Microsoft Delivers Beta Security APIs

Seeking to answer complaints from security software firms that claim Windows Vista is too restrictive, Microsoft this week shipped draft versions of APIs (application programming interfaces) that will allow these companies to interact with Vista's kernel. These APIs, and the Kernel Patch Protection technology they access, are present only in the 64-bit versions of Vista, but companies such as McAfee and Symantec said they're necessary in order for their security solutions to work properly.

"We are delivering the first draft set of these new APIs for Windows Vista," says Ben Fathi, corporate vice president of Microsoft's Security Technology Unit. "They have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection."

Kernel Patch Protection, which is often misnamed as "PatchGuard" by the press, is a feature of x64 versions of Windows Vista that prevents application code--be it from Microsoft, security firms, or hackers--from modifying the Vista kernel at run-time. However, various security firms rely on patching the kernel for their 32-bit products, and they complained to Microsoft that they would need the same access on 64-bit Vista versions as well. Kernel Patch Protection is one of several features in 64-bit Vista versions that make those systems more secure than the 32-bit variants.

Kernel Patch Protection is also one of two Vista features that security firms complained about earlier this year. (The other is Windows Security Center, which Microsoft modified so that these companies can replace it with their own security dashboards.) However, when Microsoft said it likely wouldn't be able to ship APIs for Kernel Patch Protection until late 2007, the security companies complained yet again. This draft release of the APIs is aimed at mollifying those companies.

Microsoft still plans to ship the Kernel Patch Protection APIs in Windows Vista Service Pack 1 (SP1), which is due in late 2007. Vista SP1 will ship at the same time as Windows Server "Longhorn" and will be a major update that brings Vista's kernel up to date with the version in Windows Server "Longhorn."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.