Saturday, January 27, 2007

Documenting PatchGuard

One of the concerns some commentators have mentioned with respect to the ongoing discussion around PatchGuard is that documenting a PatchGuard API may provide a “road map” to hackers bent on compromising Vista.

We strongly disagree. We believe withholding documentation may actually have the reverse effect - not providing documentation may actually make Vista *less* secure.

How so? Sophisticated, financially-motivated hackers make more money when their hacks last longer. Which is why they tend to seek out *undocumented* methods of compromising operating systems - because using secret (undocumented) methods further obfuscates their actions. Hackers will break Vista with or without documentation.

Which is why withholding documentation on PatchGuard hurts only potential allies. Without documentation, there can be no agreed or reliable methods of fighting these guys - of determining “good” technologies from “bad” when it comes to PatchGuard interactions, with the result that threat remediation technologies become risky to develop, and outcomes difficult to predict.

Will large public companies such as Symantec or McAfee take the risk and invest development dollars in the hope of turning a profit from an undocumented threat remediation method that Microsoft can potentially close down? I doubt it. Which begs the question: Why compromise “the good guys” if you know the hackers aren’t going to use the same tools?

To paraphase Bruce Schneier, secrecy doesn’t necessarily lead to security. Our prediction is that sophisticated hackers will continue to break PatchGuard/KPP - regardless of whether or not Microsoft provides a documented API to PatchGuard. Without an agreed, documented method for interacting with PatchGuard, security vendors, including Microsoft, will face growing challenges when it comes to keeping Vista secure.

Our suggestion is that Microsoft provide ISVs with a documented API designed to enable authenticated interaction with PatchGuard as soon as possible, or license in the necessary technology. Confidence is a big reason why consumers buy. Fully-engaging with security vendors can only help build buyer confidence in Vista.

No comments: