SAN JOSE, Calif. -- After an in-depth analysis of the new security measures introduced by Microsoft under the name "Kernel Patch Protection," the computer security experts at Agnitum today announced that this attempt to improve security instead is a possible move to preclude or block the use of third-party security software in Windows.
Agnitum experts also believe that Kernel Patch Protection will make it harder for third-party security software vendors to maintain compatibility with Windows, while posing little or no threat to hackers.
Key conclusions from the analysis include:
- Microsoft kernel patch protection prevents security software developers from installing security software at the kernel level, an approach that developers use to ensure security against malware applications.
- If certain versions of the kernel are in use, kernel patch protection does not prevent hackers from reverse engineering specific areas of code in the operating system to re-acquire unauthorized access to the kernel.
- If third-party security software is going to work, then independent software companies must similarly reverse engineer access to the operating system kernel, making it more difficult to install and maintain products that ensure better security for Windows and Windows users.
"As the vendor of Outpost Firewall Pro, we have to install at the kernel level," said Alexey Belkin, chief software architect at Agnitum. "In addressing the potential problem of not being able to install Outpost on new versions of Windows, we have discovered that it is possible to drill past the new security measures introduced by Microsoft - if we use the same techniques used by hackers. That's a wide-open hole. If we discovered it, then hackers will discover it, and they will use that hole to install malicious software."
Microsoft Corp. (Nasdaq: MSFT)