterprise Platform includes the bypass, which
disables Vista’s security, launches the Authentium product, then re-enables
PatchGuard.

O’Donnell said PatchGuard’s security is trivial.

“It is a deterrent to mediocre hackers” but not likely to stop others,
O’Donnell said. Indeed, other vendors have said PatchGuard has been
defeated.

The bypass of PatchGuard “demonstrates it can be done and will be done,”
O’Donnell said.

Microsoft said PatchGuard “is not a silver bullet, rather it’s part of a
defense-in-depth approach to making Windows Vista more secure,” a
spokesperson for the software maker told internetnews.com in an
e-mailed statement.

The company said it was aware of ways to subvert the kernel protection and
has patched them in current builds of Vista. It said no ways to subvert the
security exists now.

The news brought the ire of Microsoft, which sees improved security a major
selling point for Vista. Responding to the claim PatchGuard was defeated,
Microsoft said bypassing PatchGuard put Authentium users at risk. The
software maker said holes in PatchGuard would be patched, leaving security
vendors that went around the Microsoft wall out in the cold.

Bypassing PatchGuard puts “customers at risk by developing approaches to try
to bypass Kernel Patch Protection (PatchGuard) and as a result, reducing the
security of Windows,” Microsoft said. PatchGuard will issue a security patch
closing any loopholes.

“We hope it wouldn’t come to that,” O’Donnell said. However, the security
company would change its software if Microsoft did remove the route into the
kernel.

Symantec, which has fought with Microsoft over access to the Vista kernel,
rejected the idea of its security software bypassing PatchGuard.

“We feel it is much better to work with Microsoft on these issues, as opposed
to against them, as we’ve done for year,” Chris Paden, a Symantec
spokesperson, told internetnews.com.

Symantec will not risk its users
being crashed by PatchGuard, according to Paden.

After arguing Microsoft was not answering its concerns, Symantec said
preliminary discussions “are an encouraging step in the right direction.”
Last week, Microsoft met with Symantec and other vendors to iron out the
issues over kernel access.

Authentium said Microsoft’s current discussions over security measures in
Vista “is like a debate against one party.” Microsoft’s focus is on
software, not security.

O’Donnell said security vendors aren’t telling Microsoft how to write
software. “We’d say never start the machine.” Likewise, Office, Vista — those priorities run counter to security, he said.

However, Authentium said it isn’t Microsoft’s foe. The company told the
software giant weeks ago how it bypassed PatchGuard. Microsoft and
Authentium technicians still hold weekly meetings.

“We’ve got Microsoft’s back, O’Donnell said.

News Around the Web