Time to stop the FUD on Kernel patch protection

By BigBoy
in Back Page News

 Share

Recommended Posts

Mentor

BigBoy

Posted
Posted (edited)

Stepto on his blog (and for those that do not know, stepto is a senior product manager in the Vista Security Technology Unit at Microsoft.)

I?m tired of seeing people misrepresenting Kernel Patch Protection in the 64 bit version of Windows Vista. For those who don't know, this is the feature in our 64 bit operating systems that prevents *undocumented* and *unsupported* kernel interfaces from being used. So I looked at some myths that are being spread about it and tackled each one:

Then he goes into 6 myths and why they are wrong (read details at the source below):

Myth #1

Microsoft has always allowed and encouraged modifying the kernel of Windows.b>

Myth #2

For the first time, Microsoft is locking out people from writing to the Windows Kernel, and they are specifically locking security vendors out of the kernel to exclude competition.b>

Myth #3

Without full unsupported methods of modifying the kernel, Windows Vista will be less secure than any previous version because third parties cannot protect Windows users.b>

Myth #4

Microsoft is using flawed logic in thinking hackers will never break Kernel Patch protection. Hackers have already broken Kernel Patch Protection at a recent hacker conference in las vegas!b>

Myth #5

Microsoft owns the code. So they will silently bypass Kernel Patch Protection in their security products. b>

Myth #6 (they've really been busy spinning myths haven't they?)b>

Microsoft could easily grant exceptions to Kernel Patch Protection for known good software.b>

Source is here: http://www.stepto.com/default/log/displaylog1.aspx?ID=258

Who is stepto? Read this: http://www.stepto.com/default/about.aspx

Some really interesting stuff there... like - Kernel Patch protection has been shipped over 2 years ago and AV vendors have solutions that work there already (Windows XP and Server 2003 x64 edition)... Kernel Patch protection is implemented ONLY on 64 bit Vista, not 32 bit Vista... so this stuff about how it is locking them out is just BS.

Edited by BigBoy
Grand Master

The_Decryptor Veteran

Posted
  • Veteran
Posted

The real issue is with windows security center's lack of extensibility and its inability to be disabled.

Symantec is upset they can't replace it with their own version (a good idea IMO, what's to stop a trojan putting it's own one there that says everything is ok?)

Security Center supports branding and such though (so it's very easy to say "Protected by Symantec" or whatever)

Microsoft is actually doing a good thing for once (normally they are stubborn over the wrong things)

Mentor

Andareed

Posted
Posted

I can see only anti-virus, windows firewall, and windows defender listed in security center. Symantec and McAfee have a large collection of other programs (privacy guard, anti-spyware, spam-killer, etc... So they typically provide their own security centers to control all these apps. I don't believe windows security center offers the ability to add arbitrary security appliactions. Is it also possible to replace the entries for windows defender and firewall?

How can security center be disabled? Please, do tell, as this is one of the first things I do when I install Vista. Atm, I disable the security center service, but this leaves a red shield on the tray. How do I disable this?

Nothing stops anyone from adding a 3rd-party security center. The problem with this approach is that a user now sees 2 security centers, which is bad for user experience.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Samsung is shutting down yet another app used by millions

      By David Uzondu · Posted

      Uhm, that's every business ever, though. It doesn't matter if a bajillion users are using it. As long as it's not making bank, it's probably headed for the graveyard.
    • what other retro software do yall use

      By Steven P. · Posted

      Yeah Patchou was an active member here, good ol' times indeed.
    • Samsung is shutting down yet another app used by millions

      By macoman · Posted

      Samsung is the new Google... they don't care if millions of people are using it.
    • Steam Next Fest returns with thousands of new demos to try out

      By Zeromus2003 · Posted

      Still no word on Tides of Annihilation...... so weird that it wasn't shown at the big Game Fest. Guess I'll put it in the bin like Judas and Squadron 42.
    • Samsung is shutting down yet another app used by millions

      By David Uzondu · Posted

      Samsung is shutting down yet another app used by millions by David Uzondu Samsung has announced that it is shutting down Samsung Max, its VPN service used by more than 50 million people, effective today. Samsung Max VPN, if you don't know, was an Android app born on February 23, 2018, out of the ashes of Opera Max, a very popular data-saving VPN that Opera had discontinued the previous year. Samsung bought the discontinued service, rebranded it, and added a native Samsung UI to fit the Galaxy ecosystem. The app could do things like compress images, help you manage background data on a per-app basis, reduce video data consumption, shrink music files, optimize webpages, block advertisement trackers in incognito mode, and encrypt your internet traffic on public Wi-Fi networks. Image via SammyGuru If you open the app now, you'd be greeted by a shutdown banner warning that all VPN, data saving, and privacy services stopped functioning on June 15, 2026. The creators failed to provide a reason for the shutdown, instead publishing a farewell note that read: "Thank you for being with us over the years. Your support and activity truly meant a lot to us and helped shape this app into what it became." This same message appears on the Google Play Store listing for the app as well. Max VPN is the latest service from Samsung to join the list of discontinued applications from the company. Just two months ago, the Korean tech giant announced that it is completely shutting down Samsung Messages, forcing millions of users to migrate to Google Messages by next month. The only devices that the shutdown won't affect are older smartphones running Android 11 or lower. Some of the features of Google Messages that Samsung hopes will entice users include AI-powered scam detection to block suspicious links, integrated Gemini AI tools to generate quick replies, custom chat bubbles, and universal RCS compatibility for sharing high-quality media with iOS users. The platform also offers seamless syncing across tablets and smartwatches. In addition to that, users gain access to message scheduling, smart classification, and automated category sorting. Via: SammyGuru

  • Recent Achievements

    • One Year In
      ThatGuyOnline earned a badge
      One Year In
    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter

  • Popular Contributors

    1. 1
      +primortal
      500
    2. 2
      +Edouard
      195
    3. 3
      PsYcHoKiLLa
      125
    4. 4
      Steven P.
      85
    5. 5
      neufuse
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!