«
»

Microsoft Patchguard

If it was not for a Microsoft gag-order (NDA) I would have a lot more to say. But let me just mention the following issues:

Patchguard is not a very useable or useful solution. It is only going to make the life of the good guys harder and help the bad guys. When it detects a bad guy it will leave your machine in an unusable state probably forcing you to reinstall the system to use it again.

The promises Microsoft has made about Patchguard do not solve any problems for us and by the time they deliver will not be of any use to us. This is assuming that if they deliver something to help anybody, it will actually be something useable.

It will allow an unfair advantage to Microsoft when competing with the security vendors as they can and will most likely bypass Patchguard for their own products and will not allow their competition to do the same.

This entry was posted on Friday, October 20th, 2006 at 6:09 pm and is filed under This and That. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

One Response to “Microsoft Patchguard”

  1. Anti Rootkit Blog » Blog Archive » Microsoft Vista Kernel Protection is Cracked says:
    November 2, 2006 12:12 PM at 12:14 pm

    [...] Helmuth Feericks, chief technology officer of Authentium told Reuters recently that his company had found a way to turn off Patchguard, install software and turn it back on again. Although no specific details have been given as to how they were able to turn off Patchguard, it does seem that other people like crafty hackers will soon find their own way and publish it. The Authentium Blog shows an entry where PatchGuard Kernel Protection is described as “not very useable or useful”. The entry does not go into much detail because of a gag-order from Microsoft. It goes to show that if big Security companies see it as useless then we all will be targets of it’s uselessness. [...]