Printer Friendly

Agnitum Analyzes Latest Microsoft Security Initiatives; Security Experts Warn That Introduction of Kernel Patch Protection By Microsoft Threatens Third-Party Security Software Vendors More Than Hackers.

SAN JOSE, Calif. & ST. PETERSBURG, Russia -- After an in-depth analysis of the new security measures introduced by Microsoft under the name "Kernel Patch Protection," the computer security experts at Agnitum today announced that this attempt to improve security instead is a possible move to preclude or block the use of third-party security software in Windows.

Agnitum experts also believe that Kernel Patch Protection will make it harder for third-party security software vendors to maintain compatibility with Windows, while posing little or no threat to hackers.

Key conclusions from the analysis include:

--Microsoft kernel patch protection prevents security software developers from installing security software at the kernel level, an approach that developers use to ensure security against malware applications.

--If certain versions of the kernel are in use, kernel patch protection does not prevent hackers from reverse engineering specific areas of code in the operating system to re-acquire unauthorized access to the kernel.

--If third-party security software is going to work, then independent software companies must similarly reverse engineer access to the operating system kernel, making it more difficult to install and maintain products that ensure better security for Windows and Windows users.

"As the developer of Outpost Firewall Pro, we have to install at the kernel level," said Alexey Belkin, chief software architect at Agnitum. "In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft -- if we use the same techniques used by hackers. That's a wide-open hole. If we discovered it, then hackers will discover it, and they will use that hole to install malicious software."

Kernel Patch Protection is intended to provide better protection for low-level system activities such as the file and registry operations of the Windows kernel, the deepest level of OS operations (http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx). Any program that gains access to the kernel can, for instance, hide a folder on the hard disk and make it impossible to delete that folder using regular Windows tools. While malicious programs can modify the Windows kernel and hide themselves in this way to surreptitiously steal information, security software developers also need access to the kernel to provide PC security.

Forcing independent software developers down the road of acting like hackers gives the advantage to hackers, as they don't need to undertake the level of compatibility testing and quality assurance required by legitimate software developers.

The full analysis is available on the Agnitum website: http://www.agnitum.com/r/kernel/patching/.

"Microsoft made a logical move with this attempt to protect Windows against rootkits," said Mikhail Penkovsky, vice president of Sales and Marketing at Agnitum.

"Unfortunately, it doesn't really resolve the problem, and also makes it a great deal more difficult for independent security software developers to be fully compatible with Windows. Nobody knows if Microsoft has done this intentionally, but we can't avoid the suspicion that this move may have been designed to force users to rely on Microsoft and only Microsoft for Windows security. If past experience is anything to go by, third-party security software solutions are likely to be more robust and provide better protection for users, who will be the biggest losers if this proves to be the case."

In 64-bit versions of Windows and in the upcoming Windows Vista, kernel patch protection will insulate the kernel from legitimate changes. This means that no third-party vendor will be able to install security software that uses kernel functions with legitimate coding approaches, but hackers can still feel free to reverse engineer their way to successful rootkit delivery using less legitimate methods.

"The problem lies in the fact that these less legitimate methods will work only for specific Windows kernel versions," said Penkovsky. "If legitimate, independent software developers are forced to take this approach with every serious update to the OS, those developers will have to make changes to their installation methods. It will be a nightmare for legitimate developers while posing little or no problem for hackers, who don't have to maintain 100-percent compatibility. And improvements to malware are much easier to code than improvements to security software."

About Agnitum

Founded in 1999, Agnitum Ltd. (www.agnitum.com) is committed to delivering and supporting high-quality, easy to use security software. The company's products are Outpost Firewall Pro, securing personal and family desktops, and Outpost Network Security, ensuring reliable endpoint protection and performance for small business networks. Agnitum firewall technology is licensed by Novell, Sophos and Lavasoft.
COPYRIGHT 2006 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2006, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Geographic Code:1USA
Date:Jul 26, 2006
Words:761
Previous Article:Mentor Graphics Calibre nmDRC Adopted by UMC to Address Shifting Requirements for Sign-Off.
Next Article:Mentor Graphics and ARM Validate Physical IP for Robustness to Lithographic Variation Using Calibre LFD.
Topics:


Related Articles
Microsoft critical flaw.
How secure are you? University CIOs are leveraging new people, policies, and professional tools to ensure network security.
Cisco, Microsoft join forces to stop viruses.
Computer security: software patches more vulnerable to hackers.
Boss cautions Microsoft's forced deployment of SP2 for Windows XP computers may cause widespread issues and disrupt business continuity.
Sophos warns against panic as worm attacks CNN, Financial Times and New York Times.
Dasher-B expoits Windows 2000 PC's.
Sophos security threat management report: update July 2006.
Bug hunters turn the tables on software makers.
Sophos protects Microsoft Windows Vista.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters