Anilrgowda

Microsoft Corp. last month released draft application programming interfaces (API) that will allow third-party security vendors to work around PatchGuard, a kernel protection technology in Windows Vista. The Vista technology has been at the center of a dispute between Microsoft and several security vendors, which claim that PatchGuard hampers their ability to deliver key security capabilities such as host-based intrusion detection. In a recent interview with

Computerworld, Ben Fathi, vice president for the Windows core operating system and former head of Microsoft’s security technology unit, talked about the draft APIs and the reasons for releasing them. How did Microsoft create the draft APIs? What we have done is work with all the [security] vendors. We have gotten their requirements. This is our plan for what we will deliver with [Service Pack 1]. Until the end of January, we will be talking with vendors and getting their detailed feedback. So far, we have gotten feedback on the scenarios they are trying to address and their requirements around those scenarios: Why is it that you want an API, and what do you want to do with that API? Now we are giving them the API. They are going to read the document and tell us whether it accomplishes all the scenarios they want. Over the next few weeks, we will work with them to see if there are any changes that are needed.



How will Microsoft handle future requests for new APIs from security vendors? We will continue to work with them. We have an e-mail alias and regular monthly meetings where they can come and ask for additional requirements. This set we described today is based on the things they brought to us so far. To be clear, all of the vendors that we know about, we have talked to directly and told them the approach we are taking. They are all fine with it; they all like the idea. They believe they can achieve a majority of the functionality they want with this first set of APIs.



Does this strategy represent a change in Microsoft’s policy for allowing access to the Windows kernel? You’ve got to be careful when talking about access to the kernel. All of our partners have always had access to the kernel. What we offer is access to extend the functionality of the kernel through documented APIs. What we have always said is that we don’t want third parties modifying the kernel itself to achieve some functionality, because that is not supportable, because is it not using documented interfaces. Every time we release a service pack or a new version of Windows, we break their applications. So our definition of access to the kernel is access through documented supported APIs. We haven’t changed that. We will continue to add APIs to make sure [vendors] get everything they want. But our stance on kernel patch protection has not changed. We do not turn it off. There is no way to turn it off, because if we do turn it off, basically there is no security in the kernel.