SoftSphere Technologies, the official site of the DefenseWall HIPS - Host Intrusion Prevention System - sandbox your browser, e-mail, IM, IRC, P2P for secure Internet work. Anti-Spyware, Anti-Rootkit, Anti-Malware, Anti-Keylogger, Anti-Virus. DefencePlus - Buffer Overflow protection. Security software just for you! Virus Prevention proactive protection!| Articles

	Company news
	Products
	Downloads
	Products localization
	Support
	Forum
	Registration
	Articles
	Press-Releases
	About us

Home | Articles

Boycott Microsoft Windows Vista!

With Windows Vista on the near horizon, Microsoft is adding Kernel Patch Protection into the upcoming Windows Vista operating system. Microsoft claims that this will prevent rootkits from doing bad things to your computer. But is it true?

Nowadays, most rootkits are using the system's function hooking with System Services Descriptor Table (SSDT) patch to implement hiding of processes, files and registry keys. But the truth is that all those actions could be implemented without an SSDT patch! Processes could be hidden via a direct internal structures patch (so-called DKOM technique), as implemented within the 'FU' rootkit. Registry keys and files hiding may be implemented via well-documented, official techniques. Also, it is possible to switch off Kernel Patch Protection with some tricks - I believe malware writers will implement this method.

What is the real reason for this Kernel Patch "Protection"? I see only one purpose - to monopolize the market of Microsoft's security software (with a market value of more than $1,000,000,000.00 per year(One Billion US dollars )! Why do I see this coming? Third-party security vendors won't be permitted by Microsoft to implement full-featured, anti-virus, firewall or HIPS with allowed 'low-level' functionality.

There are two options for security vendors - switch off Kernel Patch "Protection" using the same 'dirty tricks' methods of malware writers (great possibility for Microsoft to sue them!) or cook up something terrible from a security standpoint with Microsoft-approved functionality and, eventually, be forced out of the security market. There will be only one method allowed by Microsoft Security - Microsoft themself!

I am a small security vendor that offers a next-generation security solution that can not be offered to you by Microsoft (usually, all the next-generation technologies are introduced and implemented by small vendors - big companies cannot be so innovative). There are two ways for me - switch off Kernel Patch "Protection" with dirty tricks which makes me a target for legal action and allows Microsoft to name me as a "dirty hacker", "malware helper" or something like that. Otherwise, I do not make a DefenseWall HIPS version that will run under Windows Vista. Those are the choices Microsoft's Vista OS leaves for security vendors and myself.

Reading this MSDN Blog article, Microsoft claims that they are able to offer good, documented ways to replace "bad" SSDT patch to help security vendors write security software for Windows Vista. OK, I've emailed them about my problems and functionality that need to be implemented for DefenseWall HIPS. And know what reply I've received? None! Silence is the answer... Because there are no allowed solutions allowed within Microsoft Vista functionality that helps me implement all of DefenseWall's protective features!

I don't want to make trouble. With all my experience and knowlege, I want to make this world a little bit safer place for all of us. So, the only choice I see is that I cannot and won't make DefenseWall compatible with Vista. Know why? If you believe that security offered by Microsoft is trustable, if you don't need third-party security software protection, if you don't want choice - you will use Vista and you won't need DefenseWall. For others who don't trust Microsoft's security products, who want to have a choice between security vendors and who want better or the very best security product, I call upon you to BOYCOTT Microsoft Vista with its Kernel Patch "Protection"! Just don't buy it, retail or OEM - and Microsoft will have to remove this "protection" that does not allow third-party security vendors who are true experts in computer security to survive and help you be protected and safe!

Ilya Rabinovich, CEO, SoftSphere Technologies, 18 August, 2006.

P.S. Just found this whiteperper from Agnutum: Microsoft's Kernel Patch Protection Endangers Third-party Security Software Vendors. "We believe that Microsoft owes users a better solution". I've got better idea - BOYCOTT Microsoft Windows Vista!

More articles:
Microsoft Kernel Patch Protection is more threat to third-party security software vendors then to hackers
Symantec cries foul over Vista's locked kernel
CNET- Windows defense handcuffs good guys

P.P.S. Microsoft have announced API allow third-party anti-virus vendors patch kernel documented way. The article is discontinued.