theregister.co.uk — "Nobody knows if Microsoft has done this intentionally, but we can't avoid the suspicion that this move may have been designed to force users to rely on Microsoft and only Microsoft for Windows security"
Jul 29, 2006 View in Crawl 4
loonacyJul 29, 2006
I thought it was "Military Intelligence"?
phil246Jul 29, 2006
If you had read the article more closely you would see they have found a way around it, by using the same techniques that hackers use.these security measures by microsoft are flawed and only add another layer of frustration for genuine developers.quote :"Unfortunately, it doesn't really resolve the problem, and also makes it a great deal more difficult for independent security software developers to be fully compatible with Windows.""Nobody knows if Microsoft has done this intentionally, but we can't avoid the suspicion that this move may have been designed to force users to rely on Microsoft and only Microsoft for Windows security,"
wtf00Jul 29, 2006
I'm glad they wanna cover there asses from being hammer in the media "microsoft, yet again has dangerous flaw" but I agree about some the security trying to put on VIsta, because in reality Spyware/adware/malware/whatever is very annoying and time consuming to remove. every computer I have fix always the same BS spyware/adware/so on.
dygearJul 29, 2006
Yes this will stop the one casual root kit maker and piss off every corporation that uses kernel level software. I've got a better idea Microsoft, make better code.
Closed AccountJul 29, 2006
I completely disagree with this approach. While I am very much pleased with code being put in place to stop unallowed software from reaching the Kernel level system access, I feel totally banning it is a horrible approach.That approach is the same as stating since you can drown in a river the best to stop it is banning people from the river. Which obviously can not and will not wok, they already said they have bypassed it. How effective is this software if its not even out of the beta stage and it has been circumvented?What they need to do is make it require very clear user approval, possibly by the creation of 3 accounts at installation: regular operation, administrator, kernel modifier.In kernel modifier access to completely disconnect the internet so it's impossible for a worm to exploit a computer while in kernel access mode. Then when you enter kernel access mode it display a gigantic warning "YOU SHOULD ONLY EVER NEED TO ENTER THIS LEVEL OF SYSTEM ACCESS FOR INSTALLATION OF A FIREWALL, ANTI-VIRUS OR OTHER COMPLETELY TRUSTED PRODUCT. INSTALLATION OF ANY OTHER SOFTWARE CAN RESULT IN TOTAL SYSTEM FAILURE OR COMPUTER VIRUS INFECTION."After this point, any one that manages to get a rook kit installed with out their knowledge & consent is just an idiot and doesn't deserve to have access to the comptuer in the first place.Trusting Microsoft to provide the entire virus and firewall protection the computer needs on a software level is expecting the fox you hired to guard your hen house to be there in the morning with all the chickens intact.
obkenobiJul 30, 2006
[quote]Now I am sure they were wishing they had diversified their portfolio and products to other OS'es too.[/quote]But other OSes don't need such security products. At least not yet.
naio21Jul 30, 2006
I think that companies like Adobe, Oracle, SAP and many others disagree.
bobturboJul 30, 2006
In my opinion, the signature based antivirus products are pretty much useless, at least on the desktop. I would prefer to use something on-demand once per month (an online scanner) and that is it. Elaborate personal firewalls and any antivirus products are an endless source of misery that cause 100 times more problems then the things they are trying unsuccessfully to stop.Outbound firewalls in XP are rather useless from my understanding. There are a number of ways for one process to hijack a legitimate process and just send data out through that.Maybe something built in that detects suspicious patterns of activity might be a good option as long as it does not hinder performance. I think Windows Defender is basically Vista's solution to that. Spyware and blended threats are the real problem. Viruses are going to be difficult to execute on Vista and really, the worst they can do is corrupt some files that should be backed up anyway.
dadooJul 30, 2006
"You will get bought by MS. YES! That is exactly what many small developers dream about"Don't get me wrong: if that's your goal, fine. Seems like a waste of a lot of good work, though. More importantly, can *you* predict whether Microsoft will kill you or buy you? That's a mighty risky game to play with your money."That does not quite equal 'all successful software'."Are you sure? Of all the categories you mentioned, the only products that are even worth mentioning are open source. They don't make any money. MS Word, for instance, has what, 97% of the word processing market. The remaining 3% is shared by four or five products, including the word processor in Open Office.The point is, since Microsoft owns the OS, if they decide you're done, then you're done - even if your product is significantly better. Sorry, way too much risk for my livelihood to be at the whim of someone else.
daonlyfreezAug 1, 2006
<a class="user" href="http://www.agnitum.com/r/firewall/onecare">http://www.agnitum.com/r/firewall/onecare</a>"Expert opinion: Agnitum issues first in-depth analysis of Microsoft OneCare Firewall The firewall security experts at Agnitum have conducted an in-depth analysis of Microsoft's new OneCare Firewall, part of Microsoft's "Live" security initiative. The results are so far below industry standards that we felt obliged to share the results of our analysis with you.Highlights of the report, which has been published by a number of online and print magazines, include:- The OneCare firewall failed all but the simplest leak tests and does not offer even the most basic intrusion detection capability, leaving users' PCs wide open to being hijacked into a botnet - The OneCare firewall database of pre-approved applications is very small, and adding each new application requires several user interactions and a reboot - Application access rules are limited to 'allowed' and 'not allowed'-users cannot configure different rules for different types or times of usage, such as allowing IE to connect with some but not all websites - Similar limitations apply to network file access and remote desktop operations - The Windows Defender anti-spyware component of OneCare imposes significant delays on program execution and is updated on a separate schedule than other OneCare components"Err...
pankovAug 4, 2006
Agnitum’s technical brief about Microsoft’s approach to Kernel Patch Protection has sparked intense discussion at Digg/Slashdot.May we participate in the debate?Agnitum believes Microsoft’s motivation for introducing Kernel Patch Protection is clear. It is attempting to better protect the typical user of Windows XP x64 and Server 2003 x64 from rootkit vulnerabilities. Unfortunately, the approach taken by Microsoft limits the ability of third-party software developers to protect Vista users from other vulnerabilities inherent to Windows. This affects not just Agnitum. It affects Zone Labs, McAfee, Symantec and other developers of security software. Third-party security software uses a variety of approaches to protect Windows users. As we noted in the technical brief, <a class="user" href="http://www.agnitum.com/news/kernel_patch_protection.php:">http://www.agnitum.com/news/kernel_patch_protection.php:</a>“One of the most commonly used approaches to implementing proactive protection involves changing and monitoring the Service Dispatch Table (SDT), which is used by the OS to transfer control from user-mode to kernel (low-level system mode).” Developers who need deep kernel integration often patch the kernel by changing the service number in the SDT, and when a call is made to invoke a system service, the third-party code is invoked instead of the kernel code -- and the third-party code then returns control to the operating system.Kernel patch protection in the x64 versions of XP removes the ability of developers to legitimately change the service number in the SDT by hiding it – but imposes no such restriction on hackers. Which is the point we are trying to make. On the one hand, kernel patch protection makes it more difficult for security software to defend Windows from attack. On the other hand, “surprise kernel patches” open Windows to new, broad attack. And please also note that there is no such thing as a secure firewall if that firewall lacks deep OS integration.This is not progress. Microsoft’s approach forces users to rely on Microsoft and only Microsoft for operating-system security. If past experience is anything to go by, we know that third-party security tools are more robust and provide better protection than what Microsoft offers.Clearly, kernel patch protection in its current form is not perfect. Yes, Microsoft is correct in wanting to protect users from rootkits. However, from my point of view, it is more necessary to introduce security measures that do not make users more vulnerable. Igor Pankov,Product Marketing Manager at Agnitum