Microsoft shares draft of Vista security hooks
Interfaces are meant to help security software makers create products that work with kernel protection features in Windows Vista.
The new application programming interfaces, or APIs, will let software makers extend the functionality of the Windows kernel in 64-bit versions of Vista, Microsoft said on its Web site Tuesday. Security companies, including market leaders Symantec and McAfee, had complained that Microsoft locked them out of the kernel, a core part of Windows.
Delivery of the APIs comes just over two months after Microsoft agreed to provide them. Microsoft long maintained that a complete lock on the kernel would provide the best operating-system security and stability, but made concessions in response to antitrust concerns raised by officials in Europe and Korea.
Security companies have unfettered access to the core of 32-bit versions of Windows. But they complained that the kernel shield, called PatchGuard and intended to stop hackers in 64-bit versions of Vista, blocks security products too. The 64-bit Windows is expected to eventually supplant 32-bit versions.
The APIs will offer security and nonsecurity software makers the ability to develop software that extends the functionality of the Windows kernel on 64-bit systems in a documented and supported manner, without disabling or weakening the protection offered by kernel patch protection, Microsoft said.
Symantec, the world's largest security software maker, acknowledged receipt of the Microsoft material, but a company representative couldn't provide any detailed comment on it yet. "We are currently evaluating the information and awaiting additional information from Microsoft," the representative said in an e-mailed statement.
McAfee is pleased with Microsoft's APIs, said George Heron, chief scientist at the Santa Clara, Calif., company, in an e-mailed statement. "Our preliminary review of the API specification document shows that Microsoft included some of the recommendations we had submitted, and it appears they did a good job on those," he said.
The final versions of the APIs won't be available for a while. Microsoft plans to release those with Windows Vista Service Pack 1, which analyst firm Gartner expects to come in early 2008. Until then, users of security technologies such as host intrusion-prevention systems should postpone buying 64-bit versions of Vista, Gartner has recommended.