Re: Security Vendor Bypasses Microsoft's Vista PatchGuard

[Nick FitzGerald <nick () virus-l demon co uk>]

Blue Boar to Dude VanWinkle:

<<snip>>
> > Isnt that worth something?
>
> It's not a useless attempt, and I don't think they should necessarily 
> get rid of it.  It's also not necessarily mutually exclusive with what 
> McAfee and Symantec want.
>
> But Microsoft acting like having KPP has now eliminated all potential 
> kernel attack vectors, and the need for other security software to act 
> there, is a mistake.  Microsoft has now claimed that their software 
> won't get to play there either.  And that's good, it changes the 
> situation from Microsoft abusing a monopoly to Microsoft making a stupid 
> mistake.
>
> Not that I believe that MS will actually keep their security software 
> from playing where the other guys want to, but at least it's a claim we 
> can look back on.
> http://www.microsoft.com/security/windowsvista/allchin.mspx

Yes...

By close analogy, the Sybari purchase is really interesting.  Sybari's 
was the most reliable way of scanning Exchange message stores for 
malware (and any other "inappropriate" or undesirable content) 
_because_ they ignored the "officially sanctioned by MS and 
encapsulated in this public API" approach and actually reversed 
Exchange and developed something that _worked_.  Eventually MS bought 
Sybari, so is doing it the unofficial way on Exchange now to be 
sanctioned?

Hmmmmm...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.