can symantec and mcafee just stop whining about this...

[hans007]

i've used vista. basically everything in it that has been added is useless except dx10 and the kernel protections.

and here comes symantec and mcafee whining about it in roundabout ways in that it basically destroys their business model. everyone can see this. but patch guard with NO API was a good idea.


why should you be able to directly hook into the kernel etc. i mean i think symantec / mcafee / trend micro etc will just have to find new ways to make money . i actually used to work at symantec and i could only imagine this basically making everyone really panicky and scared about their jobs, but they just ened to accept it and well come up with something else to sell instead of just bitching more and more.

it is sad, as much as i hate microsoft, and especially the new vista EULA i'm going to have to support them on this patchguard thing. i dont see at all how any user benefits by lettling symc and mcafee in there.

anyone else have opinions?

 

[Genx87]

What exactly are their claims? I have only recently heard they were whining about the security of Vista being good enough it may be possible their services arent needed anymore?

What does patchguard do that has them in a pissy fit?

 

[Pabster]

Originally posted by: Genx87
What does patchguard do that has them in a pissy fit?

It protects the kernel in x64 from being modified.

 

[Schadenfroh]

Did Kaspersky support PatchGuard?

 

[Genx87]

Originally posted by: Pabster

Originally posted by: Genx87
What does patchguard do that has them in a pissy fit?

It protects the kernel in x64 from being modified.

This is bad why?

 

[ArchAngel777]

Originally posted by: Genx87

Originally posted by: Pabster

Originally posted by: Genx87
What does patchguard do that has them in a pissy fit?

It protects the kernel in x64 from being modified.

This is bad why?

It is not bad for the end user, only the security software companies. Essentially, if the kernel cannot be modified, the thread of spyware, malware etc, would be completely reduced if not eliminated and therefore those who make their living off of removing spyware, malware, etc, would lose revenue.

However, there would still be a need for 3rd party security programs, because no matter how secure, hackers always find some way to wreak havoc. Besides, both of those company have other programs as well. Symantec has Ghost, Spam Filters for Exchange server and many other things... So, there will still be a use for them. They will no doubt lose some of their business and companies that rely on income solely from adware,malware removal will probably go under at some point in the future.

No reason to fret now though, people STILL use Windows98 to this day and therefore, I am sure it will take years before XP is "eliminated" thus, I don't see the big deal either, not yet.

 

[hans007]

well teh way say norton anti virus does its "auto protect" , part of it is a bunch of kernel hooks. i think the way it works was when say a function like "createprocess" was called symantec intercepts everything and inspects it. hence "kernel hook"

the scanner itself doesnt need it, its all the self protection and auto protect / memory scanning stuff i think that needs it.

 

[TheSlamma]

Why are you listening to them complain?

And jesus why would anyone care.

 

[kamper]

Originally posted by: ArchAngel777

Originally posted by: Genx87

Originally posted by: Pabster

Originally posted by: Genx87
What does patchguard do that has them in a pissy fit?

It protects the kernel in x64 from being modified.

This is bad why?

Essentially, if the kernel cannot be modified, the thread of spyware, malware etc, would be completely reduced if not eliminated and therefore those who make their living off of removing spyware, malware, etc, would lose revenue.

It's not quite that simple. Security companies have built up tools that monitor system calls of any and all applications in order to monitor them for malicious patterns. To do this you obviously need to get into the kernel.

I personally vote for microsoft on this one, not because the other companies are whiny but because microsoft can't have its hands tied on security issues simply out of fear of stepping on the toes of their partners. The kernel-using bits that will no longer work seem like decent short term ideas but a very bad idea to rely on in the long run and a correct design from the ground up absolutely must be the priority.

Of course, given all that, you do have to simply trust that microsoft will not make arbitrary decisions to damage their competitors in the name of security. They obviously don't have a good track record in that regard but given that the bolt-on security industry is something that wouldn't exist ideally anyway (it offers no real features to an end user) pretty much any less than noble intentions should just be overlooked anyway.