How Vista's Trusted Computing will harm software security

Symantec has posted a great early analysis of the Trusted Computing-based DRM in the new Vista kernel. This will allow Microsoft to control who can modify its operating system, and what programs its operating system and applications will talk to.

In order to accomplish this, Microsoft has implemented many characteristics of the original Palladium model (now known as NGSCB) that has received a significant amount of criticism over the past several years.

While this is a noble effort, these new security technologies have a serious side effect. This side effect is that nobody, with the exception of Microsoft, can make changes to certain components of the Windows kernel. The PatchGuard functionality restricts any software that may be attempting to make extensions to the Vista kernel (even those attempting to do so for legitimate reasons). This includes techniques that are commonplace today such as system service dispatch table (SSDT) hooking and interrupt dispatch table (IDT) hooking to name a few.

Another disturbing side effect of this technology is that while legitimate security vendors can no longer make extensions to the Vista kernel (any attempt to circumvent these security features may only work temporarily), researchers and attackers can, and have, already found ways to disable and work around PatchGuard.

Link

(via Hack the Planet)