Symantec/EU succeed in making Vista insecure

[bennett]

LTD. i don't think MS is 100% to blame for not giving Anti virus company's access to the kernel, they where going to be doing it by having a special key or some certificate that they would give to all the anti virus company's so that they don't have to worry about that (there was an article posted up here about it), but it has been symantac that has been crying about not being able to get FULL access witch they don't really need. There was even an article posted up here saying that Kaspersky found no problem with vista kernel access. They said it was a good thing, It might be since that kaspersky are made by people that know there stuff.

I don't really mind all the kernel access stuff i thought that was going to be sweet, it might of even stopped a few viruses, but now it is going to just be stupid. Symantec have ballsed this one up. Doesn't really matter tho they are a lame company and i will just stick with kaspersky

[Jerry Grey Member]

I believe Ms can do anything they want to their OS, after all it is THEIR software, and there more then 3 other OS software on the market, so if you don't like it change.

Why would a ani-virus/firewall software company want their software to have kernel access? :blink:

They do not need it, other ani-virus companies is rewriting their software so it works with Vista, why can't Symantec do the same??

[ThePitt]

after having a good laugh because this article, I was wondering how much powerful really is Symantec and I stop laughing and start cry

[Slimy]

The sad things is symantec will still dominate the market because average joes will still buy their products. That is total bull****, Symantec's sales should plummet after this.

[grik]

hey, im EU citizen, and im a bit offended with things that are beeing said here.

Why do you care so mutch about what comes to EU? If you are citizens of EU you should know that you can get any version you like, american, brasilian or whatever. My point is, most of you are too mutch worried what EU deserves or not about this matter.

If you arent EU citizen, just whatch your tongue, you have many things to protest in your own region.

EU will regulate the best way for their citizens. Dont be worried. Thanks

Edited October 15, 2006 by grik

[Menge]

meh... sad day for us Windows users. Symantec is ruining it. Microsoft is just regulating what it always wanted to regulate: non documented APIs.... Symantec should be shushed.

[Denis W. Veteran]

Although I don't agree with a whiny ass "security" company crying rivers over a potential threat to their pockets, it's funny how they're whining over a security feature on a platform that won't be mainstream for at least the next two years, Vista x64.

Oh well. We have incompetant corporations and legislators talking above all. C'est la vie.

[psyko_x]

Windows has been insecure since 1995. They did nothing in 1998. They did nothing in 1999, 2000, 2001. And meanwhile, all that time, the antivirus industry has gorwn up around MS' flawed design, and both MS and the antivirus indistry have become dependent on one another. Largely due to MS' irresponsibility or ignorance from the very beginning.

They've been trying to make their OS more secure each time but it's hard when you allow admin rights to every user on the computer. Now comes UAC and kernel protection. Why are you so against MS trying a new approach to protect their OS? Should they just not try at all?

No way. No dice. MS cannot simply end the relationship without facing possible legal/legislative consequences.

What are you talking about??? Do you think Symantec's board members go to Bill Gate's house and bake him cookies every Sunday? What about the creators of Adaware and spyware removal software? Think they have some kind of unbreakable contract with MS? They're completely different companies and MS couldn't care less if Symantec went bankrupt.

Today's automobiles need gasoline and no one cared about gas guzzlers until recently (relatively). Should oil companies be allowed to sue and prevent car manufacturers from creating cars that run on electric power or some other energy source because theres some magical "relationship" between them you speak of? The car manufacturers don't give a damn about the oil companies. They continue to pour billions of dollars into research for cars running on alternative energy sources.

[bennett]

^^

w00t

yea, that was well said.

Why should an Operating system have to change its new security fixing the problem that users have been complaining about for so many years.

Maybe it will hurt symantec and other people but they will just have to remake a new application that will fit around vista because no doubt vista will get its share of viruses.

[Trong]

I can definatley see an Apple Ad in the future saying how the Vista kernel is insecure and that you need an antivirus to run it. We will all know that it was cause of Symantec for the ad.

[NightmarE D]

Windows has been insecure since 1995. They did nothing in 1998. They did nothing in 1999, 2000, 2001. And meanwhile, all that time, the antivirus industry has grown up around MS' flawed design, and both MS and the antivirus indistry have become dependent on one another. Largely due to MS' irresponsibility or ignorance from the very beginning.

Microsoft has made it known very clearly that Vista would be more secure than all the previous versions of Windows. This has been said since they started on Longhorn 5 years ago, especially when they switched over to the Windows 2003 code and said they were making big changes in security.

Symantec and the others should have known what was going to happen a long time ago. Now they wait until the last minute, a couple months before Vista is released, to start crying about this. All the others have just re-written their software to work with Vista. Symantec and the others crying over it, are simply too lazy to do this.

About boycotting Symantec and the others crying, I don't really see a need. In the last few years that's pretty much been happening since more and more people are either switching to free anti-virus program like Avast or AVG and others switch to a completely new OS like Linux or OSX. IMHO the free software like Avast or AVG do a much better job at protecting a system than the Symantec or others do. They're also a lot less bloated and don't use nearly as much system resources.

Just my opinion

[jamend]

You mean, as opposed to the almost comedy situation of the maker of the O/S then selling you software to cover up the lack of security in their Operating System?

Now I'm no economist but doesn't it seem a tad silly to ship a product which people will only really buy if your core product has security holes in it?

:rolleyes:

Almost all viruses spread because people are idiots and they think they can get free screensaves of nude celebrities in their emails. Exploit-based viruses are very rare (so they get a lot of media attention), and even then most of those exploits are already patched.

[Brandon Live Veteran]

I'm anxious to find out what changes are being made to PatchGuard. Everything I've heard about it from folks in the core OS division who worked on it stated that it was a significant step forward in building a more secure Windows platform.

I hate, hate, hate when governments favor "anti-consumer" decisions over those that are called "anti-competitive."

[Brandon Live Veteran]

Windows has been insecure since 1995. They did nothing in 1998. They did nothing in 1999, 2000, 2001. And meanwhile, all that time, the antivirus industry has gorwn up around MS' flawed design, and both MS and the antivirus indistry have become dependent on one another. Largely due to MS' irresponsibility or ignorance from the very beginning.

BS. Go troll somewhere else. Each of those release of Windows was more secure than the last. Windows 2000 was a huge improvement in security - and so was XP if you were coming form 9x. Obviously pre-SP1 XP wasn't built with the assumption that people would be plugging their computers directly into cable modems without a router/firewall, and that was probably a mistake. And clearly there have been security problems with Windows XP, but SP2 was a major improvement to that and Windows Server 2003 was also built with a strong focus on security and it shows. Just look at how impenetrable IIS 6 has been after all these years and tell me Microsoft can't make secure software.

Since then the amount of work done at Microsoft to improve security (in all its products, but especially Windows) has been unexplainably enormous. Windows faces challenges that no other software product worries about. You can't say "They should have been doing this all along" because a lot of these techniques didn't exist five years ago - and some still don't exist at any other company. Tons of security work in the compiler, libraries, APIs, and analysis tools had to be invented along the way for Vista/Longhorn. I'm not saying Vista will be perfect, but the bar for OS security has been raised.

[Z3r0]

oh this is so cool, now we have a way of directly accessing the windows kernel and controlling everything!

WEEEEEEEEEE

[badazzEVO8]

what if everyone starts importing US version?

thats your governments problem, not ms

The sad things is symantec will still dominate the market because average joes will still buy their products. That is total bull****, Symantec's sales should plummet after this.

should but they wont, especially when i see them give it away for free at bestbuy almost every week it seems. i got suckered into it for free. that was before i found about the better free programs out there. too bad their isnt a way to mass advertise these good ones so people know about more than norton and mcafee

[NightmarE D]

too bad their isnt a way to mass advertise these good ones so people know about more than norton and mcafee

A lot of forums usually have a section or thread dedicated to all the free alternatives out there. This includes Neowin. Plus there's a lot of people who run websites who add buttons to help advertise free or alternative software like Firefox or Avast. It's just that there's still a lot of people who don't go to a forum section of a site or completely ignore ads/buttons.

Just a shame it's soo damn expensive to even do like a small 10-20 second commercial. It wouldn't have to air constantly, just enough to start getting the name of a free product out there for others to see.

[Miuku.]

I'm not saying Vista will be perfect, but the bar for OS security has been raised.

How can a product that has been playing catch up in security for the last 10 years be ever referred to as "raising the bar" when it doesn't even come close to products such as *BSD?

[Brandon Live Veteran]

How can a product that has been playing catch up in security for the last 10 years be ever referred to as "raising the bar" when it doesn't even come close to products such as *BSD?

Huh? Unless * is "Open" then I don't even know what you're talking about. And to whoever mentioned Linux (who probably has never run it himself), claiming Windows XP is inherently less secure than Linux is a load of crap - I can't think of any OS that's easier to compromise than Linux. Although if you want to be pedantic it's usually because of the services running on it (Apache, PHP, X). FreeBSD might be on par with XP / Server 2003 - but they're usually pretty behind-the-times feature-wise. OpenBSD is the clear security winner, at least on its default install - but only because it doesn't actually "do" anything useful.

Sure, each of these OSes faces different challenges. For Windows, it's mostly the gullible-user challenge. In fact, Windows faces every challenge any other OS might face and more, because it's used for so many purposes (every kind of server, workstation, , desktop, mobile, etc) and by so many different kinds of users (enthusiasts, professionals, families, newbies, whatever). But in every technical way, I believe Vista is more secure than anything comparable (OS X, desktop Linux, etc).

Oh, and for the record: UAP itself isn't what makes you more secure. UAP makes it bearable to run in a more secure environment, where there were obvious useability gaps if you ran a LUA account in XP. But you always could.

[HawkMan]

Funny how everyoen post as if MS bent over and just disabled patchguard

1st I'd like to remind everyoen of a while backon the discussion over this when everyone said they agreed that MS should keep Patchguard, but didn't agree witht he decision to force everyone to MS own security center. A LOT of people, those that now complain over this change, complain about this.

Now then

1: PatchGuard was not disabled.

2: you can still nto real time patch the kernel, the kernel is safe.

3: MS did exactly what everyoen thoguht they should do.

The patch adds an API call to disabel MS own security center so AV vendors can replace it with their own if they don't want to rebrand the MS built in one. Basically virus vendors woudl still have done this. this API call only means that users won't have to deal with both the built in defense shield in vista and the warnign from the AV vendors own security center.

Windows has NOT been made less secure. And for those AV Vendors who wish to add their own extra bloated security centers can now do it. those that just wish to rebrand the MS security center with thir own stuff can just do that.

Symantechwill still need to recode their AV to not patch the kernel for all the stuff they used that for. just like they had to for XP x64.

[miniM3]

This is stupid. People taking this like it's the end of the world, RUN FOR THE HILLS!!!! is more stupid. Security wise nothing has changed. Why are people are so intimidated I will never understand. People HACKERS ARE GONNA GET YOU!!!! FLEEEEEEE!!!!

sigh....

Need I remind that xp had a gazillion more holes and still nobody complained?

This thread is pointless.

[Andareed]

@Brandon Live: Can you give me some insight into why patchguard makes windows more secure? Imo, mandatory kernel driver signing is more of a step forward than anything. The security argument I've heard for patchgaurd is that it will stop rootkits from hiding themselves. However, it seems unlikely that "real" rootkits will be signed - ms can simply blacklist their certificates if so.

As for unintentional rootkits, the holes are caused by driver ioctl-style interfaces not validating requests from user-mode. If I make a CreateProcessAsSYSTEM ioctl (starforce did something like this a while ago) function, I don't need to patch the kernel, I can just use standard API's to implement it. I suspect the same is true of sony's "rootkit".

The argument for patchguard should be stability. The current method of patching doesn't allow unloading of a driver after it patches the kernel. A while back, people used to (still do I suspect) patch the SDT to hook registry access. I suspect ms created CmRegisterCallback (for XP and later) and enhanced it in 2k3 to supply a reliable means of hooking the registry. The new API extensions are likely a generic way of hooking SDT entries in general.

[theyarecomingforyou]

The patch adds an API call to disabel MS own security center so AV vendors can replace it with their own if they don't want to rebrand the MS built in one. Basically virus vendors woudl still have done this. this API call only means that users won't have to deal with both the built in defense shield in vista and the warnign from the AV vendors own security center.

Windows has NOT been made less secure.

Yes, but you can't let the truth stop people bashing the EU / Symantec / McAfee / [insert unpopular brand here]. It's pretty obvious to anyone with some common sense that Microsoft wouldn't just disable one of the key security components of Vista willingly - the article clearly states that Microsoft was happy/willing to make the accommodations requested. I really don't like Symantec but I'm fed up with everyone bashing them because it's the "in" thing to do. Unless they EU actually required Microsoft to disable key security components I wouldn't blame anyone except Microsoft - they decided to make these (rather small) concessions, so it is THEM you should blame.

Still, it's pointless trying to inform other people as they'll just read the headline / skim read the article and come in here guns-a-blazin'. Sadly we just have to watch people festering in their own ignorance. The topic starter is as much to blame as the plebs in here - it's not possible to make the headline much more sensational.

[Antaris Veteran]

I believe one of the core issues here is that companies like Symantec and McAfee now have to create an entirely new codebase because they can no-longer use unsafe kernel level code. PatchGuard is a brilliant idea, but it kinda locks Vista into a single kernel until a major or critical level patch/service pack is applied. This is a good idea, as kernel stability shouldn't really change. It is when these 3rd parties start patching in additional, uncertified kernel level code that it all goes ###### up (how many people have noticed their system start lagging and hanging after installing symantec/mcafee apps?). I believe these companies are causing a stink for two reasons:

1. Vista is now much more secure, which means less functionality is needed by a 3rd party application (if there are fewer holes in the ground, you need less mud!), which of course would mean they need to reasses their entire price line -> software profits are likely to decrease....

2. They would need to re-evaluate how they implement their software, this takes time, and money, and opens the door for other companies to start grabbing market share -> software profits are likely to decrease....

[LTD]

What BrandonLive is saying is:

1.) Windows design is inherently insecure because "back then" they didn't know any better, and now, Windows is fraught with the most problems because it faces the most challenges.

2.) The *other* operating systems, notably OS X, are not designed *as* inherently insecure as Windows, but they face fewer challenges anyway and have a much smaller installed user base.

And it is only with XP SP2 (or was it SP1?) that for the first time, the user was actually warned/prompted when something was trying to install itself on Windows without their prior consent (for example.) I'm assuming that at that time (XP SP2), no other OS had this feature ;-) , and since MS only *began* to face challenges in 2003-04, they worked hard to innovate and build this in to the system. Before 03-04, MS saw absolutely no use for user-permission prompts (among other secuirty features), because they simply did not really face any challenges pre-2004. Hence, WindowsXP (quite understandably!) shipped with FIVE open ports.

Is this correct?

Edited October 16, 2006 by LTD