Microsoft releases Vista APIs to security vendors

By Robert Westervelt, News Editor 20 Dec 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts. Ben Fathi, corporate vice president, Security Technology Unit, Microsoft

In an announcement on its Web site, Microsoft's Ben Fathi said the draft set of application programming interfaces (APIs) "have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection."

Fathi, corporate vice president of Microsoft's Security Technology Unit, said the first set of APIs would create a control, which could be used to govern whether applications are allowed to be launched or manipulated.

The APIs would also provide API support to prevent tampering with process hosting security software, memory based controls to address space manipulation and image loading operations to prevent malicious code images from loading and executing.

Kernel Patch Protection: Security Blog Log: The never-ending PatchGuard debate Sept: Microsoft: We're not out to crush security vendors Oct: Microsoft caves to pressure over Vista security Opinion: Microsoft Kernel Patch Protection should be lauded

"In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts," Fathi said.

The first set of APIs will be released in both 32-bit and 64-bit versions of Windows Vista Service Pack 1. Early test versions will be made available to ISVs to update and test their software in time for release along with Service Pack 1, Fathi said.

Third party security vendors, Symantec Corp. and McAfee Inc. and others have long accused Microsoft of locking them out , with its Kernal Patch Protection feature, formerly called PatchGuard. The feature was introduced by Microsoft to stop attackers from gaining access to Vista's kernel.

In October, Microsoft changed course , telling security vendors that it would create additional APIs, opening up Vista's core so third-party security products would work effectively with the new operating system.

Tags: Software Development Methodology,  Windows Security: Alerts, Updates and Best Practices,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software Development Methodology Software piracy group offers cash to whistleblowers Quiz: How to build secure applications How to detect software tampering Developers Need Help with Security Errors Does an EULA make it truly illegal to decompile software? SQL injection continues to trouble firms, lead to breaches IBM acquires Ounce Labs for source code analysis Microsoft issues emergency Active Template Library updates Software security threats and employee awareness training Adobe patches ColdFusion vulnerability blocking website attack Windows Security: Alerts, Updates and Best Practices Microsoft to address 12 vulnerabilities, IE display zero-day Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Security Patch Management What patch management metrics does Project Quant use? Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) debugging  (SearchSoftwareQuality.com) fuzz testing  (SearchSecurity.com) heuristics  (SearchSoftwareQuality.com) sandbox  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary