Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×

Microsoft Agrees to Changes in Vista Security 318

An anonymous reader writes "Bowing to pressure from European antitrust regulators and rival security vendors, Microsoft has agreed to modify Windows Vista to better accommodate third-party security software makers. In a press conference Friday, Microsoft said it would configure Vista to let third-party anti-virus and other security software makers bypass 'PatchGuard,' a feature in 64-bit versions of Windows Vista designed to bar access to the Windows kernel. Microsoft said it would create an API to let third-party vendors access the kernel and to disable the Windows Security Center so that users would not be prompted by multiple alerts about operating system security. In addition, Redmond said it would modify the welcome screen presented to Vista users to include links to other security software other than Microsoft's own OneCare suite. From the article: 'It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet.'"
This discussion has been archived. No new comments can be posted.

Microsoft Agrees to Changes in Vista Security

Comments Filter:
  • by yagu ( 721525 ) * <yayaguNO@SPAMgmail.com> on Saturday October 14, 2006 @08:30AM (#16435513) Journal

    From the article (and /. summary):

    It looks like Microsoft was really testing the waters here, sort of pushing the limits of antitrust and decided they probably couldn't cross that line just yet," Northcutt said. "That's a good thing, because it's just too easy for mistakes to happen when you are only left with a single security provider."

    It's only an author's surmise, but as I understand and interpret Microsoft's position, there is no line they will be able to cross ever while they are still a monopoly. Microsoft enjoys (immensely) their monopoly position in PC OSes, and as long as they do (immensely), they will continue to be proscribed from using their monopoly to leverage, influence, and otherwise compete unfairly with any other of their products.

    There is no line to test.

    • Re: (Score:3, Insightful)

      by Deathlizard ( 115856 )
      No, they should have fought the EU to the end on this.

      According to the EU, MS apparently has some obligation to keep these security companies leeching off their OS exploits alive, even to the point of opening their system to security exploits in Vista to do so.

      Don't get me wrong, I can understand Symantec going nuts about the OneCare advertising, and can somewhat understand the security center, (although I think MS should allow Symantec to write whatever they want there instead of letting Symantec Disable t
      • Only signed drivers can install, but I can add my own keys.

        Perhaps like this:

        1. copy a file with the key into a specific directory
        2. press alt-ctrl-del
        3. select "prepare key for installation"
        4. enter password
        5. key is moved to a protected directory
        6. you verify that you want the key
        7. reboot, then press alt-ctrl-k early in the boot
        8. enter your password, select the kay, and confirm that it is the one you want

        That will do. A business can install their own keys. An anti-virus program could ask you to install
  • "designed to bar access to the Windows kernel. Microsoft said it would create an API to let third-party vendors access the kernel and to disable the Windows Security Center so that users would not be prompted by multiple alerts about operating system security"

    Perhaps all the alert popups that Windows is more and more cluttered with are a problem? As an XP user, I'd be sorely tempted to use a simple option if available that suppressed ALL of these popups. They are just as annoying in an OS as they are in
    • by Anonymous Coward on Saturday October 14, 2006 @08:35AM (#16435543)
      You must restart your computer. Would you like to do it now, or would you like me to display this same dialog 30 seconds from now, while you're doing something else like typing a slashdot comm
      • by krell ( 896769 )
        "You must restart your computer. Would you like to do it now, or would you like me to display this same dialog 30 seconds from now, while you're doing something else like typing a slashdot comm"

        Did that end with "NO CARRIER"? hahaha. Often accompanied by a badly-designed message window that has two or three options, NONE of which you want (one reason being is that they are poorly described). So you decide to ignore the popup and minimize it. Oh look, it breaks windows-design standards by not having "mini
        • (or drag it to a corner of the screen where it sits with other unstoppable inscrutable popup windows until you reboot).

          Finally, a reason for the masses to go to a dual-monitor setup. Drag that old obsolete 12" monochrome monitor and hercules card out and just "drag-and-ignore".

    • by pdbaby ( 609052 )
      I wonder how long it will be before operating systems come with a "you're running low on disk space: want me to order a 250gb drive for you?" ...or buy internet-based storage like on S3. While I doubt it'd have the best prices, I'm sure it'd be a big hit with normal users
  • I don't get it. (Score:4, Insightful)

    by Shivetya ( 243324 ) on Saturday October 14, 2006 @08:32AM (#16435525) Homepage Journal
    Sorry but I think the kernel should be off limits. Leave that to Microsoft and hold them wholly accountable to preventing issues with it.

    On one hand people bitch about MS's lack of security yet when they do essentially what is asked it is claimed they only did it to be uncompetitive.

    Make up your mind. Or is just permanent open season on MS?
    • Re: (Score:3, Insightful)

      Here's the crux of the complaint: In Windows, to combat viruses and add security like firewalls, these programs need kernel level access (as many APIs unfortunately do). Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer). To some that is abusing their monopoly. It would one thing if they closed it totally because of security and that nothing but the OS could access it. But they had set it up to whe
      • Re:I don't get it. (Score:5, Insightful)

        by jb.hl.com ( 782137 ) <joe AT joe-baldwin DOT net> on Saturday October 14, 2006 @09:35AM (#16435943) Homepage Journal
        MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer)

        Lies. Trend and Avast have apparently been able to run on Vista without any problems. They knuckled down and wrote code so they worked on Vista, and indeed Vista has an API called Windows Filtering Platform, which allows anti-virus makers to monitor file activity. Symantec and McAfee, on the other hand, threw a hissy fit.

        Microsoft is, for once, clearly in the right.
      • by stubear ( 130454 )
        This is not insightful, it'd FUD. Scratch that, it's outright bullshit. Microsoft's security apps use the same interfaces that they offered Symantec and McAfee, not special-super-secret-knwown-ony-to-microsoft hooks or other tricks. Trend Micro, a European security software company, was able to get their anti-virus application to work just fine with the new security API's in Vista, no hooks into the kernel necessary. If they can do it, the EU should back fuck off and tell Symantec and McAfee to do the s
      • "Now with Vista, MS had decided to close off that access to all software except their commercial security apps (which they will charge extra to the customer). "

        That is very deceptive, and frankly a lie. All the anti-virus makers can use the same built in APIs for anti-virus protection. In fact they all plan on doing it without any complaints too. Symantec and MsAfee are always involved in the development of those API's with MS.

        What is in question is the security center. MS designed a tool that ALL de

    • Sorry but I think the kernel should be off limits. Leave that to Microsoft and hold them wholly accountable to preventing issues with it. On one hand people bitch about MS's lack of security yet when they do essentially what is asked it is claimed they only did it to be uncompetitive. Make up your mind. Or is just permanent open season on MS?

      Exactly.

      That is why we got such awful security in Internet Explorer [although for the opposite reason]: Back in the mid-to-late 1990s, the Clinton administration
      • by Dmala ( 752610 )
        Back in the mid-to-late 1990s, the Clinton administration was suing Microsoft over their "monopolistic" marketshare, and because of that [vis-a-vis Netscape and their browser], Microsoft was forced to integrate Internet Explorer into the operating system so that they could say to the Justice Department that they couldn't ship a version of Windows without it.

        That wasn't the only course of action they could have taken. They could have just actually made a better browser than Netscape. It's a radical idea
        • by Tridus ( 79566 )
          Its worth noting that by version 4, they DID make a better browser then Netscape (some would argue around version 3). Netscape turned into garbage around that point.
      • by Karzz1 ( 306015 )
        "...governments forcing Microsoft browsers into the operating system..."

        Whiskey. Tango. Foxtrot.
        • by Karzz1 ( 306015 )
          Oops.... Forgot to quote this line as well:

          "Microsoft was forced to integrate Internet Explorer into the operating system so that they could say to the Justice Department that they couldn't ship a version of Windows without it."
    • Re: (Score:3, Insightful)

      by s4ltyd0g ( 452701 )
      The anti virus companies have made tons of money off of Microsoft insecurties.

      Now that there's a chance all those holes might go away, they will fight tooth and nail to prevent that from happening. I'm no Microsoft fan but these companies whining about Microsoft using their monopoly position to shut them out of the market, are in conflict of interest.

      Nothing new here, just buisness as usual.
      • by fermion ( 181285 ) *
        Perhaps putting this in another context might be worthwhile. MS has never seemed to be an ivory tower software company. It has not focused on forcing developers to work with best practices. It has not focused on punishing developers who break the rules. Given the diarrhea of frameworks, it does not even seem to have an internal culture or best practices.

        This is not necessarily a bad thing. Developers, like every one else, are generally lazy and do not really want to do more work than necessary. Firm

    • Re: (Score:2, Insightful)

      by javaxjb ( 931766 )
      But the crux of the matter is that the kernel is not off limits. Signed drivers from third parties are allowed to access the kernel. So how is this any different? Why make an arbitrary distinction between say video drivers and antivirus software? Shouldn't we welcome the choice. After all, if Microsoft can actually make a decent security add-on, won't we be better served by the competition between the third party vendors. Maybe then the other players products will be more efficient and less annoying.
  • by also-rr ( 980579 ) on Saturday October 14, 2006 @08:35AM (#16435549) Homepage
    Is this going to be a backdoor into the protected parts of the kernel that also handle media protection?

    It would be nice if one batch of companies out to screw you over had accidentally been defeated by another batch of companies out to screw you over. Sort of collateral rebuilding, if you like.
  • by dghcasp ( 459766 ) on Saturday October 14, 2006 @08:39AM (#16435579)

    Companies like Symantec (aka Norton) have profited immensely from an industry created because Windows wasn't secure.

    Now they're upset because Microsoft wants that piece of that market; in other words, Microsoft wants to profit from the fact that Windows isn't secure.

    Yet in pretty much every other operating system, the solution is simply to make the darned thing secure.

    Now, I realize that the issues are a bit larger than this, but I do wonder: IF Microsoft ever released a truly secure operating system, thus making Symantec and other such companies as relevant as the buggy whip, would they then sue to prevent the release of the O/S?

    • Re: (Score:2, Insightful)

      You're missing the point that this is exactly what's happening. By implementing PatchGuard, Microsoft was trying to make the OS more secure. But because these "security" companies bitched and moaned that Microsoft shut them out of the kernel (where no software but the OS ought to be), Microsoft must now make the system less secure in order to look like they're not abusing their monopoly powers. No reasonable person can place the blame on Microsoft here. If they don't open up the kernel to Symantec, McAfee,
      • No reasonable person can place the blame on Microsoft here.

        Actually no reasonable person can ignore the fact that its Microsofts own fault.

        Its because of Microsoft inability to create secure software that Symantec, McAfee et al exists at all. So basically its Microsofts inability to create good software that forces them to do these changes now.

        Basically bad choices from before has come back and bitten them in the tail. Bad hacks has a tendency to do just that.

      • by Duhavid ( 677874 )
        No reasonable person can place the blame on Microsoft here.


        You have a very good point. There is one minor point to make here, I think, and that
        is that Microsoft is responsible for Microsoft abusing their monopoly position and putting
        themselves under the scrutiny they are under. If their actions and attitudes had
        been different, they would have more options at times like this.
    • that just isn't true. MS patches security holes just like Apple, and the rest of them.

      The difference is 1 and only 1 of the Operating Systems are used by virtually everyone on the planet... while the others struggle to get above 5%.

      See, linux, osx, etc. are really that much more secure than Vista, its that not enough people use them to write viruses for.

      You guys were on your high horses about Firefox being more secure than IE, but the bugs and security holes have been out pacing IE every since it broke th
    • by udippel ( 562132 )
      Yet in pretty much every other operating system, the solution is simply to make the darned thing secure.

      Where do you buy your smoke-stuff ?
      There is nothing like a secure OS. FYI.

      • Re: (Score:3, Insightful)

        by dghcasp ( 459766 )

        There is nothing like a secure OS.

        People who forget Multics [wikipedia.org] are doomed to, er, um, forget that it existed.

  • I personally don't want a crippled OS to accommodate third party security vendors. If Microsoft can make there OS so secure that third party software is not needed I say go for it.

    Of course if it turns out that Microsoft was just locking other vendors out to make users use their security software, which performed poorly I applaud the EU for helping the consumers. Because really all I care about is how well the end result is.
    • Re: (Score:2, Offtopic)

      by Guppy06 ( 410832 )
      "I personally don't want a crippled OS to accommodate third party security vendors."

      But before this you were willing to spend money on a crippled OS to accommodate third party media vendors?
      • by Tim C ( 15259 )
        At least it would have been that little bit harder for rogue apps to pwn the box.
    • by MooUK ( 905450 )
      Part of the issue is that some of the security software developers had already found ways to bypass the protection that was casuing the problems to some extent - and if they can, it's safe to assume that malevolent entities can and probably already have too. Of course, being a flaw, eventually MS would fix it - killing all the security software using it until they found another workaround.

      At least, that's how I understood part of the issue. If anything there is wrong, though, I would like to know.
  • I honestly thing vista is the beginning of the end for Microsoft.

    They are pissing off their corporate customers, the governmnent. end users, 3rd party vendors.. Pretty much everyone...

    Much as the *AA's are starting to cross the line, and will pay the price if they dont adapt, quickly.

    The world has changed, and people are more aware and just wont put up with it..

    • by Kijori ( 897770 )

      Vista can't be the beginning of the end for Microsoft - there's nowhere else for customers to go. There is no OS that offers the same level of hardware support, software support or technical support. There's no other operating system that companies can go to without retraining their staff. There's no other operating system that customers want pre-installed on their desktops and laptops, and there's no other operating system for software and hardware companies to design for.

      I'm not a Windows fan. I gave up W

  • by dioscaido ( 541037 ) on Saturday October 14, 2006 @08:52AM (#16435647)
    Why should the OS be secure when I can pay $30 for a 3rd party can do it (and destabilize the system as they do it, since they root the OS in undocumented ways)? This is a bad precedent and a huge loss for consumers.
  • "Microsoft said it would configure Vista to let third-party anti-virus and other security software makers bypass 'PatchGuard,' a feature in 64-bit versions of Windows Vista designed to bar access to the Windows kernel."

    Can't say I'm particularly happy about this (breaking security in the name of security? Could even OneCare touch the kernel before this?), but this makes me wonder if they'll actually bend to user pressure to change the licensing terms [slashdot.org]?

    Of course, the users don't have a legal team on speed-di
    • Re: (Score:3, Insightful)

      by tomhudson ( 43916 )

      And there's no reason to believe that Vista will do anything but sell like hotcakes (after all, there are more reasons to go from XP to Vista than there were to go from 2k to XP), so there won't be any of the user backlash that most Slashdotters pretend they see in the future.

      For those who missed the "irony" tags - people didn't switch from 2k to XP - they went from Win9x to XP - the 2k users continually dug in their heels when it came to switching. And certainly nobody I know even has Vista on their ra

    • Can't say I'm particularly happy about this (breaking security in the name of security? Could even OneCare touch the kernel before this?),

      No, One Care doesn't touch the kernel.
      Vista already had APIs to allow security software to monitor file activity without touching the kernel. This the API that One Care uses. And *most* security software already use that API, such as:
      Trend Micro's "PC-cillin" [trendbeta.com]
      Avast! [avast.com]
      Sophos [betanews.com]

      Symantec and McAfee, unfortunately implement their software by mucking directly with the kernel, so

  • Microsoft's responsibility should be to provide an operating system that isolates the kernel from the user to the extent that no application run by an unpriviledged user could ever compromise anything other than that user's files. If they succeed, then the AV vendors have no need to get into the kernel. They just create software that looks for malicious software or libraries and eliminate them. If no app can get into the kernel they have nowhere to hide. That's the real solution IMO (not like I'm the first,
    • Microsoft's responsibility should be to provide an operating system that isolates the kernel from the user to the extent that no application run by an unpriviledged user could ever compromise anything other than that user's files. If they succeed, then the AV vendors have no need to get into the kernel.

      Problem is that all software contains bugs, so actually making this perfect is impossible.

      Hence, there will still be a need to look in kernel space to see if everything there is really ok.

      Surely the AV compan
  • by Temujin_12 ( 832986 ) on Saturday October 14, 2006 @09:23AM (#16435849)
    To my own suprise, when I read this I thought, "So, MS is striping away a part of its core security to accommodate 3rd party businesses? What would we say if our favorite *nix distribution started doing this?" Perhaps it is time to just let MS be. Let them provide their own security, their own browser, their own IM, etc, that are all tightly interwoven. Let them squelch creativity on their OS to the point that they either blow us away with what they can do when they lock the doors or alienate themselves from the entire software industry. Let them do whatever they want to lock/unlock 3rd party vendors out/in. We all complain about security, but then come unglued when MS tries to take a hard line to improve it because they close holes. Granted, the way they are closing holes may not be the best approach.

    I say, let's just let them do whatever they want. A few things could come of this:
    -Nothing really changes, we take off our tin foil hats, and life continues just fine
    -Vista may actually be more secure and developers become adjusted to developing for it
    -Vista becomes so hard to work with (as a software developer) that no software is written for it and everyone keeps using (developing for) XP, or switches OSes (and Vista becomes one of MS's big blunders)
    -Vista becomes hard to work with (as a software developer) and we see more software makers moving over to alternative OSes (OSX, *nix, etc)

    Really, what is so wrong with the LONG TERM results of these scenarios? Let's let MS make or break itself. Let's let them "test the waters" and see what happens.
    • Microsoft did this because they were going to be sued for billions. They'd rather close it off and force the security companies to use a supported API than let them hook into the kernel and do whatever they want. The EU just made Windows Vista less secure on x64 systems.
  • NO NO NO. (Score:5, Interesting)

    by jb.hl.com ( 782137 ) <joe AT joe-baldwin DOT net> on Saturday October 14, 2006 @09:33AM (#16435913) Homepage Journal
    Trend Micro's anti-virus and Avast both work on Vista, because their respective developers spent time developing new software to work with it.

    Symantec and McAfee on the other hand, rather than invest money in development for a version of their programs which fits Vista's new security model, decided to bitch and whine loudly about Microsoft's new security in Vista while doing nothing of any value. In a sane and equitable world, Microsoft would have offered to aid them in building their new anti-virus products for Vista, and McAfee and Symantec would have agreed. Instead, probably with the threat of a lawsuit from the two companies, and because of the two launching attack ads, they let them bypass their new security features.

    This should not be happening. This is BAD for security, as once you let one program bypass security barriers it's only a matter of time before others do, not all of them friendly. This is STUPID because Microsoft has kowtowed to pressure from two companies far more focused on saving money on developing their shitty, shitty antivirus programs than actually providing any more security.

    Fuck Symantec, fuck McAfee.
    • Re: (Score:3, Insightful)

      by KarmaMB84 ( 743001 )
      They kowtowed to a government body that has control of an entire continent. If they hadn't made Symantec and McAfee happy, they'd be right back in the EU courts having even more restrictions they can never meet and fines that will never stop shoved down their throats.
      • Sad but true. It would be just if they only sold this verison in Europe. They could call it Vista Swiss (now with holes).
        • by wik ( 10258 )
          Nice idea, but it's an EU problem... and, oddly enough, Switzerland isn't part of the EU.
      • by Tim C ( 15259 )
        They kowtowed to a government body that has control of an entire continent.

        But said government body only kicked up a fuss because Symantec and McAfee complained; MS are indeed kowtowing to them, the EU commission is just acting as a proxy.
    • once you let one program bypass security barriers it's only a matter of time before others do, not all of them friendly.

      "Redmond said it would modify the welcome screen presented
      to Vista users to include links to other security software."

      Maybe the forced Vista sound at logon will play a friendly tune for Microsoft's solution, and dire music for those who bypassed it.

  • by jorghis ( 1000092 ) on Saturday October 14, 2006 @10:33AM (#16436439)
    I could understand why the EU was upset about the media player bundling. I can understand them being upset about the splash screen for MSs AV stuff. I dont agree with them forcing MS to get rid of those things, but I understand where they are coming from.

    Forcing MS to weaken Vista's security and reliability to accomodate these AV companies sucks though.

    This is a -bad- thing. Why are we applauding it on slashdot? Are we so caught up in MS hate that we want the government to force them to weaken their product from a technical standpoint?

    Maybe this is an example of how having a reputation for lying will make people think you are being dishonest even when you are telling the truth. I know a lot of people on this website dont totally understand the technical issues involved. But doesnt the EU commission have any experts that can explain to them that they are weakening Vista by forcing this on MS?
    • by topham ( 32406 )

      If I thought for 1 minute Microsoft could actually accomplish a secure OS I would agree with you.

      They haven't yet done it in a consumer grade OS and they never will.

      Regardless of the fact I will not install Nortons on another system (too many issues in the past) the ability to do so if warranted is absolutely a requirement.

      And really, at the end of the day, let me guess what they do... they sell a pre-approved private key to Symantec, or any other reputable company and provide them with the dll/api calls to
  • As we have realised with DVD-CSS, and DRM, exceptions like these cannot be restricted to certain parties.

    Put simply, crackers will ultimately be able to use the same backdoors to do Bad Things(tm).
  • Full disclosure: I do security.

    This is a major change in the security model of the OS. As such it means the security model must be reviewed and re-evaluated. If Vista is released on the current schedule, that will mean that Microsoft have not done this essential work, which will mean the whole security model of the OS is invalid and (heh heh!) "untrustworthy". Not to mention the knock-on effects of this change on all those comingled applications (Internet Explorer, etc) - their security models are now b

    • So either there are another 6-9 months' delay (at least), or Vista will be released with it's security fundamentally compromised. Your call, Billy-boy!
      I don't care whether you "do security" or not, you have no clue about the code involved. You're talking out of your ass.
  • by Cap'n Crax ( 313292 ) on Saturday October 14, 2006 @11:15AM (#16436791) Homepage
    And I will tell you why. I actually like the NT kernel and architecture. I think it is well designed, and works great when built upon properly. I think Windows 2000 is the probably the best consumer OS ever made, even though Microsoft pointed it at business users. It's what I run, and likely will not switch from, except for (maybe) running XP in a VM to run some games.

        But even with 2000, MS had to insert their boneheaded ideas in it. For example, with "Windows File Protection," which is really the sfc.exe ("System FIle Checker") and sfcfiles.dll (The actual list of files to be protected, stuck in a DLL) it gives an Admin NO WAY to add to or change which files are protected. And it includes things like PINBALL.EXE!!! in the list of protected, undeletable system files. And creates stupid things like "C:\Program Files\microsoft frontpage" when I DO NOT even have Frontpage or IIS installed. And unless you disable SFC (which I did) it will re-create the stupid directory on every re-boot. So what COULD HAVE BEEN a useful feature is more like a "let MS Admin your computer for you" feature, because there is no way for the owner of the computer to manage which files are protected under "Windows File Protection." And guess what, on COMPUTERS I OWN, **I** like to control what directories are created and where they are placed. It's MY computer!!!

        Now I have read, from a recent article by Mary Jo Foley, ZDNET, that some of the new security in Vista will come from "Code protection technologies such as tamper resistance, code obfuscation, and anti-reverse engineering measures..." THIS IS NOT SECURITY. This is HIDING YOUR BUGS. Instead of actually fixing the bugs, or not having them to begin with, they are actively trying to just make them harder to find. But they are still IN THERE!! This is just simply boneheaded. This is not the way to develop an OS.

        With this new WGA crap, they are trying to FORCE users to install (and keep installed) components that NO ONE WANTS (except MS, of course). But guess what, any decent computer Admin **MUST** have the ability to accept or deny ANY update to the OS and have the ability to rollback changes if they cause problems. Just Google for wgatray.exe for many fine examples of the horrible problems their crap is causing.

        With Win 2000 at least, MS created a good OS, once you fix the initial problems. But for me at least, there is NO WAY I will "upgrade" to this Vista shit with requiring signed drivers (what about independent hardware hackers/developers?) or XP with "Activation" (what, I can't swap out my motherboard without CALLING and RE-ACTIVATING?) They have just gone too far with this DRM and Anti-Piracy shit. NOT IN MY OPERATING SYSTEM.

        I need to move to Linux. Kubuntu is looking really good now. If I can just get the couple of games I like working under WINE or Cedega, then F*** MS. It's just too much. I've had enough.

    Crax

    P.S. The Mary Jo Foley article I quoted from is located at:
    http://blogs.zdnet.com/microsoft/?cat=18 [zdnet.com]

  • MS is not giving access to the kernel. In fact they're doing what they've been doing with V64 all along, providing API's to monitor the kernel but not hooks into it.

    Here's an informative link [stepto.com] on KPP or PatchGuard.

  • The proposed PatchGaurd security model made perfect sense and was one of my favorite parts about Vista. Even though Brad Smith said in the press conference that they haven't dropped PatchGuard, by providing a hole in it they may as well.

    And is anyone else incredibly annoyed when they find that some interface in the OS (like security center) has been disabled and replaced with something inferior? I don't think McAfee and Symantec care about that so much as making sure that Windows continues to face serious s
  • Oh, right, because that's the time to design the security model of your operating system: after a few betas, several years into development, when the product is already late, as a token gesture to some competitors only after government pressure.</SNARK>

    This is the OS that the vast majority of PC users will depend on for their privacy and data security. Billions of people, many in essential services like healthcare, defense, banking, emergency response, depending on it every day to work reliably, despi
    • I'm probably missing something, but where are you getting the impression that security was an afterthought in Windows Vista? Everything I've read up until now has stated that security was a paramount idea throughout the entire Vista development process. The article in the OP is about Microsoft giving into McAfee/Symantec lawyers who had started bitching louder and louder, it's not like PatchGaurd is a new idea that was just implemented into Vista.
      • Letting 3rd parties bypass PatchGuard is a change to the security model. And at this point, any changes like that are afterthoughts.
        • It seems more to me like Microsoft fought to keep the security model the way it was and is now realizing they can't win in Europe and that continuing to try would hurt the company. I don't like the change either but saying that Microsoft made security an "afterthought" doesn't accurately describe what's happening here. McAfee and Symantec only started complaining loudly at the last minute while other antivirus vendors worked to make sure their products would work under Vista. The EU heard their complaints a
  • So MS is being forced to write an API which will turn off system security.

    Will the MAIN users of the API be virus writers, or will they only be a minor percentage of the coders who use it?

    Make no mistake - this API is a security vulnerability which virus developers WILL use. I really hope that the API requires a DLL which I can remove, unregiser and exorcise from my systems. Or some other way, which cannot be bypassed, which will ensure that NOTHING (not even symantec ... or sony) can write to my kernel.

The more they over-think the plumbing the easier it is to stop up the drain.

Working...