Recently, I got a bit confused about Security companies beef with Microsoft Vista, i.e., they can no longer “patch” the kernel.
I used the word “patch” in inverted commas because it is not a real patch as in Linux sense, but are ways to change the behaviour of the Vista Kernel.
As a good Linux user I immediately debate the arguement whether “patching” the kernel is something good or bad. It went as far as developing the arguement whether McAfee’s and Symantec’s beef is about them losing their investment on “patching” the kernel. Then something hit me, it is about who can patch the kernel, and what does “patching” means, especially from a business/competition view point.
Obviously, Microsoft, being the author, can patch the kernel. Previously and in non 64 bit editions of Vista, everyone with the correct tool and knowledge can “patch” the kernel. Under the “Linux” definition of “kernel patching”, patching the kernel is a serious undertaking and can have serious security implication. Thus, most sysad will only use patches from trusted source. Applying patches from different sources is normally a no-no from sysad. It is extremely easily to transfer this idea of patching to Windows. Unfortunately, this is where things breaks down. Windows kernel had been and is still “patched” by third party. In fact, “patching” the kernel has developed into a way to overcome Windows insecurity. But now, Microsoft wants to disable third party patch, effectively saying only it can patch the kernel.
So far, the bad news is to the security software vendors who invested in their own “patch” R&D. Not being able to “patch” means the technlogies they developed just went down the drain. Nothing more, nothing less. They will fight it very vigoriously since it is a question of survival. So far, nothing sinister, just a change of practice on Windows policy.
Unfortunately, security vendors latch on a small, but rather important twist to the saga. Microsoft can still patch the kernel AND is in the market for security software. This can be used as a business advantage to promote their own software. To date, Microsoft has yet to do this. Unfortunately, its past record on anti-competitive policy came back to haunt them. Securtiy vendors are simply not going to wait until Microsoft unleash this weapons, and according to Symantec, their their original complains to Microsoft falls on deaf ears, forcing them to complain to the authorities to force Microsoft to response. It did, with concession on kernel patching, and offers to meet them to understand their woos.
The saddest thing of this episode is the necessity of the involvement of Anti trust authority. It is sad for anti-virus companies because they feel more threaten by Microsoft mussling into their turf. It is sad for Microsoft because it is forced to deal with this problem at such a late stage in Vista’s development. Sad for customers because this rework of Vista, to satisfy anti-trust authority by remedying “flaws” in Vista will probably means Vista is less secure then it could on deployment as Microsoft work to fix it.