Microsoft Kernel Patch Protection is more threat to 3rd party security software vendors than to hackers


After an in-depth analysis of the new security measures introduced by Microsoft under the name Kernel Patch Protection, Agnitum has announced that this attempt to improve security instead is a possible move to preclude or block the use of third party security software in Windows. Agnitum also believes that it will bring more difficulties to third party security software vendors than to hackers.

Kernel Patch Protection is intended to provide better protection for low-level system activities such as the file and registry operations of the Windows kernel, the deepest level of OS operations, (http://www.microsoft.com/whdc/driver/kernel/64bitpatch_FAQ.mspx). Any program that gains access to the kernel can, for instance, hide a folder on the hard disk and make it impossible to delete that folder using regular Windows tools. While malicious programs can modify the Windows kernel and hide themselves in this way to surreptitiously steal information, security software developers also need access to the kernel to provide PC security. Security Park - Microsoft Kernel Patch Protection is more threat to third-party security software vendors than to hackers

Linked by shanmuga Friday, 28th July 2006 12:54AM