Symantec cries foul over Vista’s locked kernel


14 August 2006

Security features in the Windows Vista kernel obstruct innovations by antivirus and other security applications, security vendor Symantec has claimed.

“If security vendors don’t have access to the platform kernel, it cuts down on our ability to innovate and create compatible solutions,” Oliver Friedrichs, director of emerging technologies in Symantec Security Response wrote on the company’s website.

The kernel is the part in a computer’s operating system that manages the system’s resources and communicates between hardware and software components.




Altering the kernel allows malware authors to access any part of a system. A rootkit for instance requires access to the kernel to hide files from the system and security software. Microsoft therefore in Windows Vista has instated regular checks on the kernel’s integrity and requires that all device drivers are signed by an independent certificate authority.

In the third of a series of three whitepapers on Vista’s security, Symantec probed the security kernel security features and claimed that it is possible to circumvent the security features.

Security applications however rely on kernel extensions to do their work, Friedrichs pointed out.

And while they have are blocked, malware authors have already successfully demonstrated ways to circumvent Vista’s kernel security features.

“These new technologies, along with Microsoft’s unwillingness to make compromises in this area have serious implications for the security industry as a whole,” said Friedrichs.

“If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and original equipment manufacturers can continue to choose the best security solutions for the platform. This has always been the case with prior operating systems.”

He alleged that Microsoft is forcing end users to only use solutions offered or allowed by the software vendor, thereby stifling competition and innovation in the security industry.

“In the end, a less secure Internet will result and both consumers and enterprises will find themselves more vulnerable to cyber attack,” Friedrichs concluded.

Read More:

Comments are closed.

Back to Top ↑