Hi malware fighters,
Now it is not so nice, because MS is not amused about what this av-vendor did, and will patch every hack of their PatchGuard. So owners of such an av-solution might actually be at a disadvantage.
Look here:
http://www.eweek.com/article2/0,1895,2037052,00.aspSo we see that MS wants to decide whats gonna run at kernel level, and off course content managment will be part of the deal later.
Hackers have already broken PatchGuard and can disable it. This means that hackers can already get malicious code into the Windows Vista kernel; while legitimate security vendors can no longer protect it. This presents a serious new risk for consumers and enterprises worldwide,” stated Oliver Friedrichs director of emerging technologies in Symantec Security Respons.
With this, Symantec is aiming to no less than discredit PatchGuard in the eyes of the consumers. In this regard, the two brands are weight in the public perspective. When put in the balance, which of Microsoft and Symantec is synonymous with security? Undoubtedly, the latter, who is leader of an industry build on offering security solutions designed for safeguarding Microsoft's products. By delivering a below the belt blow with the PatchGuard Hacking claim, Symantec has chosen to do its laundries with Microsoft in public.
“In addition, now, you may ask yourself, if hackers can bypass PatchGuard, why don’t security vendors? (We know now one did it actually.) We certainly could, if we chose to; however, Microsoft has firmly stated that any attempt to do so will result in an update to PatchGuard, which will detect these attempts. It would be foolish for Symantec to ship a product out to over 200 million desktops that may result in a BSOD on each desktop, if Microsoft decides to update PatchGuard,” commented Friedrichs.
Microsoft chose to use the only weapons readily available to them: obfuscation and misdirection.
PatchGuard isnt new, and here is a article on bypassing PatchGuard:
http://uninformed.org/index.cgi?v=3&a=3polonus
