14 DAY TRIAL // Gartner paints a bleak perspective for the integration of HIPS products with Windows Vista, emerging as another PatchGuard contestant. While praising Microsoft on the initiative, Gartner has criticized the time frame associated with the implementation of the PatchGurad changes, arguing that the process will take several years and generate compatibility issues.
"Microsoft will not offer a mechanism for deactivating PatchGuard or a trusted mechanism for "kernel hooking" (Windows system-call interception and kernel dispatch table modification). Microsoft has committed to work with ISVs to develop mutually acceptable mechanisms that will enable legitimate, trusted security software to interact with and control aspects of kernel operation - for example, process creation and termination, memory, anti-tampering and code-loading operations - via documented and supported application programming interfaces (APIs), implemented in much the same way as the Windows Filtering Platform framework," commented Neil MacDonald, Gartner Analyst.
Due to Vista's deadline, the Redmond Company will make the changes available, both capabilities and APIs, concomitantly with Windows Vista Service Pack 1 due in 2008. In this context, the initial Vista 64-bit will hit the market with its kernel patch protection unaltered. Microsoft will also modify Windows Security Center, most likely via a disable mechanism built with signature-based technology to allow for the installation of third party dashboards.
Gartner even presented a set of recommendations warning of the partial functionality of host-based intrusion prevention system and host-based content monitoring and filtering products on 64-bit Vista, even following SP1. In this context, MacDonald advises to consider closely the compatibility issues inherent in the process of implementing HIPS solutions.
"Keep up the pressure. With antitrust concerns temporarily satisfied, Microsoft may feel less pressure to make kernel modifications quickly. Pressure ISVs and Microsoft to work together to achieve rapid development of a mutually acceptable, trusted methods of interacting with the Windows kernel, starting with SP1 and evolving over the next several years," added MacDonald.