Microsoft opens up kernel API. Maybe.
In an article "Microsoft Now Decides to Accept Outside Security for Vista", the Washington Post says that Microsoft "did an about-face", "agreeing to make it easier for customers of its forthcoming Vista operating system to use outside security vendors, such as those who make popular antivirus and anti-spyware programs".
Okay, first, I have to disagree that it makes life easier for customers. Customers slip the CD into the drive, and press "OK" until the software is installed. Nothing Microsoft is doing in respect to this makes life any easier or harder for customers.
However, they may very well be making it easier for those security vendors to keep their old products hobbling into the new operating system without having to change their code.
Is that what you want? Is it really? You want a new operating system's security to be interrupted by old code using the old way of interfacing with the kernel?
Why not have new code that uses the new way of interfacing with the kernel? Mini-filters and other APIs allow anti-virus and other security-related programs to monitor and approve / reject all file activity on the fly, which they previously hacked into the kernel to achieve. I'd much rather see a documented API be used than a kernel hack.
[But then, I've always been a fan of using documented APIs - they are stable and reliable, and you can get support on them when they don't work the way you expect.]
Back to the story, then. Have Microsoft done a U-turn?
Hard to say, really, given that the words being used by everyone come from a transcript of a press conference with Microsoft's General Counsel (aka head lawyer), Brad Smith.
In that press conference, Brad says:
"We devised a new engineering approach that will create and extend new kernel level APIs so that PatchGuard will be retained, the security of the kernel will be protected, and yet security vendors will have an opportunity to meet their needs through these kernel level API extensions."
Hmm... that sounds awfully much like those already-existing APIs designed to interface with anti-virus and other security solutions.
So, the game play seems to be that Symantec and McAfee kick up a big stink, Microsoft says "there, there, everything's fine", and the newspapers notch it up as a victory for the anti-virus folks.
Okay, if that's the way you want to play it, fine. But really, if the antivirus vendors can start using documented APIs, we all win.
Given the number of times I've had to rescue a crashed machine from family members, only to discover that it's a combination of Norton (by Symantec) and some other component of Windows, I'm comfortable keeping those anti-virus vendors out of patching the kernel or calling it through undocumented (and therefore unmonitored) means.
On the machines that I've seen these programs installed, I've disabled so much functionality - and much of it described as unnecessary by the vendor themselves - that I wonder what benefit they really give my users, other than slowing their machines down and breaking the functioning of their software.