Microsoft Corp. last week slammed the door on a free utility out of Australia that outflanked one the company's touted security features in Windows Vista by having the program's digital certificate revoked.
LinchpinLabs' Atsiv utility, released July 20, used a signed driver to load other, unsigned code, into the Vista kernel, according to U.S.-based Symantec Corp. researcher Ollie Whitehouse. Atsiv, said Whitehouse, thus let users circumvent a feature of the 64-bit version of Vista that allows only digitally-signed code to be loaded into the operating system's kernel. The digital signing requirement is one way Vista tries to stymie hackers from infiltrating the kernel -- the heart of the OS -- with, among other things, rootkit cloaking technologies that hide malware from security software.
"This is rootkit behavior," said Whitehouse last Monday.
Atsiv's developers, on the other hand, have touted the utility as a tool useful for loading unsigned, but legitimate, drivers into Vista 64-bit.
Friday, Microsoft announced it had worked with VeriSign, the company that provided the certificate to LinchpinLabs, to have the code signing key revoked, said Scott Field, a Windows security architect in a posting to the Vista security team's blog. "VeriSign has revoked the code signing key used to sign the Atsiv kernel driver [as of Aug. 2], which means the code signing key will no longer be considered valid," Field said.