Security solution provider Agnitum claims that Microsoft"s kernel patch protection will shut out competing products unless competitors resort to hacker tactics.
In an article posted to the company"s Web site, Agnitum said that because of the way Microsoft designed its kernel patch protection "it will be more complicated for third-party security software companies to install and maintain their software on Windows PCs. In some circumstances, kernel patch protection may even block the installation of third-party security software."
The brunt of the complaint centres around the way some vendors hook into the kernel in order to gain enough control to defend the system against attacks. Agnitum said in order to protect a system developers sometimes resort to patching the kernel. Such a patch might involve changing a service number in the system"s Service Dispatch Table so that it points to third-party code. Then when that particular service is called by a program the third-party code is invoked instead of the original kernel code.
But that method of hooking into the lower levels of the operating system won"t be possible with the new kernel patch protection, which will be a standard feature of Windows Vista and the upcoming Longhorn server operating systems. Kernel patch protection was introduced with the release of Windows Server 2003 Service Pack 1 for x64 platforms and Windows XP x64 Edition.
In closing its article Agnitum said that "Under Microsoft"s proposed solution [of using its published APIs], a rootkit that could previously be detected by and remedied with anti-virus software will now cause the [system to crash]. The same result will occur after installation of security software that is not compatible with kernel patch protection technology. [We] believe this move by Microsoft is designed to force users to rely on Microsoft and only Microsoft for Windows security, removing the option to use third-party security solutions that, if past experience is anything to go by, are likely to be more robust and provide better protection than Microsoft offerings."