Features

Symantec: Vista Kernel Obstructing Anti-virus Innovation

By Priya George

"If security vendors don’t have access to the platform kernel, it cuts down on our ability to innovate and create compatible solutions," Oliver Friedrichs, director of emerging technologies in Symantec Security Response wrote on the company's web site.

"The kernel mode security enhancements in Windows Vista are quite substantial, resulting in a dramatic reduction of its overall attack surface," wrote, Matthew Conover, principal security researcher at Symantec. "However, we have identified certain weaknesses in the kernel enhancements that may be leveraged by malicious code to undermine these improvements."

Symantec probed the security kernel security features and claimed that it is possible to circumvent the security features. Security applications depend on kernel extensions to do their work, Friedrichs pointed out. And while they are blocked, malware authors have already successfully demonstrated ways to circumvent Vista's kernel security features.

"These new technologies, along with Microsoft’s unwillingness to make compromises in this area, have serious implications for the security industry as a whole," said Friedrichs. "If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and original equipment manufacturers can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems."

On the other hand, Microsoft put aside Symantec's report as stale news, because the research is based on a Vista build released several months ago. "Microsoft has been progressing toward the final release of the product and has released subsequent builds that have addressed the majority of the issues identified in this report," a Microsoft representative said.


print	save	email	comment