You've probably heard of PatchGuard, Microsoft's new kernel technology for 64-bit systems that will make its debut in Windows Vista. PatchGuard works to help protect access to the kernel, or rather, as Microsoft states it, PatchGuard makes the kernel completely off-limits to any modifications. The limitation includes third-party modifications designed to better protect Windows.
While the new technology will be welcomed by some people, others (particularly a few companies that make security solutions) think it goes too far. Symantec and McAfee have both complained loudly about PatchGuard. These companies say they're worried that Microsoft will systematically shut them out of certain sectors of the security software market. Some of the companies' products rely on the ability to patch the kernel, which doesn't provide the level of functionality needed by their products.
Other companies, such as Authentium, have worked diligently to find ways of interacting with PatchGuard that have resulted not only in security solutions but have introduced a new level of functionality. For example, the company's VirtualATM SDK can change Windows from a multiprocessing platform into a single-processing platform. That sounds completely counter to the purpose of a multithreaded OS, right? Well it is, and for good reason.
If you can force Windows to only run one process at a time, all sorts of malware (such as key loggers, sniffers, and Trojan horses) have absolutely no way to do their work. If their process won't execute, they're rendered completely ineffective. So VirtualATM becomes immensely attractive as a tool to use for applications such as those related to financial transactions or sensitive information input of any type. VirtualATM, as obvious as the approach is, is truly innovative and appears to hold incredible value. For more information, go to:
Authentium is a Microsoft partner, so Microsoft is well aware of what Authentium is doing with VirtualATM. Whether Microsoft changes PatchGuard to prevent SDKs such as VirtualATM from working remains to be seen.
Does PatchGuard go too far, stifling security-industry competition and innovation? PatchGuard does seem to give Microsoft an advantage in the security market space. Hopefully, Microsoft won't wield PatchGuard as a sword against competition. This would thwart innovation, and typically the best approach to security is a multivendor solution rather than a single-vendor solution. If Microsoft were to take too much control over the security market, it might find itself rapidly giving up ground to other platforms, such as Solaris, Linux, and BSD, that have a healthy variety of security solution choices.