|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Nubiatech
Sergeant
Joined: Aug 28, 2007
Posts: 80
Location: USA
|
 Posted: Mon Oct 01, 2007 2:28 pm Post subject: Re: This is not right |
|
|
| darv wrote: | | bigendian wrote: | | but we (like a lot of our competitors) are working to figure out the handling of M$ PatchGuard "feature". |
Security software should stop using deprecated features like kernel patching!!!!! |
Care to explain?
|
|
| Back to top |
|
 |
earthsound
Trooper
Joined: Mar 10, 2005
Posts: 21
Location: USA
|
| Posted: Thu Mar 06, 2008 3:34 am Post subject: With Vista SP1 out, what's the current status? |
|
|
| Nubiatech wrote: | | darv wrote: | | bigendian wrote: | | but we (like a lot of our competitors) are working to figure out the handling of M$ PatchGuard "feature". |
Security software should stop using deprecated features like kernel patching!!!!! |
Care to explain? |
Sorry for raising an older thread from the dead, but now that Vista SP1 is out, I thought I'd poke the embers a bit.
darv is quite correct, patching the kernel, though unfortunately common, is not good practice and is what leads to various serious stability and security problems. It is not just deprecated, implying that at one point it was supported by Microsoft: it has never been supported by MS, though it has been technically feasible on x86 versions of Windows for quite some time.
What Microsoft has chosen to do with x64 versions of Windows (this includes x64 editions of XP, Server 2003 SP1, Vista, Server 2008) is introduce Kernel Patch Protection (also known as PatchGuard), which is designed to prevent 3rd party apps (like Kerio, for example) from modifying portions of the kernel.
Though KPP is not perfect, it can be argued that it is a step in a more secure direction.
Which brings me to my point. With SP1, Microsoft has:
| Quote: | | include[d] supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection. |
Have you been working with Microsoft prior to the official release of SP1 on these APIs to get KPF working in x64 Windows?
While I have your attention, are there any releases since 4.5.916.0, even beta, that we can use? I am a licensed customer, but have not seen any updates since last summer. 
Specifically, I am concerned about the apparent outdated IPS rules that need updating and/or removal as well as robust documentation of what has been fixed/added with each release, known bugs, new and/or old/removed rules, etc. Mathew's response (from Sep. 29, 2007) was a nice start, but ominous silence has followed, unfortunately.
Thanks for taking the time to answer this, though I have to admit, the silence is loud.
|
|
| Back to top |
|
|
Lundholm
Trooper
Joined: Aug 16, 2007
Posts: 19
|
| Posted: Sun Mar 09, 2008 9:49 am Post subject: Re: With Vista SP1 out, what's the current status? |
|
|
| earthsound wrote: |
While I have your attention, are there any releases since 4.5.916.0, even beta, that we can use? I am a licensed customer, but have not seen any updates since last summer.
Specifically, I am concerned about the apparent outdated IPS rules that need updating and/or removal as well as robust documentation of what has been fixed/added with each release, known bugs, new and/or old/removed rules, etc. Mathew's response (from Sep. 29, 2007) was a nice start, but ominous silence has followed, unfortunately. |
And now we know why. SPF is going to be included in the new Vipre suite. Sometime in the future.
Although Sunbelt doesn't like suites, they're going to make another one. Suites generate more $$$. Vista probably doesn't - yet.
Yet another standalone firewall turned into bloatware.
_________________
O, there has been much throwing about of brains -- Guildenstern, knight of Hamlet, ancestor of G. a. Lundholm.
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
