Hackers 'will crack Windows security tech soon'

Expect a break in after Vista's release, says security expert...

By Joris Evers, 13 October 2006 09:15

NEWS

PatchGuard, a Microsoft technology to protect key parts of Windows, will be hacked sooner rather than later, a security expert said on Thursday.

Hackers will break through the protection mechanism soon after Microsoft releases Windows Vista, Aleksander Czarnowski, a technologist at Polish security company Avet Information and Network Security, said in a presentation at the Virus Bulletin event in Montreal.

Czarnowski said: "It will probably take a year or so for it to surface publicly but I believe it will be broken earlier. PatchGuard will be broken pretty soon after the final version is released... A lot of people who would break it will probably not make it public immediately."

Microsoft designed PatchGuard - also called kernel patch protection - to safeguard the Windows kernel against malicious code attacks. Cyber crooks have found ways to exploit the innards of Windows for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, Microsoft has said.

The technology applies only to 64-bit versions of Windows and debuted last year in Windows XP x64 Edition. However, while that Windows version was never broadly adopted, PatchGuard is set to become used more widely, when Vista hits store shelves in January and people are expected to buy PCs with 64-bit processors and 64-bit versions of the operating system.

Stephen Toulouse, a program manager in Microsoft's Security Technology Unit, wrote on his blog last week: "Kernel patch protection is not a silver bullet. We're not saying no one will ever crack it. The point is that the situation as it exists now… attackers don't need to do any work to access the kernel at the highest level. At least with kernel patch protection, we're trying to prevent that."

There have been some claims that PatchGuard has already been compromised but Microsoft has denied this. Toulouse wrote: "We're not aware as of right now that people have circumvented it."

If PatchGuard is ever circumvented, Microsoft would fix the issue with a software update, Toulouse wrote. "Kernel patch protection can become more resilient over time due to the combination of hardware and software advancements," he added.

Joris Evers writes for CNET News.com

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ