Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Locking Out Anti-Virus Makers?

Zonk posted about 8 years ago | from the protecting-their-business dept.

135

twitter writes "Anti-virus makers have more to fear than stonewalling by Microsoft if a report by Agnitum, maker of Outpost Personal Firewall, is right about recent trusted computing changes. All the problems were summarized in a choice Register quote, 'In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers.'"

cancel ×

135 comments

ORly? (3, Informative)

Umbral Blot (737704) | about 8 years ago | (#15807101)

As someone who has written drivers for Windows before I think Microsoft's patch is a step in the right direction. It is simply too easy to spy on the user and hide the driver under the current system. If that means that anti-virus software has to be updated, and has to bug the user with more "are you sure this is OK" boxes ... well tough, sometimes that is the price of security.

Re:ORly? (5, Insightful)

tyler.willard (944724) | about 8 years ago | (#15807173)

Ya RLY. Too easy? At ring 0 *everything* is, and should be, visible/alterable. That's the whole point of ring 0 existing in the first place. There is another concern as well: If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products. As it stands now, SoftICE has been discontinued and sysinternals has been acquired. I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.

Re:ORly? (2, Insightful)

Anonymous Coward | about 8 years ago | (#15807256)

It's not just a matter of not having the tools... Trusted Computing hardware allows the running of encrypted code. You'll never know what Microsoft is upto, because your own PC hardware works to stop you.

Re:ORly? (1)

tyler.willard (944724) | about 8 years ago | (#15807274)

Yes, this is certainly something to be concerned about, but there are a lot of obstacles, some that involve hardware, that don't rely on encrption.

In Other News... (1, Funny)

Anonymous Coward | more than 7 years ago | (#15807578)

Dogs are eating dog food.
Cats are eatin gcat food.
Bush is doing something stupid.
Shaq is eating.
Grass is growing.
MSFT's bill for breaking EU law went up.
MSFT lies.
Vista is just that... a vista.
Linux is pwning server rooms across america.
Ballmer is throwing chairs.
Ballmer is cursing Google.
Ballmer heard repeating "developers, developers, developers" from people outside his bathroom window...

You see, the world just makes sense.

Re:ORly? (1)

BagOBones (574735) | more than 7 years ago | (#15807614)

There is too much going on in Ring 0 as it is.. I am all for MS keeping drivers out of there.. This is where BSOD come from, hardware failure or kernel lvl drivers.

I spend a week last year tracing the source of a intermittent problem on a new server, turned out that a antivirus products kernel drivers was leaking kernel memory at a slow rate.. After a reboot, depending on how many times a file was accessed it would just cause the systems to stop responding to requests.

As far as I am concerned only the OS should be at ring 0.

Re:ORly? (1)

cheater512 (783349) | more than 7 years ago | (#15807811)

Do tell me how you make Antivirus and Firewalls which arent on ring 0. :P
They are there because they have to be there.

Re:ORly? (2, Interesting)

Crayon Kid (700279) | more than 7 years ago | (#15807732)

If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products.
But how can it be done? From the Agnitum story I for one understood that it's not possible to achieve this.

Sure, they can actually and fully deny access to low level kernel functions to every piece of software, but in that case how will certain things get done? Some stuff needs access to get it's job done. Obviously not a choice.

Or, they can just not document the API (which I get the impression is what they're trying to do now), in which case people will reverse engineer the software that uses it and they'll find out how what they need to know. Malware writers and legit software writers alike.

I'd like a saner alternative, myself. But how can the kernel tell which software is legit and which is not? Should the software present a key? Not really an airtight solution. Should the software ask the user to enter the admin password? Again, can be circumvented and misused.

So, how can one safely regulate access to a machine's lower functions? Deny it all? Allow it all? What if you want something in between?

Re:ORly? (1)

kosmosik (654958) | more than 7 years ago | (#15807833)

> Or, they can just not document the API (which I get the impression is
> what they're trying to do now), in which case people will reverse engineer
> the software that uses it and they'll find out how what they need to know.
> Malware writers and legit software writers alike.

Legit software writers *cannot* reverse engineer. I think that in USA under the DMCA it is prohibited to overcome secuity measures by reverse engeenering. FIXME

Re:ORly? (1)

Cylix (55374) | more than 7 years ago | (#15808585)

A conversation overheard between Ring0 and MSFT

"I'm going to show these people what you don't want them to see. I'm going to show them a world without you... a world without rules and controls, without borders or boundaries. A world... where anything is possible. Where we go from here is a choice I leave to you."

Ok, sounded cooler in my head... it's still moderately funny though :P

Re:ORly? (1)

supabeast! (84658) | more than 7 years ago | (#15808842)

"'If Redmond locks out 3rd party security and utility vendors from full ring 0 access they become the only ones able to provide the most powerful utilities and security products.'

"But how can it be done? From the Agnitum story I for one understood that it's not possible to achieve this."

DRM. Once the CPU vendor and OS vendor are the only people with total control over computers, the computer s will only do what said vendors allow them to. Or at least that's the way they think it should be.

Re:ORly? (1)

jrockway (229604) | more than 7 years ago | (#15807824)

> I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.

Just the more reason to ditch unaudited proprietary operating systems, and use something more open. OpenBSD's aproach to security is much better than Windows + 100 (potentially buggy) commercial "security" apps. And it's free.

Re:YaRly? (1)

jc42 (318812) | more than 7 years ago | (#15808440)

I don't particularly relish the idea of having to take MS's word for what's happening down in kernel or having theirs being the only powerful security/utility products availble.

Prorammers have long understood that, especially at the kernel level, the only way to understand what's happening down there is to study the source code (and, in some cases, the machine code that it compiles to). Anything else is at best a summary, and at worst a parody of what's really going on.

Face it, with a binary-only kernel, the only way to understand kernel issues and write powerful (or even effective) security products is to have access to the kernel internals. If you don't have that, you are locked out, and your products can never compete with those written by people with inside knowledge.

Without access to the source, the code in there could be doing anything at all, and you have no defense against it whatsoever.

Re:ORly? (2, Insightful)

staticsage (889437) | about 8 years ago | (#15807338)

The only problem is no matter how many "are you sure this is OK" boxes you throw at some people, they will still blindly click Yes...

Re:ORly? (1)

Cliffy03 (663924) | about 8 years ago | (#15807529)

They click yes until it is tech support trying to get them to click yes. Then they click on everythng but yes.

Re:ORly? (2, Interesting)

Traiklin (901982) | about 8 years ago | (#15807539)

and I know first hand how easy it is to.

I decided to try out vista one time and it installed and ran perfectly fine on my computer, the only drawback to it was EVERYTIME I wanted to open a folder or program a window would pop up asking me if I was sure I wanted to open it (apperantly Microsoft doesn't even trust themselves cause I was opening Windows Media Player 11 when I got the most windows) after about the 20th popup window asking me if I wanted to open a file I knew was ok I just started clicking yes to see how the damn thing worked.

now, just imagine someone getting to that point when they launch and it's been out for a little while, how many calls will tech support (Dell, Microsoft any company that makes PCs) get from people asking if it's ok to run a microsoft product? how many calls will they get when they accidentally click No to an important option (say their email, they read it wrong and suddenly they no longer can use outlook), how many calls will family members get when their Mother/Father/Uncle/whatever says they don't have a clue if the security warning that microsoft put in place is ok to click Yes or No to when they run WMP, Outlook, IE or any other MS owned programs.

Re:ORly? (3, Insightful)

cheater512 (783349) | more than 7 years ago | (#15807827)

And the more boxes you throw at them the less likely they are to read it.

/me makes a automatic 'Yes' clicker and sells it for $10.

Re:ORly? (1)

kassemi (872456) | more than 7 years ago | (#15808679)

To keep bots from utilizing forms on my web pages I use a captcha. Similarly, to prevent mindless clicking of the "Yes" button, maybe there should be a captcha. For more dangerous tasks, force the user to demonstrate knowledge of what they're about to do by asking them a question about it. " You're about to run a script you downloaded from the internet as root. What is the root account? a) A plant that grows in southern brazil. b) An account at the IB where my taxes are calculated. c) A user profile that allows viruses and trojans and shit to do anything they fucking want. Please enter the answer: ______ " Heh. I could have fun writing that. People would figure it out without knowing anything about it, but at least they'd learn something.

Re:ORly? (1)

twitter (104583) | more than 7 years ago | (#15807677)

I think Microsoft's patch is a step in the right direction. It is simply too easy to spy on the user and hide the driver under the current system.

Well, it would be great if it were not so easy to circumvent. Typical of M$ "security", this change is just another inconvenience to the legitimate user.

Microsoft is just isolating itself (3, Insightful)

The Real Toad King (981874) | about 8 years ago | (#15807103)

By making its kernel and software more closed, they're just locking out new developers and applications. If they keep this up, Windows may only be able to run Microsoft Software.

Re:Microsoft is just isolating itself (1, Insightful)

DoraLives (622001) | about 8 years ago | (#15807121)

If they keep this up, Windows may only be able to run Microsoft Software.

This is precisely what they're looking to do, and it would appear as if their short-term vision has completely blinded them to the long-term consequences of what they're doing. I wish them all the success in the world with it.

Re:Microsoft is just isolating itself (-1, Troll)

Anonymous Coward | about 8 years ago | (#15807133)

and this is a bad thing because .... ? lets face it -- most users want office and ie. thats it.

Re:Microsoft is just isolating itself (5, Insightful)

RightSaidFred99 (874576) | about 8 years ago | (#15807135)

They're not locking anybody out. It's silly to think that developers should have full access to every single internal structure or API call. It's called "bad design principle". It means they can't change things internally.

The real problem may just be limitations in the API they _ARE_ providing. That's fine, work with them on it. Don't whine that their internal structures and kernel level calls are changing - you are NOT supposed to use those anyway.

Re:Microsoft is just isolating itself (1)

tyler.willard (944724) | about 8 years ago | (#15807262)

It is *not* a bad design principle. By their nature advanced utility and security products need to have total access. Malware authors aren't going to limit themselves to the official apis. Unless of course you are of the opinion that they will make this absolutely bulletproof and there won't be any exploits to worry about....

Re:Microsoft is just isolating itself (3, Insightful)

CodeBuster (516420) | about 8 years ago | (#15807352)

Ok, fair enough, but to what extent is Microsoft liable if your attempted hacking, even if your purpose is noble, results in damage to the kernel? If you use a product or modify that product in a way that the manufacturer never intended then how can you say that it is the fault of the manufacturer that your modifications, hacking, or misuse cause the product to fail? The malware writers will of course do what they want and the anti-virus writers have made it their business to try and stop them. However, the anti-virus writers must accept responsibility for their own products even though they don't fully control the underlying system...that was part of the risk they took when they got into the business.

Re:Microsoft is just isolating itself (1)

tyler.willard (944724) | about 8 years ago | (#15807424)

They aren't liable. This has been going on forever. I'll grant that they do get bad PR. E.G., most BSODs (fatal exception in ring 0) tend to come from third party drivers but MS gets gigged for it. As far as taking a risk "by getting into the business", this is irrelevant. Again, utility and security products are a special case in software. For years, Redmond has worked closely to assist these companies with whatever kernel hackery was needed. Now they're getting into the game themselves and restricting what the vendors can do. They'll find a way around the restrictions, but being heavy handed with the security community is an arrogant move.

Re:Microsoft is just isolating itself (4, Insightful)

kripkenstein (913150) | about 8 years ago | (#15807284)

They're not locking anybody out. It's silly to think that developers should have full access to every single internal structure or API call.

Fair enough. But, consider this: do you really believe that developers of Microsoft security products (firewall, antispyware, OneCare, etc.) will NOT have access to whatever API they ask for? That if they need access to one, a technical solution will not be devised?

Re:Microsoft is just isolating itself (3, Interesting)

cob666 (656740) | more than 7 years ago | (#15808091)

do you really believe that developers of Microsoft security products (firewall, antispyware, OneCare, etc.) will NOT have access to whatever API they ask for? That if they need access to one, a technical solution will not be devised?
I have a friend that was working on the transactional file system for Vista and I asked him a similar question regarding undocumented APIs. Hi answer was two-fold.
Part 1 of his answer was that normally if a developer requires access to a system process that is not currently exposed via an API then he must request that interface from the development team responsible for that particular system process. This is normally the long way to get something done as this new interface must be documented.
Part 2 of his answer was that MOST undocumented APIs in Windows are actually APIs that were never intended to be included in the released product. A common way for an undocumented API to make it to release would be that a developer requires access to a system process for testing purposes so they have an alternate way to access that process. The interface is designed with the full intention of removing it. Application Developer B finds out about this new interface and actually uses it for the next release of Media Player (or any other Windows application). When the time comes to remove the interface, Developer B informs the group that the interface is being used in a production application and can't be removed.

Re:Microsoft is just isolating itself (0)

Anonymous Coward | about 8 years ago | (#15807523)

Excuse me? I think Linus and the Linux community would disagree with that. Open Source would be the BETTER option then atleast the problems in the OS could get fixed before pumping out an already BROKEN one. (YES I mean Vista, it's broken.) I'm tired of being a paying Beta-Tester for MicroSoft.

Re:Microsoft is just isolating itself (4, Interesting)

grcumb (781340) | more than 7 years ago | (#15807708)

"It's silly to think that developers should have full access to every single internal structure or API call. It's called "bad design principle". It means they can't change things internally."

WTF? I understand what you're getting at, but please think about what you've just written for a second.

It's not at all silly to give developers full access to your system internals, as long as you're clear about the repercussions of using them. In fact, there's a whole bunch of developers using this stuff called FOSS, which is based entirely on this principle.

I know, I know; your point is that if developers depend on a certain implementation, then the vendor is forced to continue supporting it forever, which, according to your reasoning, leaves them with no further room to grow or innovate. Unfortunately, that perspective is just bollocks. FOSS developers deal with this every day, and they've found a perfectly workable process:

Supported APIs are marked as such. Deprecated APIs are marked, too, with the clear warning that past this version, you're on your own. Unsupported interactions with the internals are marked - not fenced, but simply labled Here Be Dragons. You're welcome to venture there if you want, but don't go asking for help if something goes wrong. Most developers benefit from a better understanding of how the whole system works, and can in fact suggest or offer improvements in upstream functionality as well as better implementing their own.

I'd be fascinated to know why you think that things are somehow different for Microsoft than they are for IBM or Novell.

Re:Microsoft is just isolating itself (1)

calciphus (968890) | about 8 years ago | (#15807325)

Locking out all but trusted software and hardware (maybe), you claim? Egads, this sounds a whole lot like the Apple plan: "If they HAVE to buy everything from us, we'll be rich." MS would never lock out competition. As [pieterh] pointed out (though they were trying to insult MS at the time), encouraging others to dump billions into development has saved MS money in the long run, plus they reap the rewards. If the platform is stronger, more people will buy it, write for it, etc. The user experience is greatly improved by 3rd party software. Try and have one company get everything right, and you get the iLife Suite of Awfulness. But then again, MS can't really ever close a software platform. They'd be brought up on anti-trust lawsuits, AGAIN. Remember: You can't bundle a media player with your media platform (unless you're Apple) and you can't bundle a browser with your internet-connected platform (unless you're Apple).

Re:Microsoft is just isolating itself (3, Informative)

DrScott (4365) | about 8 years ago | (#15807375)

Apple may be bundling software, but the difference is that the user is _totally free_ to use competitor's software. I use other browsers, other word processors, and other multimedia software than those supplied by Apple alongside their products. Competitor's software is not crippled. Yet you have no problems defending Microsoft trying to make everybody use only their software. Microsoft was _convicted_ of anti-trust violations in the US and Europe (and is being investigated in other regions too) not because they bundled products, but because they consistently tried to do so in unethicals way that drove competitors out of business.

Re:Microsoft is just isolating itself (3, Insightful)

calciphus (968890) | about 8 years ago | (#15807450)

Microsoft never made it difficult / impossible to install a 3rd party media player on any system they've ever made. Nor did they do that with a browser. That's the line fed by money-grubbing anti-trust lawyers to uninformed users.

The primary argument the ACTUAL anti-trust lawsuit was based on was that Microsoft was leveraging the dominance of one product to the advantage of the other, giving it an "unfair competative advantage". The fact that Windows Media Player came pre-installed made paying for a product like Real Networks's RealPlayer (a particualry crappy piece of software, I might add) very unlikely for the average user. When WMP moved from being just a basic media player to including things like playlists, internet streaming (before it was called 'podcasting') and visualizers, it became a competitor for programs like WinAmp and RealPlayer. Anti-trust lawyers argued somewhat successfully that this amounted to Microsoft unfairly leveraging market dominance and discouraging competition.

Now, YOU have no problem arguing that Apple is somehow above this. Let's look at the iPod: Clearly the market leader in mobile media players, they REQUIRE you to install iTunes to load music onto it. They even go so far as to SUE other companies that make software that can download to the iPod (see: RealNetworks, WinAmp iPod plugin, etc). It isn't even for DRM stuff. Just transfering unencrypted files to and from an iPod constitutes a crime (according to Apple legal) if you aren't using iTunes. //technically// using the Windows Explorer to do so is a violation of the "terms and agreements" you apparently agree to when you buy an iPod.

So get off your high horse, Mac Zealot. All that's white and cheap plastic isn't gold.

Re:Microsoft is just isolating itself (1)

nurb432 (527695) | about 8 years ago | (#15807412)

And that would make Microsoft rather happy. Being able to run ONLY microsoft, and then get useres on the 'lease plan' ( remember their 'free PC' concept? ) to insure a perputual income.

Re:Microsoft is just isolating itself (1)

twiddlingbits (707452) | about 8 years ago | (#15807491)

If they do that then we are back to the same issues that got them in trouble with IE. AND they would be violating the Anti-Trust settlement with the DOJ. Only MS having the ability to write software that operates at the highest privelege level is a monopolistic practice. Then again it may force more people to Linux and the *NIXs of the world which could be good. Don't give me the typical stupid /. reply of there being a Republican in the White House and thus it doesn't matter what M$ does. It matters a great deal, as there are a lot of very important and secure applications that run under Windows, and we all know how good M$ security is in their software. I surely don't want the same team that brought me the security holes being the only ones able to fix the holes (assuming they decide they are in fact holes and just not an imginary hole).

Re:Microsoft is just isolating itself (1)

Crayon Kid (700279) | more than 7 years ago | (#15807769)

Only MS having the ability to write software that operates at the highest privelege level is a monopolistic practice.
I never quite understood why they can't be allowed to do whatever they want with their own software. Don't like it? Don't buy it. Very simple.

If I, John Doe, write a program right now and warn potential users that upon running it will find and delete competition software, what would happen? People either wouldn't install it, or install it knowing what will happen. Very simple.

But because Microsoft is already big and Windows is all over the place and people are already using it, they can't be allowed to do this. That about sums it up?

Re:Microsoft is just isolating itself (1)

twiddlingbits (707452) | more than 7 years ago | (#15807904)

But because Microsoft is already big and Windows is all over the place and people are already using it, they can't be allowed to do this. That about sums it up? No, because they are under DOJ orders to allow other folks software to INTEROPERATE. What they are doing will make software from folks like Anti-Virus and Spyware unable to do that, just like back in the days ( you ARE old enough to recall the 1990's right?) of the Netscape vs IE issues. When you hold an incredibly dominating position in the market the law only allows you to do certain things, things that allow you to keep and build your market position by mechanisms that "lock-out" others is definately not allowed. Read up on Anti-Trust laws before running off about it.

Re:Microsoft is just isolating itself (1)

70Bang (805280) | more than 7 years ago | (#15807678)



As I've said before, Microsoft's biggest resources are Huey, Dewey and Louie (Marketing, PR, and Sales).

They have two tasks before them right now: Vista. That seems like one, but it's two. First, there's the standard upgrades and new machine purchased as well as any corporate issues. Secondly, and far more importantly, they're going to try and pry corporations from sitting pat. There's a lot of corporate licenses which are still running Win2K, both server and terminal, Visual Studio 6 (+SP6), SQL 2000, etc. The number of surprises are minimal, the cost inconsequential; in essence, their TCO is just about as inexpensive as it can be.

In order to upgrade from that position, they'd have to pay for a lot of upgrades - hardware, software, people, general support, yadda yadda.

Back to point.

Microsoft has tried this before: When DOS was the base and Windows was the "OS/2" (tongue in cheek) running on OS/2, MS-DOS, IBM-DOS, etc. There were allegations against Microsoft because Windows would only run on MS-DOS. Windows wouldn't run on any other DOS executables and those with problems were directed to purchase Windows, then call back if they had problems after that. That gave them some very short call-times for that group of supporters. Think of the old joke re: "Infinite Storeage" which amounted to "Write Only DASD". If you tried to read from it, smoke and problems would be make to the support and be queried: "You didn't read from it, did you?"."Oh,no. You can't do that. It's Write Only."

If you go back through the court documentation, the issue of what GUI would run upon which DOS product. The discussion generally went along the lines of, "Only if you can do without errors - there cannot be any errors which are produced because of the incompatibility." IFF (for the non-math people, IFF means "If and only if")


Re:Microsoft is just isolating itself (1)

ThePengwin (934031) | more than 7 years ago | (#15808681)

One more step towards world domination

Just the opposite (5, Funny)

Vampyre_Dark (630787) | about 8 years ago | (#15807108)

Microsoft has actually been bending over the backwards to help the anti-virus companies properly integrate their products into the new windows Vista. The problem comes from miscommunication. Billy is using his new speech-to-text program for all correspondece.

Re:Just the opposite (1)

JohnWasser (888342) | more than 7 years ago | (#15808859)

I can see the letter now: "you just have to aunt the aunt function and aunt the aunt aunt period new paragraph no delete that select all dammit."

Midget stoners.... (1)

Gno (970625) | about 8 years ago | (#15807116)

I think we should make a couple anti-virus programs with personalities like midget stoners,
Dude, like, the computer went that way.... I think...
Or mabye Microsoft should invent an all-in-one package to secure their pcs, instead of me installing a million diffrent MS products.... nah, thats a stupid idea.

Slashdot for the News you already read elsewhere (-1, Flamebait)

Anonymous Coward | about 8 years ago | (#15807117)


Slashdot, for the News you've already read elsewhere? BORING

Fark for the news, Slashdot for the comments! (0, Offtopic)

pieterh (196118) | about 8 years ago | (#15807159)

No-one comes here for the news! Not only is it always a day or two late, we often recycle it just for fun, and then make 'slashbacks' on it one more time just to annoy the hell out of people like you.

People come here for the comments. Like this comment.

Actually there's a story about this comment. A guy sold me a whole pack of comments, telling me they were cool and the latest fashion. But when I took them home they started making all kinds of noise, and annoying the neighbours. So I tried to flush one down the toilet but it just got stuck and the toilet overflowed, so I had a living room full of noisy, wet, and smelly comments, which really annoyed the neighbours. I tried burning the comments in a barbeque but they didn't really catch, but started smoking, so I found myself with a whole house full of smoking, smelly, wet, noisy comments. Luckily, some of my friends had mod points, so we caught the comments and modded them down to -1 insane, which made them a lot madder, but at least no-one could see them any more. I was left with a single comment, slightly used, but after I dried it in the microwave and it passed the lameness filters, I posted it here.

There are no old stories, only old comments.

Re:Fark for the news, Slashdot for the comments! (0)

Anonymous Coward | about 8 years ago | (#15807194)

That comment negates its premise.

Re:Fark for the news, Slashdot for the comments! (2, Funny)

cli_rules! (915096) | about 8 years ago | (#15807400)

No-one comes here for the news! Not only is it always a day or two late, we often recycle it just for fun, and then make 'slashbacks' on it one more time just to annoy the hell out of people like you.
Agreed. We come here for the wit.

Re:Fark for the news, Slashdot for the comments! (0, Redundant)

Dadoo (899435) | more than 7 years ago | (#15807878)

Oh, be nice. It only just showed up on Digg 16 hours ago. :-)

Microsoft's Principles? (3, Insightful)

pieterh (196118) | about 8 years ago | (#15807120)

So how does this fit with Microsoft's 12 Windows Principles [microsoft.com] ?

Oh hang on, nowhere in those principles does it mention anything about giving competitors open access to Windows systems. Maybe this one:

"Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for application developers and Web site creators to build innovative products on the Windows platform -- including products that directly compete with Microsoft's own products."

Translation: We love products that compete with us, so long as they run on Windows, because it just means you're doing the R&D work for us. Hey, that's how we got to be so large, by taking ideas from other people, so why stop now?

Re:Microsoft's Principles? (1)

crashelite (882844) | more than 7 years ago | (#15807588)

u forgot... by the way can we buy you out in a couple of years and then sell your product with a MS logo on it and mess it up to the point it barly runs....(refering to Virtual PC)

Better Summary (5, Insightful)

RightSaidFred99 (874576) | about 8 years ago | (#15807127)

"Our software doesn't work, we're pissed."

They are basically saying that they want the existing weak kernel model to continue to be supported because at least it allows them to do things they way they have been for a long time. This is, of course, stupid. It's like my locksmith not wanting me to get a new door because his equipment won't work with it, even if the new door theoretically provides the basis for better security long-term.

I'm not saying the new intercept model is great, I'm saying the answer isn't "leave it like it was". Instead of whining, why don't they engage Microsoft and figure out what exactly they need. Regardless of what your average wanker things, Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.

Re:Better Summary (1)

aitan (948581) | about 8 years ago | (#15807180)

Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

Despiste all the improvements about user security, firewall etc... I don't think that any serious company will try to sell a new PC with Vista and no antivirus at all.

Which, I gather, is basically what they're doing. (1)

Dogun (7502) | about 8 years ago | (#15807277)

Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

http://www.microsoft.com/whdc/driver/kernel/64bitp atch_FAQ.mspx [microsoft.com]

From the FAQ:

[snip]
Q. Patch protection prevents my application or driver from running. What are my options?
A. Modify your application or driver to use only Microsoft-documented interfaces. If the functionality you want to enable is not supported with Microsoft-documented interfaces, then you cannot safely enable that functionality. There is no mechanism to selectively disable patch protection or "special-case" a given application to work around patch protection. If an application or driver patches the kernel, it generates a bug check and shuts down the system. Note that patch protection in the operating system might be extended in future releases or service packs, so using any undocumented mechanisms in your application or driver (even if they seem to work on released versions of Windows that support patch protection) might result in further incompatibilities in the future.

If your application or driver must perform a task that you believe cannot be accomplished without patching the kernel, contact Microsoft Customer Support Services or your Microsoft representative for help in finding a documented alternative.

If no documented alternative exists for the functionality that you want to implement, then the functionality will not be supported on any Windows operating system that includes patch protection support.
[/snip]

I wonder what percent of the BSOD minidumps that come back to Microsoft are caused by somebody patching something they didn't understand or because some internal API changed?

Re:Which, I gather, is basically what they're doin (1)

daeg (828071) | about 8 years ago | (#15807465)

From what I've seen with beta drivers in Vista, it tells you explicitly what driver caused it. "nVidia Display Driver has attempted to alter and possibly destabilize your system" and then the driver is (somewhat glitched) stopped. Definitely more friendly than old school BSODs. We shall see how the final Vista plays out.

Re:Better Summary (1)

CodeBuster (516420) | about 8 years ago | (#15807290)

Microsoft should be the one contacting the main antivirus companies around to make sure that their products work without problems with the new version of Windows as soon as it hits the stores.

An interesting sentiment, but look at it from the perspective of Microsoft. They have built a system which they are bound to support, but for which they have not provided certain features that may be needed by certain types of software, namely kernel hooks and the like, because these types of "features" are available to the root kit and virus creators just as much as they are, or could be, available to the anti-virus vendors who are trying to stop them. This results in third party vendors attempting to hack into the kernel to get the functionality they need and whether their intentions are good or bad it can still result in an unstable, wrecked, or compromised system. Should Microsoft have to support these vendors when it was never intended that these types of features would be available?

To put it another way, consider the automobile manufacturers. If I modify or replace the controller chips in my engine to alter the spark advance, fuel/air mixture, injector pressure, etc for whatever reason then I automatically void any warranty that may have been in effect from the manufacturer. If I blow my engine because of these modifications then that is my fault. How can the manufacturer warranty any unknown hacks that I may attempt on my engine? They can't and they don't. So to what extent should Microsoft be responsible for the actions of third party software vendors? It's a question worth asking.

Re:Better Summary (1)

Steendor (917855) | about 8 years ago | (#15807357)

Microsoft shouldn't make it a priority to contact anybody regarding these issues. Software vendors are responsible for whether or not their programs work properly. If they need Windows to have certain capabilities that it doesn't appear to, then they need to make contact with Microsoft. At that point, Microsoft should either explain how such a thing can be done, or explain why such a thing shouldn't be done, or make it possible.

Happens every time they change something (5, Insightful)

Sycraft-fu (314770) | about 8 years ago | (#15807260)

Prrogrammers are lazy, that's just how it goes. I remember all the Strum und Drang over Windows 2000 and it's new audio model. Basically, MS did a revamp of how audio was handled in 2000. It's a much better model. However it was different from what the pro audio companies were used to so they cryed about it. I had a $600 10-channel pro card at the time. When 2k came out, I wanted to switch. However they had no 2k drivers, you had to install the NT drivers which did work, but were a pain in the ass. They said "There will never be Windows 2000 drivers, 2000 is unsuited to audio."

What they were worked up about was the kernel mixer, a subsystem that introduces 30ms of latency to audio. Now of ocurse this isn't a problem, first because the drivers are aware of this and do time compensation so it only matters for live sound-on-sound recording (meaning you are playing something that a musician is listening to and recording what they are doing) and you can bupass teh kernel mixer anyhow.

Well finally they figured that out (it's in the documentation for the new driver model) and they released a driver... That only supported 2 channels of the 10 on the card. They claimed that the new driver model didn't support more than 2 channels on a card. I e-mailed MS about this and I think they were sufficiently supprised by the stupidity of the question that they responded. they pointed out that not only could they enumerate the device as multiple 2-channel devices (as you had to do in Win98 and NT since they only supported 2 channels) but WDM could handle real multi-channel devices as well.

Some e-mails back and forth with the company and finally they came out with a functioning WDM driver for their card. These days, their cards have ONLY WDM drivers available, they don't support 98 or NT anymore. However it was like pulling teeth to get them to learn the new method of doing things. Not because it was worse, it's not, but because they just wanted to keep doing things how they had in the past.

I'm sure that's basically what this is. MS has changed the way things work, if it's better or not one can debate, but it's not to screw the AV companies over. They are just being whiny because they don't want to have to change the way they do things.

Re:Happens every time they change something (1)

PopeRatzo (965947) | more than 7 years ago | (#15807737)

Excellent point. I had the same problem with my pro audio hardware. I remember how "Windows 2k was just not for audio" and that "there were never going to be wdm drivers" for certain hardware. Today, wdm is a terrific way to drive audio cards, allowing for more channels, less latency and better all-around performance. Just because the lazy programmers finally had to bite the bullet. I remember being told by several vendors that Win2k and WinXP were not going to be any good for audio production and that I better hang on to NT.

Re:Happens every time they change something (0)

Anonymous Coward | more than 7 years ago | (#15808320)

Oh boy, this brings back memories of my Targa 1000 video capture card and my ADB Digital 24/96 ISA audio card.

The last official support for the Targa 1000 card was on Windows NT4 with Service Pack 3. Not SP6, but SP3. It also needed exactly QuickTime 3 to function.

My ADB Digital audio card was, from a hardware perspective, a marvelous card. For $400 in 1998 I got stereo in/out with 1/4" TRS balanced jacks, and a great S/N ratio of 105dB. Even by today's standards that's pretty good. The only problem was that they wrote the drivers in VISUAL BASIC 3. Yes, I'm serious. They actually worked pretty well, but they sure as hell never worked with Windows 2000.

Having been burned twice, I'm now buying as many of my A/V peripherals as possible as external components. I finally have a similar setup again on my Mac G5 that should last a lot longer.

- External firewire hard drive (will work on a Mac, PC, or a laptop).
- Built-in DV FireWire card (all computers have these now, except some PCs).
- Presonus Firebox FireWire audio interface (works on Mac or PC. Uses CoreAudio on the Mac, which is their built-in driver
    for all sorts of devices. Hence, no crappy 3rd party hardware manufacturer drivers even required!)

The moral of the story?

- External interfaces last longer than internal interfaces (FireWire vs ISA or PCI, for example).
- Generic OS drivers are better than manufacturer provided drivers, especially if it's a niche/specialty hardware company
    that is good at making hardware but then has to get some stupid drivers written so they can actually sell their product.

Re:Better Summary (1)

Keeper (56691) | about 8 years ago | (#15807339)

I stopped reading the article after these morons complained that that can't use a 32bit function pointer to 32bit code to hook kernel calls in 64bit Windows...

Re:Better Summary (1)

tyler.willard (944724) | about 8 years ago | (#15807347)

No, it's not that simple. They're pissed because MS is dictating how the should design their products. Furthermore, they're doing it with an attitude of "yeah, you used to do this directly, but now you'll have to trust us to give it to you....maybe.". You can still have a robust kernel and have third parties able to interract with and extend it, take Linux or BSD for example.

Locksmith door analogy. (1)

hackwrench (573697) | about 8 years ago | (#15807366)

No, it's like Locksmiths petitioning the state not to mandate that only one type of "new secure door" be used going forward, the specs of which will be kept a state secret.

Wrong example (1)

Dcnjoe60 (682885) | more than 7 years ago | (#15807609)

You use the wrong example for the locksmith. It should be this is like your locksmith rekeying the locks on your house with a special key that only they can produce and you must get from them. This is much like the automakers did with "smart" keys. It used to be if you needed an extra car key, you could get a copy made for a dollar or so. Now, you have to go to the dealer and pay $35 or more, depending on make or model.

Has the "new" car key approach made it harder to hack or steal cars, no, just more of a hassle for honest owners of the vehicle. Will the change being made by Microsoft ultimately make Windows more secure and harder to hack into? Likewise, no. It's all for the appearance of security, but until Microsoft changes the basic nature of Windows being able to connect to any device anywhere and automatically sharing files with Aunt Mary, there will always be holes to exploit.

Until Microsoft truly takes security seriously, they are still putting band-aids on top of fundamentally insecure systems. It's far cheaper to offer the appearance of security than to actually do it. Doing so would mean a whole new code base. Apple did it with OSX, the question is whether Microsoft has the ability to let go of the past to build for the future and do it, too.

Whether it's GM selling me a $1.00 key for $35 or Microsoft selling me a "trusted computing" platform, neither one will prevent someone from getting what is mine if they really want it.

Not such a good appology. (1)

twitter (104583) | more than 7 years ago | (#15807658)

Our software doesn't work, we're pissed. ... Instead of whining, why don't they engage Microsoft and figure out what exactly they need. ... Microsoft will NOT be in a good situation if Vista turns out to be a dud security-wise. They want it to work.

You must have read a different report. The one I read said that Microsoft was broken and they won't let anyone fix it. The M$ security model was easy to circumvent and that circumvention was the only way to get what they need to watch out for all the dirt bags doing the same thing to serve up adds and spam.

Insulting the people who try to fix what's broken on M$ is not a good way to apologize for M$'s broken junk.

Translation to twitterese (0)

Anonymous Coward | more than 7 years ago | (#15808317)

You mu$t have read a different report. The one I read $aid that Microsoft wa$ broken and they won't let anyone fix it. The MS $ecurity model wa$ ea$y to circumvent and that circumvention wa$ the only way to get what they need to watch out for all the dirt bag$ doing the $ame thing to $erve up add$ and $pam.

In$ulting the people who try to fix what'$ broken on MS i$ not a good way to apologize for MS' broken junk.

Re:Better Summary (1)

Alchemar (720449) | more than 7 years ago | (#15808082)

No, it is a lot more like the locksmith telling you to get a new door, one that you can only get keys from him, because it has better security, and it looks pretty.

Serves 'em right (1)

TheOtherChimeraTwin (697085) | more than 7 years ago | (#15808704)

I tried to use Norton in one of my applications. It would have been very nice to be able to scan a user provided file with an antivirus application, but I couldn't find an API. All I was looking for was something like Microsoft Word had -- for a given user file, scan it and tell me if it is infected or not. Symantec wouldn't provide any information "for security purposes."

Microsoft should just fix their software (0, Flamebait)

cyber_rigger (527103) | about 8 years ago | (#15807139)

IMO Microsoft has a lot of gall to charge people to fix the problem that they created in the first place.

In other news, buggy whip manufacturers upset (0)

Anonymous Coward | about 8 years ago | (#15807142)


that the new Ford Popular has no provision for horse harnesses or whip storage facilities

Worst analogy EVER! (0)

Anonymous Coward | about 8 years ago | (#15807361)

Please think before posting. The way your post reads implies that Windows Vista will render the need for antivirus software obsolete.

If you honestly believe that, go back on your meds, mmkay? Because given Microsoft's track record w/r/t the claims it makes about the next version of Windows, nobody in their right mind believes anything coming from the Redmond PR machine anymore. Wasn't it XP or 2000 that wasn't going to need service packs? Yeah, that was a laugher. And there are plenty more examples.

They Started With Device Drivers (2, Insightful)

LaNMaN2000 (173615) | about 8 years ago | (#15807164)

Mirosoft started treating device driver that were not 'certified' for Windows XP differently in the installation process. the certification process is expensive and I have had numerous drivers that generated warning prompts because the manufacturers did not pay the Microsoft tax. I had a feeling that it would only be a matter of time before Microsoft created its own 'digital signature' like process for certifying system or application software.

Re:They Started With Device Drivers (4, Interesting)

gnuman99 (746007) | about 8 years ago | (#15807263)

It is called "Designed for Windows" program. Yes, applications have to be signed. And yes, you have to send a copy to MS so they can verify if you follow guidelines when they get 1000s of core dumps from your application. Or complaints about spyware and crap.

http://www.microsoft.com/winlogo/default.mspx [microsoft.com]

Yes, it costs money because you have to buy a digical certificate from Verisign. And send the software on a CD to MS, so a postage stamp there too.

And yes, MS will probably start treating software from unknown vendors differently than those that have registered. But afterall, how can you blame them with all the spyware screensavers and other crap.

We already see digital signatures in Linux like Debian. Untrusted repositories get flagged as "WARNING!! Untrusted source. WARNING!!". Microsoft should be doing the same to protect its user base.

Re:They Started With Device Drivers (3, Interesting)

bogado (25959) | about 8 years ago | (#15807497)

If the user can choose on who he trusts, then it is okay. In my fedora computer I can easily install install a new source to my software and say that all packages signed by this source is okay to go in. I can also de-install a default source if they show that they are not trustworthy.

If the windows user has the same set of choices, then it is okay, but if MS is the only one who can bless application to install or run without warnings in the windows plataform and there is nothing I joe user can do to change this, then I believe it is a problem.

Just imagine if MS will give its blessing to all the open source software that is available now for windows. The answer is no, and the author will probably naver even ask for such bless for the simple fact the it will cost money. Now if the windows user could just say to his system that the software package with the signature of that John Doe who happen to signs all kinds of open source software and distributes them in his site, then it is fine. Just like I can install software from Livna that packages software that redhat simply don't want, and will never do, to distribute due to legal problems.

Re:They Started With Device Drivers (1)

lseltzer (311306) | more than 7 years ago | (#15808542)

In fact in Win64 from Vista on up, unsigned kernel-level code cannot be installed [eweek.com] . You need to use a not-cheap signature from a trusted authority.

This is one of the holes in the Agnitum Whine Paper - they ignore the fact that the code they say could easily hack past the patching would have to be signed, which presents serious problems for a hacker.

One question (0)

Anonymous Coward | about 8 years ago | (#15807187)

Where the F*** is the DOJ?

cry me a river (4, Funny)

r00t (33219) | about 8 years ago | (#15807202)

Binary patching a kernel is just plain wrong. It's an unstable hack.

You're supposed to patch the kernel source and recompile. Oh...

Re:cry me a river (2, Funny)

Opportunist (166417) | about 8 years ago | (#15807233)

If you apply an unstable hack to an unstable hack, is the result stable?

Re:cry me a river (1)

Korgan (101803) | more than 7 years ago | (#15808869)

Double negative, so the answer must be Yes! :-)

Got it backwards (1)

texaport (600120) | about 8 years ago | (#15807206)

Simply by unleashing Vista on consumers, Microsoft created a two billion dollar software industry to secure that product.

If AV makers can keep 60% of that total among themselves, then their own collective piece of the pie is sufficient, and they can let their marketing departments fight the other AV marketing departments for marketshare.

Compare 5 boxes of antivirus software at Wal-Mart these days, and you see identical packaging. These companies are either used to being told what to do, or else lack originality and just copy each other at every turn.

Microsoft can barely keep up with patching IE... (2, Insightful)

TheNoxx (412624) | about 8 years ago | (#15807223)

How exactly are they going to keep up with all of the new viruses/trojans/etc released for Vista? I know it's supposed to be "so goddamn secure", but nothing's foolproof, let alone a silly little MS product.

I dread to think how bad the current state of spyware/adware and malicious code would be if MS made themselves the end-all for anti-virus protection in XP. What a monumental fuckup Vista will be.

Perhaps a good thing! (1)

Jerry Coffin (824726) | about 8 years ago | (#15807225)

While this will almost certainly be a complete flop in terms of preventing malware from patching the kernel, it may still be a good thing for people's security.

By far the best thing that could happen to the security of Windows would be if everybody forgot the personal firewalls, Norton Virus, etc., and used external boxes for these purposes. By the time anything running inside of Windows has a chance to try to do the job, it's too late. Windows is extremely large and complex, with myriad routes from almost any place to any other. Once malicious code is on the machine, it's too late to be at all certain you can prevent it from doing its dirty work.

This is a bogus complaint. (2, Informative)

Dogun (7502) | about 8 years ago | (#15807234)

You can do your antivirus activites just fine using supported methods and interfaces, and it doesn't require patching kernel code.

Filesystem filter driver. Possibly some other filter drivers. Cleaning service. Low-privilege interface. That's all you need.

Making headlines four years from now... (3, Funny)

Sixtyten (991538) | about 8 years ago | (#15807244)

Microsoft's New OS to Run Exclusively Microsoft Products

October 28, 2010

REDMOND, Wash. — Microsoft has just made a last-minute change in plans for it's newest operating system, Windows Vista.

The operating system, scheduled for release this December, will now only run Microsoft products, according to CEO Steve Ballmer.

"This is a very exciting time for us all," announced Ballmer. "For years, end-users have been forced to choose between products by third party developers and Microsoft. Now, they won't have to," he explained.

Ballmer also claims that the new operating system will feature cutting-edge security.

"Because the system will only run Microsoft products, you will continue to see the stability and security you expect of Microsoft," he continued. "And with the new Privacy Protection Advantage software, you can be assured your copy of Windows is genuine, because otherwise all of your hard drives would be erased and appropriate authorities will be dispatched. You couldn't possibly be able to use this system if it wasn't."

Microsoft also recently announced it's new Quality Assurance Software, which is bundled with Windows Vista and is now a required Windows XP update.

"It searches your hard drives for foreign operating systems and deletes them immediately to assure that all of your software on your machine is of uniformly good quality. It also will automatically reinstall Windows on all of your hard drives in case you get tempted and decide to try any lesser operating systems," Ballmer noted.

Ballmer also mentioned... (0)

Anonymous Coward | more than 7 years ago | (#15808125)

After his statement, a followup announcement was made, pushing the expected release date back until March of 2011.

Quit Writing Story Headlines with Question Marks? (-1, Redundant)

Anonymous Coward | about 8 years ago | (#15807255)

Maybe?

Old Arguments: Users vs the Monopoly (2, Insightful)

buckhead_buddy (186384) | about 8 years ago | (#15807258)

While Linux, BSD, and (past) OSX developers are used to an open kernel, Microsoft has a long tradition of security through obscurity. Microsoft has also not had a problem with rolling over competitors and even collaborators with a lock-out technology when they feel they are in a position to make more money. Those arguments are common and they won't even make a blip on the conciousness of most people.

What would really get Microsoft to pull it's greedy hands out of making "security services" the next extension of its monopoly powers? I think it would be when the Ralph Naders, and liability lawyers take Microsoft becoming the sole provider as admission of making a product with a faulty design and trying to profit from it.

If you want to make Microsoft open it's doors and keep it's hands off the security market, then you need to make noise about this new tactic as being a tacit admission of faulty products and trying to profit from supplying the broken product and the fixes. Perhaps then, Microsoft might be eager to open the kimono for third party or independent review.

Treacherous computing at its finest (1)

Opportunist (166417) | about 8 years ago | (#15807261)

I'm the first to shout hooray for a secure platform. But trying to lock out what cannot be locked out isn't security, it's stupidity. Now, I know that "being secure" is just the frontend to sell TCP, but at least a frontend should hold some water 'til it's sold.

Locking out competition by rising the cost to produce for a certain platform is a BAD idea. See IBM's Microchannel architecture for reference. And that was hardware, something you can't simply copy instead of shelling out the dough for the higher cost (which, in turn, is a result of licensing/signing fees).

Security comes with a sensible security concept. And that in turn is not linked to disabling the user's ability to install what he pleases, but it is a matter of permissions and differently enabled accounts. One for installing, one for everyday use. It's not like it is completely impossible, there are systems in existance who do just exactly that, and it doesn't take an IT expert to make it work. Everyone can do it, when it is implemented sensibly.

And when not every program needs admin rights to at least do what it is supposed to do.

Sensible security model (1)

hackwrench (573697) | about 8 years ago | (#15807416)

Two core elements of a sensible security model for me is notifying the user of something he might not want done, and allowing him to turn off superficial alerts so that he can concentrate on the real problems. Now I forget what the feature is called that Microsoft implemented that is supposed to do this sort of thing, but all the reports seem to be saying that it's been flagging superficial stuff like deleting a shortcut from the desktop and I haven't been hearing reports of it catching really serious stuff. Though instead of writing software to detect and notify about the really serious stuff, it seems that Microsoft has done this.

Agnitum Outpost (2, Interesting)

bananaendian (928499) | about 8 years ago | (#15807264)

I've been using a free version Agnitum's Outpost firewall [agnitum.com] for several years now on my w2k machine and its a clever little program, far simpler and thinner than the offererings from the major players. However like any good firewall program it does require the user to make very technical decisions on network traffic permissions whenever a process tries to contact the internet. Now before I praise it for not letting a process (virus/spyware/legitware) do a thing I don't want for the last couple of years, I do have to mention a disclaimer that in addition I've got the latest security updates for w2k, a NATted hardware firewall on the router and generally secured my system according to NSA's manuals [nsa.gov] .

Unlike in a Unix environment, in Windows the basic security concepts aren't required of the user. Windows computers despite the networking or even server capabilities are still built upon the philisophy of Personal Computer where the user has total control but also total responsiblity for what the software does. Microsoft's attempts to somehow augment security on top of this flawed concept is not going to succeed and in fact seems to be going the opposite way. Certainly my w2k box is easier to make secure than XP with its 'security improvements' and it seems Vista will make it impossible for the user to secure the computer that he's supposed to own and control.

Sadly I will try to stick with poor old w2k as long as possible but eventually I might have to resort to going the OSX way...

Re:Agnitum Outpost (1)

MattPat (852615) | more than 7 years ago | (#15807810)

Windows computers despite the networking or even server capabilities are still built upon the philisophy of Personal Computer where the user has total control but also total responsiblity for what the software does. Microsoft's attempts to somehow augment security on top of this flawed concept is not going to succeed and in fact seems to be going the opposite way. Certainly my w2k box is easier to make secure than XP with its 'security improvements' and it seems Vista will make it impossible for the user to secure the computer that he's supposed to own and control.

IMHO, the concept is not flawed at all, but it has a dependency: the user must be computer-savvy enough to know what software gets installed on his or her computer. I think the reason Microsoft is imposing control over some parts of Windows is so that spyware, etc. isn't installed so quietly. When a user actually know's what's on his or her computer, it's a lot easier to make sure it's doing what it's supposed to.

If a user buys a virus on CD, and installs it, knowing that it's a virus, then it is the user's responsibility. The challenge is making sure the user does know what every program on their computer is supposed to do, which is what I see as one of the goals of Microsoft's OS security improvements (well, "improvements").

Other operating systems have (in general) base systems that are already more secure than Windows, but how is the concept any different? Security is totally the user's responsibility.

Just my 2 cents worth.

Hah (1, Insightful)

flimflammer (956759) | about 8 years ago | (#15807380)

I love these controversal subject names. Really gives you that "We hate Microsoft and are damn well proud of it!"

The title just smells of "We dont like other anti-virus makers and want to block them", when the real subject is more "We're securing our kernel better than before, making it harder to dig into things people shouldn't be. Work around the changes in our internal api if you want to continue doing the things you do."

I see this as nothing more than making a mountain out of an ant hill.

HA in a linux post most of the +5 posts would (1)

atarione (601740) | about 8 years ago | (#15807507)

have been modded -1 trolls

nobody may have ever been fired for buying microsoft product

but nobody has ever been modded down for flaming Microsoft on slashdot

for fuck sake people have been bitching at m$ to secure the kernel better in future windows versions now they do and they are locking out the competition. If I was m$ i'd be really bummed out by this until I looked around and saw my huge piles of money laying around all over the place then I would be feeling ok again.

Where is the problem? (1)

WindBourne (631190) | more than 7 years ago | (#15807558)

This is MS's OS. They do not give it to you or the anti-virus company. It is leased to you. That means that MS owns it and all the data that they claim that they own (i.e. the data that you produced on their OS). If they want to lock out anti-virus companies, I do not understand where the issue is. If these companies do not like it, then they should consider a new line of work on a different OS.

Sad to say, but there really is no need for anti-virus on other system. Yes, I know that Virus do occur on Apple, Linux, *nix, etc. But they are not much of an issue. All in all, MS is the ONLY system that requires it.

The real issue here, is that if a company really wants to make money and to not have to worry about unfair, illegal, and monopolistic actions against them when ever a company feels, then they should should NOT be on Windows.

Re:Where is the problem? (1)

GiMP (10923) | more than 7 years ago | (#15807602)

> It is leased to you.

No, it is licensed.

> That means that MS owns it and all the data that they claim that they own (i.e. the data that you produced
> on their OS).

They do not own content produced from the OS, if this was the case no company would use Windows... you're implying that if someone wrote a program underneath Windows, that Microsoft would own it. If you think this, you're completely ignorant.

Re:Where is the problem? (1)

WindBourne (631190) | more than 7 years ago | (#15807626)

Read MS's EULA. If you use the OS, then you agreed to it.

What I keep in mind is that the current ppl in control are very motived to find more money for themselves. MS and Hollywood are LOADED, and appear to be happy to spread it.

Re:Where is the problem? (1)

Dadoo (899435) | more than 7 years ago | (#15807864)

As much as I dislike MicroSoft, I have to agree with you, which is why I can't figure out why companies still write software for Windows. If you do, and your product is reasonably successful, there are only two options for your future: 1) you'll get bought out by Microsoft, or 2) Microsoft will come out with a competing product and put you out of business. This has been obvious since Microsoft came out with Windows 95 and all but killed Novell. Personally, I think they were just about ready to do the same thing to Intuit (with MS Money), but Linux got in their way.

This demonstrates ... (1)

Helldesk Hound (981604) | more than 7 years ago | (#15807823)

... that Micro$oft is not capable of providing a properly secure system.

Programs running in userland should not be capable of modifying ANY part of the system.

The only time that system files should be even capable of being modified is when the system's administrator / root user is logged in with root/admin permissions - and then ONLY the root user should be capable.

Why should a program running with the permissions of a user be capable of performing as if it had permissions of an administrator?

The kernel should simply prohibit that without question and without exception.

Until M$ learns that lesson it will never be capable of producing properly secure software.

Actually, now that I've thought of it, the question is more along the lines of why doesn't M$ want to produce truly secure software - because given that company's resources there is no good reason that I can see that would explain why it produces such seriously insecure software!

That's what Vista does (1)

Myria (562655) | more than 7 years ago | (#15808130)

In Vista, programs normally run without admin privileges even when you're supposedly logged on as an administrator. It's much like OS X's handling of administrators, though not at the technical level (NT has no setuid).

The problem is that Microsoft is preventing certain things from happening even when you *are* running as a trusted user. In Vista 64, you *cannot* load an unsigned kernel driver, even if you are a maximum-privileged user mode program. This is retarded, because such a user mode program can take over the system anyway regardless of that.

Melissa

This is security? (1)

Myria (562655) | more than 7 years ago | (#15807959)

This new kernel patch protection should be viewed as safety against badly coded legitimate drivers, not security against a rootkit.

Rootkit authors are some of the best programmers and reverse engineers in the world. Does anyone *really* think that rootkit authors won't find a way around ci.dll? Even Vista 64's requirement that all kernel drivers be signed is a real joke. As long as it is possible to write to \Device\Harddisk0\Partition0 (NT's /dev/hda) from user mode as administrator, a rootkit can simply take over the entire boot process starting with the MBR, and call NtShutdownSystem to force a reboot into the hacked MBR. If using EFI, it's a bit different but still not difficult.

All this really prevents are mainstream drivers hooking into the kernel. Companies whose drivers once patched the kernel won't do so anymore, because if you bypass ci.dll publicly, Microsoft will "force" an update onto almost all users within days (or next second Tuesday if you're not important enough). I suppose that this is a good thing - I'm tired of stupid kernel drivers like nProtect and SafeDisc compromising system security and stability just to prevent cheating or copying (respectfully) in some game.

Melissa

Water vs. fire vs. earth vs. wind... (1)

Datamonstar (845886) | more than 7 years ago | (#15808356)

It's like an elemental system in an RPG. Windows is weak against hacks, but strong vs. clueless users. Unix variants are weak agains end user sympathies, but hardened against hackers and what not. Throw Linux at a clueless user or force a unix guru to use Windows and you're likely to kill maim or outright destroy them both. I guess Macs could be considered the "non-elemental" kills-all system. it really is like a game, but it's too bad it really isn't any fun at all.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...