One approach protecting us all…
McAfee, one of the larger anti-virus (AV) software companies, has taken out full page adverts in the Financial Times to criticize Microsoft’s anti-virus strategy in their soon to be released new version of Windows, Vista. Microsoft has effectively locked out the independent manufacturers of AV software by making access to the kernel of their operating system impossible for them, using technology called Patchguard, and by providing Microsoft AV software as part of the operating system, leading McAfee to complain:
Microsoft seems to envision a world in which one giant company not only controls the systems that drive most computers around the world but also the security that protects those computers from viruses and other online threats. Only one approach protecting us all: when it fails, it fails for 97% of the world’s desktops.They point out that in fact few viruses target the operating system kernel, most attack applications.
Symantec, the other major AV-software vendor is also not happy, voicing a similar complaint on their Security Response Weblog. But they also point out the motivation behind Microsoft’s approach:
Microsoft’s motivation in protecting the Vista kernel is twofold. The first and most obvious reason is one of security. Kernel mode threats such as Rootkits and malicious drivers have become commonplace and eradicating this risk is certainly in everyone’s best interest.Those are interesting – and related – points, as although McAfee is right that most viruses don’t go for the operating system kernel, it is certainly true that authors of DRM copy-protection software have contributed to an explosion of Rootkits whose job is to hide the fact that when you played your favourite group’s latest CD on your PC, you unwittingly installed a copy-protection program which is now not only stopping you copy the CD to play in your car, but also – because it contains bugs – is causing your PC to crash and generally misbehave.
The second motivation, which may not be as apparent as of yet, is one of digital rights management (DRM). In order to create a protected path between DRM components and the system hardware, it is vital that no malicious code be allowed to insert itself within the media path lest it intercept protected content. This is apparent as Microsoft is positioning Vista as a safe platform for the delivery of protected media content.
So not only will the AV protection in Vista be suspect (Vista’s kernel has already been hacked; but the Patchguard technology makes it difficult for the AV companies to hook into the kernel permanently, which they need to do to provide permanent AV protection), but consumers will be even more restricted in making copies of music and videos that they have legitimately purchased. I wouldn’t be surprised if when consumers become aware of those facts, the migration from Windows to alternative operating systems accelerates.