Saturday, January 27, 2007

Microsoft PatchGuard

Yes, it’s true. Our engineers have developed a sophisticated capability that enables us to leave PatchGuard protection in place, except in situations where control of the kernel is needed to protect a user’s data or behavior.

One example of why we need kernel-level access: we have a product coming out in December - VirtualATM - that enables us to turn an end user’s PC into a “single process device” for the purposes of establishing a secure online banking session (hence the name “VirtualATM”). Using proprietary, patent-pending technologies, we are able to protect access to memory and network access, and shut out key-loggers, sniffers, Trojans, and virtually all forms of spyware.

Windows, by design, enables the opposite to this - Windows is designed to run all applications, all the time, virtually without limitation. However, Authentium takes the opposite approach and focuses on enabling “goodware” in the form of a single trusted process. By ensuring that only this process can access the network - and memory - we can greatly reduce the chances that usernames and or passwords will be stolen and reused.

Don’t think this is necessary? According to this article on ZDNet from Bloomberg News, eTrade and TDWaterhouse lost $22 million just last week in a sophisticated scam involving key-loggers installed on end user computers. This may just be the start of things - according to the hard-working guys in our virus lab, a majority of the threats coming into our lab (and we sifted through more than 2,100 just today) are designed for extorting money over the Internet.

In order to stop this epidemic, it is enormously important that government ensure that all security software development companies continue to partner with operating system developers. Microsoft does not have the level of technology that our company has developed and is highly unlikely to be able to provide the kind of process-control and malware-suppression technologies that online banking customers will need in the near future.

It is this need - to protect people, and their identities and their assets - that has driven our engineers to come up with their methods of controlling PatchGuard in Vista.

Note: in addition to our kernel protection technologies described above - and referenced in the announcement tonight by Microsoft, we have also separately completed development of a Microsoft-compliant anti-virus and anti-malware product for Vista 64 bit using the Microsoft mini-filter approach that is fully-compliant with Microsoft specifications.

No comments: