Microsoft presents draft of security interfaces
After the tumult about kernel protection in 64-bit versions of Windows, Microsoft has now presented a draft of its plans for security interfaces to a select group of security firms. Microsoft will, however, also be including these interfaces in 32-bit Windows Vista. Up until now, only the criteria that Microsoft uses to assess the urgency of the introduction of the application programming interfaces (APIs) called for have been made public.
Microsoft originally only wanted to prevent kernel manipulations in the 64-bit versions of its operating systems, but the company eventually gave in to pressure from the EU Commission. Microsoft plans to launch the new APIs with Service Pack 1 for Windows Vista, which is expected in 2008.
The APIs are also expected to be used on the 32-bit version of Vista. This may give it a more secure infrastructure because only signed drivers will be able to access the new interfaces. Up until now, programs have been able to manipulate various kernel structures and functions in 32-bit environments given certain rights.
If all genuine companies started using the new interfaces, it would be easier to identify some contaminants with rootkit technology. However, as long as users continue to operate older 32-bit software that still assumes the kernel can be patched at will, the new APIs will not change anything.
The new programming interfaces are intended to allow third parties to add functions to the operating system's kernel in a documented way that is also supported by Microsoft. The security firms that are now reviewing the draft have been asked to send proposals for changes and improvements to Microsoft.
Symantec did not wish to comment in the US media. In contrast, McAfee, another vehement opponent of PatchGuard, had nothing but praise. "McAfee likes Microsoft's APIs," stated McAfee's George Heron. "Our cursory check of the API specifications shows that Microsoft has included some of our recommendations. They seem to have done a good job", Heron added.
- Evaluation criteria for Kernel Patch Protection APIs in Windows Vista 64-bit, Ben Fathi on the criteria for the interfaces to be implemented
- Microsoft creates Vista APIs for security firms