【新聞】Microsoft Opening Up Vista Kernel To Security Vendors
Microsoft Opening Up Vista Kernel To Security Vendors
10 /13 微軟原廠的聲明
http://www.microsoftmonitor.com/arch...ts_a_date.html
October 13, 2006
It's a Date!
Security Center. Apparently, the European Union raised concerns about the possibility consumers would receive and be confused by security warnings coming from Windows Vista's built-in feature and those from third parties. I wouldn't disagree. In response, Microsoft will release new interfaces so that third-party security vendors can turn off Windows Vista warnings.
But Security Center would remain, as a service running in the background; I expect that's not going to be an acceptable compromise for some security vendors. Microsoft's reasoning: Other Windows Vista features or third-party applications would need Security Center and the service should be available should a consumer remove the third-party security vendor product or let its subscription updates expire.
Companies like McAfee and Symantec are probably going to be initially disadvantaged by the change, simply because of timing. They'll be scrambling to adapt their products after Microsoft ships Windows Vista gold code. I don't see anything necessarily nefarious on Microsoft's part. After all, the European Union supposedly made the request and took its merry old time doing so.
【新聞】Windows Vista could protect rootkits
http://www.pcadvisor.co.uk/news/inde...SS&newsid=7331
Windows Vista could protect rootkits
Security expert warns of dangerous DRM
Paul F Roberts
A security researcher is raising concerns about a DRM (digital rights management) feature in Windows Vista that he claims may make it easy for malicious code authors to block antivirus programs from removing their wares.
Aleksander Czarnowski, of the Polish firm AVET Information and Network Security, said that a new Vista feature, known as Protected Processes and designed to provide DRM functionality in Vista, could be abused to protect rootkits and other malicious code.
Restrictions put into Windows Vista require new protected processes to be signed, and restrict interaction between standard and protected processes.
Those limitations are great for controlling the distribution of and access to valuable media content, because they allow content owners to run media in a protected state within Vista that limits the ways the media can be used to those condoned by the copyright owner.
However, protected processes could bedevil virus software vendors that want to analyse changes made by malicious software, Czarnowski warned.
"Protected processes are insulated from other applications, even with administrative privileges," Czarnowski said.
For example, Czarnowski hypothesised that malicious software that was able to take control of protected processes could use them to modify memory addresses and make other changes that would be invisible to virus software and other detection tools running in the same environment.
"I don't think anyone in this DRM race thought about the consequences of putting this ability in the wrong hands," Czarnowski said. "Protected Processes are a weapon and, as with every weapon, everything depends on how you use it."
Microsoft wasn't immediately able to offer comment, but the company seems to be aware that protected processes could be subject to abuse.