Jump to content

Vista PatchGuard Hacked


Zeus_Hunt

Recommended Posts

Symantec is upping the stakes in its face-off with Microsoft by attacking Vista's core. While the Redmond Company has locked down 64-bit Windows Vista's kernel via PatchGuard, leaving third-party software on the outside, be it for malicious or security purposes, Symantec claims that Microsoft protections are not impenetrable. The Redmond Company itself has acknowledged that PatchGuard is at risk, but has added that the technology is build in such a way as to permit security updates. In this context, PatchGuard's vulnerabilities would simply be resolved via security bulletins and Vista's kernel would return to a status of temporary security.

“Hackers have already broken PatchGuard and can disable it. This means that hackers can already get malicious code into the Windows Vista kernel; while legitimate security vendors can no longer protect it. This presents a serious new risk for consumers and enterprises worldwide,” stated Oliver Friedrichs director of emerging technologies in Symantec Security Respons.

With this, Symantec is aiming to no less than discredit PatchGuard in the eyes of the consumers. In this regard, the two brands are weight in the public perspective. When put in the balance, which of Microsoft and Symantec is synonymous with security? Undoubtedly, the latter, who is leader of an industry build on offering security solutions designed for safeguarding Microsoft's products. By delivering a below the belt blow with the PatchGuard Hacking claim, Symantec has chosen to do its laundries with Microsoft in public.

“In addition, now, you may ask yourself, if hackers can bypass PatchGuard, why don’t security vendors? We certainly could, if we chose to; however, Microsoft has firmly stated that any attempt to do so will result in an update to PatchGuard, which will detect these attempts. It would be foolish for Symantec to ship a product out to over 200 million desktops that may result in a BSOD on each desktop, if Microsoft decides to update PatchGuard,” commented Friedrichs

“The 64-bit version of Windows Vista introduces PatchGuard. PatchGuard prevents anyone (with the exception of Microsoft) from tampering with, extending, enhancing, and protecting the Windows Vista kernel. It does this by detecting when a driver, or other code running inside the kernel, attempts to add this extended functionality. It monitors key system structures, one in particular being the System Service Dispatch Table (SSDT). When it detects a modification to this table, it results in a blue screen of death (BSOD), with the belief that malicious code may have tampered with the kernel,” added Friedrichs.

One of the detrimental aspects of PatchGuard is that it makes no discrimination between legitimate and malicious processes, blocking the whole lot. Friedrichs further claims that PatchGuard is far from being bulletproof and that it has been hacked. This is synonymous with malware having the upper hand over third-party security solutions when it comes to accessing Vista's kernel.

With PatchGuard, Microsoft is blocking both drivers and rootkits that use kernel SSDT hooking, although the capability is also involved as an integer part of legitimate processes extending the operating system's kernel.

“The SSDT allows security vendors to monitor System Services, which are the fundamental functions in Windows that applications need to do their work. There are over 400 System Service calls. Each of these provide a specific function; whether it is to access the registry, access files, add a user to the system, or reboot the computer. By monitoring System Services, security technologies can monitor the behavior of both good and bad applications running on a system,” claims Friedrichs.

Friedrichs also calls Microsoft's perspective on security a limited to traditional antivirus and firewall while claiming that Symantec is implementing products leveraging behavior blocking technologies on in excess of 200 million desktops.

“Needless to say, the security industry is very concerned that the decisions being made with 64-bit Windows will, in turn, result in a less secure platform. They will directly impact the development of new security technologies, and Microsoft themselves will lose out, due to an insecure platform. It is the next generation of behavior-blocking technologies and future security models that will be extinguished through these limitations,” commented Friedrichs.

Friedrichs also takes a swing at Kaspersky, that has defended Microsoft, for failing to realize the implications of PatchGuard due as well to their limited perspective on the security environment that is based solely on file scanning techniques.

viewpo0.gif View: Original Article

Link to comment
Share on other sites


  • 4 weeks later...
  • Replies 2
  • Views 2.7k
  • Created
  • Last Reply

ouch never did like symn but always hated microsoft more so the lesser of two evils (in my opinion) is really putting its foot down... wonder why big companys dont just start designing their own os?

Link to comment
Share on other sites


The thing is one can certainly live without Symn but not M$.. atleast now now...

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...