Avast WEBforum
Other => General Topics => Topic started by: PigDog on October 02, 2006, 09:52:56 PM
-
Security software firms seem to be getting upset/worried about their role (or lack of if Microsoft get their way) in the world of Vista.
http://news.bbc.co.uk/1/hi/technology/5399534.stm
PigDog
-
Since we've had a similar thread not long ago which seemed to have gone by the wayside, I'll repeat myself here:
The latest version of avast! seems to work well with Vista.
Maybe those AV companies that are having a problem, could ask Alwil for some advice ??? ;D ;D
-
The issue seems to be the Kernel.
The letter says that the best defenders of Microsoft's operating systems have been third party developers and security firms. But for the first time with Vista Microsoft is stopping security companies accessing the "kernel" - the heart of its operating system.
I assume avast! doesn't access the kernel in Vista, unless Alwil have done some clever hacking? ;)
The letter says: "For starters, customers should recognise that Microsoft is being completely unrealistic if, by locking security companies out of the kernel, it thinks hackers won't crack Vista's kernel. In fact, they already have...
http://www.theregister.co.uk/2006/10/02/mcafee_disses_ms/
-
Microsoft will allow security developers access to the kernel in Vista 64.
http://sunbeltblog.blogspot.com/2006/10/this-is-really-good-news.html
-
Good news indeed, I suppose this stops the lawyers, getting ready for an anti-trust action, if One Care had privileged access.
-
Security firms skeptical about Vista shift
"We are encouraged to see Microsoft taking the security industry's concerns seriously," said Laura Yecies, general manager of Check Point's ZoneAlarm consumer division. "Once we have a chance to see what capabilities the new kernel-level APIs will extend to us, we'll have a better idea if they will be adequate. We hope to see those new API's soon."
http://news.com.com/Security+firms+skeptical+about+Vista+shift/2100-7355_3-6125866.html?part=rss&tag=6125866&subj=news&tag=sc.th
-
There is a simple solution:
http://news.com.com/5208-7355-0.html?forumID=1&threadID=22009&messageID=193258&start=-1
-
***
There is a simple solution:
http://news.com.com/5208-7355-0.html?forumID=1&threadID=22009&messageID=193258&start=-1
Nice post at cnet, Bob. :)
***
-
Harsh words from Symantec:
http://sunbeltblog.blogspot.com/2006/10/symantec-vp-rowan-trollope-on.html
-
It's amazing how the giant Symantec seems to have problems and Alwil, a dwarf in comparison,
already has a solution.
We all know that the latest version of avast! is already Vista compliant.
I personally, having ditched NAV years ago, wouldn't want Symantec's system hogging software
back on my computer. ;D
-
It's not a question of running on Vista, it's about Security companies wanting access to the kernel: not only Symantec but McAfee, Zone Alarm and Sunbelt.
Whether or not avast! can run on Vista is beside the point.
-
It's not a question of running on Vista, it's about Security companies wanting access to the kernel: not only Symantec but McAfee, Zone Alarm and Sunbelt.
Whether or not avast! can run on Vista is beside the point.
Sorry but if avast! can do it, why can't the giants ??? Isn't Alwil also a security company?
-
It's not a question of being able to run on Vista: these companies want access to the kernel.
Obviously avast! runs on Vista without accessing the kernel, unless Alwil has hacked Vista. :P
These companies feel they need access to the kernel to provide extra security features. I suppose it's like telling a security company they can guard a bank but only from the customer side of the counter: no access behind the counters or to the vaults!
-
Obviously these companies want to be let into the vault and Microsoft is refusing them access.
If it was my bank, it also think twice.
Why don't these complaining companies write their own operating system?
That way they could stop complaining. ;D
-
As security vendors, it is absolutely vital that we have access to the kernel. And considering that the chances are high that hackers will break PatchGuard, security companies need access even more urgently.
http://sunbeltblog.blogspot.com/2006/10/symantec-vp-rowan-trollope-on.html
We could have a situation with the bad guys inside the vault thumbing their noses at the good guys locked outside!
If it was my bank, it also think twice.
It is your bank: it's your computer. Do you want your security programs to have no access to the 'vault', or do you want them to have access so they can protect from the inside out? This is what Alex Eckelberry at Sunbelt, Laura Yecies at ZoneAlarm and Rowan Trollope at Symantec seem to be saying.
-
Microsoft's contention is simple if you let them in, the crooks are sure to follow.
Exploits are cause by a breach of the OS.
If the dam has no holes, why do they want Microsoft to drill some?
-
Heaven forbid that the bad guys might find some holes in Vista!!
http://www.eweek.com/article2/0,1895,2029031,00.asp
-
My contentions is that the people who don't play by the rules and couldn't give a stuff about breaking the system will try and may get in. There are probably many undocumented holes just waiting to be discovered, sorry but MS has form in this area.
Those wanting to have authorised access as partners in security won't want to break the system and do play by the rules and do give a stuff would be fighting with one arm behind their backs.
Microsoft has already drilled a hole by having the PatchGuard, which like WGA will have people trying to crack it once cracked it is not a drill hole but a gaping hole.
-
More from Symantec's Rowan Trollope on the Sunbelt Blog today:
Next, can Symantec get around Patchguard? Of course we can, in fact we have already published a whitepaper on the subject. Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.
We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines. Hackers on the other hand have no such issues. Once they workaround patchguard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else. So in fact Patchguard works in favor of hackers in this case.
http://sunbeltblog.blogspot.com/2006/10/why-microsoft-patchguard-apis-arent.html
It looks like Alex Eckelberry isn't going to "stop complaining" anytime soon either:
Folks, this is a real issue. Microsoft has created a PR coup by “agreeing” to give APIs to security companies. It’s a red herring.
The security industry needs full access to the kernel. Period.
-
More from Symantec's Rowan Trollope on the Sunbelt Blog today:
Next, can Symantec get around Patchguard? Of course we can, in fact we have already published a whitepaper on the subject. Here is the problem: Microsoft has told us that IF we put in code to circumvent Patchguard, they will release a patch which will go out through Windows Update which will cause our workaround to bluescreen the computer.
We of course cannot pursue a path when Microsoft tells us that they will bluescreen our customers machines. Hackers on the other hand have no such issues. Once they workaround patchguard (which they already have), they don’t really care if the system becomes unstable or bluescreens or anything else. So in fact Patchguard works in favor of hackers in this case.
http://sunbeltblog.blogspot.com/2006/10/why-microsoft-patchguard-apis-arent.html
It looks like Alex Eckelberry isn't going to "stop complaining" anytime soon either:
Folks, this is a real issue. Microsoft has created a PR coup by “agreeing” to give APIs to security companies. It’s a red herring.
The security industry needs full access to the kernel. Period.
When all else fails, use the Media to get your way. They should hire a few politicians since they're the experts in this tactic. ;D
-
McAfee is still complaining (http://news.zdnet.com/2100-3513_22-6127011.html?tag=nl.e550).
-
Hi bob3160,
If you are in support of certain schemes, you can also become a victim of certain schemes. If you support a system that there is "no tinkering allowed with", and you still want the right to "tinker with it", you cannot have it "two ways". Furthermore the system of "corporational monopolism" does not equal "free trade and free culture", MacAfee should have realised that before. What is on 90% of computers is stronger.
By the way I think PatchGuard is only safe for one year for the "high end circumventors".
polonus
-
Sophos: Microsoft Doesn't Need to Open Up PatchGuard
"Two of our largest competitors, McAfee and Symantec - which clearly have anti-virus products that compare to Sophos - have publicly complained that being locked out of the Vista kernel somehow prevents them from being able to innovate," O'Brien noted.
"I would say that the opposite is really true: that by not focusing on having Microsoft provide us with the means to access the kernel, and in fact using the APIs that have [already] been provided by Microsoft, we are not experiencing any problems with PatchGuard for our latest HIPS technology, Sophos Anti-Virus, or any of the other aspects of our security offering for either 32-bit or 64-bit versions of Windows Vista."
As O'Brien explained, his company's "behavioral genotyping" -- while it might sound like the worst techno-babble from straight out of Star Trek -- does not need to hook into the API calls. Instead, it evaluates code before it is executed, and if the code "matches the genotype," then it never gets executed. His comments are consistent with those he made last month to BetaNews, when Symantec first raised objections before the European Commission about Microsoft's planned deployment of PatchGuard.
http://www.betanews.com/article/Sophos_Microsoft_Doesnt_Need_to_Open_Up_PatchGuard/1161379239
In the comments section, klavc makes an interesting point:
The above technology represented by Sophos (Behavioral Genotype) has actually nothing to do wit the standard HIPS technologies that McAfee and Symantec are fighting for. From the description on the Sophos page it is clear that this Sophos technology is actually what is more known today as advance heuristics (heuristics in virtual environment, sandbox, emulation,...). Indeed it might use some "intelligence" from HIPS like systems but in reality this simple can not be compared to standard HIPS. It is more in the league of NOD32 ThreatSense, bitdefender B-HAVE, F-prot 4 !Maximus, Norman Sandbox,...
I am not saying that this technology from Sophos is bad or good (from its abilities to protect from unknown malware), I simple would like to say that IMO this comments from Sophos are totally on the wrong place and have nothing to do with this issue. Symantec and McAfee also have their heuristics and signature based detection technologies that work just fine in Vista 64.
-
FWF,
I actually found the last statement the most interesting:
"It is somewhat counter-intuitive for me to be critical of a competitor," he continued. "However, in this particular instance, I would encourage enterprise-level customers to ask whether or not their security vendor is prepared to offer a security solution that is compatible with Windows Vista 64-bit. And if the answer is no, then I, as a customer, would ask why. And if the reason is because, 'We haven't worked with Microsoft in order to achieve that goal,' then my next question would be, 'Why not?"'
The complaints by Symantec and McAfee almost remind me of AOL's complaints about MS during the anti-trust hearings.
Complain , complain, maybe it will make people overlook their faults. ???