Microsoft announced in a press release that it would make several modifications to Vista to avoid anti-trust issues with the EU, including creating and extending kernel level APIs so that security vendors that were hooking into the kernel would still be able to make a profit, uhmm I mean protect the desktop.
Honestly this is what I would assume would happen as soon as the security vendors got all whiny…yesterday CMP was reporting that MSFT would not budge, but might compromise “He [Stephen Toulouse] was blunt about PatchGuard, however. “We are not going to allow access to the kernel,” he said. “Instead, what we’re saying [to security vendors], to the extent that you were hooking into the kernel, why were you doing it? And how can we help you provide [that functionality] in a safe way?…PatchGuard is designed to prevent unauthorized and unsupported access to the kernel. We never intended Windows, even XP, to run against a modified kernel. There are all kinds of stability and performance issues, including blue screens.” I for one love the blue screen of death, so much so that I have the screensaver.
Bottom line: Microsoft needs better kernel level security, but they should have been working with security vendors to find a work-around or for integration to detect some of the nastier malware we have seen and will continue to see, especially since they have the dark cloud of monopolism, anti-trust, and unfair business practices hanging over their heads. Of course crying foul goes out the window as soon as someone uses a security product to attack the kernel via one of these APIs.