Microsoft releases Vista APIs to security vendors

By Robert Westervelt, News Editor 20 Dec 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts. Ben Fathi, corporate vice president, Security Technology Unit, Microsoft

In an announcement on its Web site, Microsoft's Ben Fathi said the draft set of application programming interfaces (APIs) "have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection."

Fathi, corporate vice president of Microsoft's Security Technology Unit, said the first set of APIs would create a control, which could be used to govern whether applications are allowed to be launched or manipulated.

The APIs would also provide API support to prevent tampering with process hosting security software, memory based controls to address space manipulation and image loading operations to prevent malicious code images from loading and executing.

Kernel Patch Protection: Security Blog Log: The never-ending PatchGuard debate Sept: Microsoft: We're not out to crush security vendors Oct: Microsoft caves to pressure over Vista security Opinion: Microsoft Kernel Patch Protection should be lauded

"In the next several weeks, we'll continue gathering input about the draft specifications from ISVs and other security experts," Fathi said.

The first set of APIs will be released in both 32-bit and 64-bit versions of Windows Vista Service Pack 1. Early test versions will be made available to ISVs to update and test their software in time for release along with Service Pack 1, Fathi said.

Third party security vendors, Symantec Corp. and McAfee Inc. and others have long accused Microsoft of locking them out , with its Kernal Patch Protection feature, formerly called PatchGuard. The feature was introduced by Microsoft to stop attackers from gaining access to Vista's kernel.

In October, Microsoft changed course , telling security vendors that it would create additional APIs, opening up Vista's core so third-party security products would work effectively with the new operating system.

Tags: Software Development Methodology,  Windows Security: Alerts, Updates and Best Practices,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Software Development Methodology nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Juniper pulls ATM hacking presentation from Black Hat V.i Labs integrates Google maps to track software piracy Software Piracy pandemic needs government role, better vendor antipiracy plans Software piracy losses total $53 billion, study finds Google study backs browser silent auto update feature Secure software development starts before coding begins Security budget issues to resonate at RSA Conference Twitter worm attack highlights social network flaws Windows Security: Alerts, Updates and Best Practices New attack code targets Microsoft ActiveX zero-day vulnerability When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bypass  (SearchSecurity.com) Common Weakness Enumeration  (SearchSecurity.com) debugging  (SearchSoftwareQuality.com) fuzz testing  (SearchSecurity.com) heuristics  (SearchSoftwareQuality.com) sandbox  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary