Saturday, January 27, 2007

Protecting Windows Using Linux

We’ve been asked several times this week to articulate what we’re doing with the Windows kernel in Vista 64 bit. For various reasons, we’re not going to get specific about what we’re doing. It is true what you’ve read - our folks are talking with the folks in Redmond about how we can move forward on this and enable a positive outcome. Stay tuned.

By the way, for an excellent overview of the APIs, the research firm Gartner has produced a concise and articulate overview. Great work, guys. For the record, it is the Windows Security Center API that was released by Microsoft - not the KPP/PatchGuard API.

One thing for sure - the focus on PatchGuard has brought with it a healthy amount of discussion. What we’re seeing on some blogs now is discussion about non-traditional approaches to security in Windows, such as controlled single-process approaches to security, which is great. This is essentially what we’re doing in VirtualATM. One of the other approaches I think has merit is what FarStone is doing re data backup and recovery. It is using Linux to protect Windows.

First, full disclosure - FarStone are one of Authentium’s technology partners, and we’re just about to release their RestoreIT module for ESP. I think it’s a really useful technology, which is why we’re partnering. AOL think so too - they just did a deal to distribute FarStone as well. But the bottom line is: we’re partners. If you don’t like reading non-arm’s length opinions, please stop reading here.

The approach that FarStone uses in enabling local backup and restore is it boots your PC using Linux, and provides you with options at that moment as to continuing to boot into Windows (just push the space bar), or reverting to a saved image of the hard disk.

Although this Linux/Windows approach has been done before (MacBook anyone?), I think FarStone’s backup plan is an elegant approach, and another great example of how technical and security problems in Windows can be solved through innovative uses of non-Windows technology.

It also strikes me as being nicely secure. By temporarily booting up a PC in Linux, using code they presumably control, FarStone enables end users to make decisions that involve single-purpose use of the CPU, such as rolling back to a saved image of your hard disk from six hours in the past.

By the way, this glowing review is based on personal experience: this technology saved my bacon one night when I was mocking up a VB prototype for a meeting and experienced a crash upon debugging my program. No, I was not running VMWare at the time. After fretting for a few minutes, I remembered I was running the alpha version of RestoreIT for ESP. I rebooted, restored the image (there was one from an hour earlier), and voila - I was saved. And very happy.

I have noticed some postings from folks out there - particularly Mac users - who report that the Vista EULA may attempt not to permit such interoperability, but I can’t see how. I bought my computer. I own the Intel chip that sits inside it. If I want the CPU that I own to run Linux for a few seconds while I boot up, that’s my business.

No comments: