OSNews

"why exactly does one 'need' to be in the kkernel for ones AV software and 'security' software to work?"

Well, without being in the kernel they would not be able to continue writing the viruses that keep them in business

Sorry..couldn't resist it..please mod me down.

rats, couldn't mod you up anymore :-(

--The loon

P.S. It is a well known FACT that the Anti-virus companies create(d) viruses en-mass. Of course, this was to test their software...

Only thing I wonder... how many viruses existed prior to the anti-virus companies coming into play? Probably a little difficult to lookup properly without spending much time I do not have to spend. :-(

"It is a well known FACT that the Anti-virus companies create(d) viruses en-mass."

Is that like the fact that Santa is real and the Easter Bunny actually exist?

No, more like they stated it publicly a few years ago ( at least McAfee did ).

No one was really bothered by it, as I recall. Mostly because people had not much choice but to believe the assertions that the viruses were not made public.

It is still unknown, AFAIK, whether the tens of thousands of viruses made ever became wild ( or if any of them had self-replicating and delivery means ).

--The loon

Not sure if this is entirely the reason but...

URL: http://spywarewarrior.com/sww-help.htm

"In the past few years a new generation of anti-malware protection products has emerged. This new type of anti-malware protection, called HIPS (Host Intrusion Protection System), works at the kernel level to intercept malware before it hits your hard drive and infects the system."

But the thing is, Microsoft provided an API for companies to use - heck, their *OWN* security software use that particular API.

What the anti-virus companies wanted was direct kernel access, whilst Microsoft wanted them to use the API"s which they provided, resulting in the same sort of abilities without the need of having kernel level access.

"Your failed business model is not my problem"

It's a little unfair to blame virus scanner companies for the fact that Windows is/was riddled with virus-shaped holes.

@twenex

It's also unfair to blame MS. MS doesn't go out of it's way to frustrate/plague their users. Idiots and selfish/greedy people who write virus are the ones to blame.

yeah.....uh... I don't know about that.

You are kidding, right? No, really, this was meant to be humorous wasn't it?

It's also unfair to blame MS. MS doesn't go out of it's way to frustrate/plague their users.

It doesn't? Do you remember IE being embedded in the kernel and all the problems that were caused by it? What do you call DRM, product activation, not being able to install the Microsoft OS you bought on an upgraded machine without begging for a MS authorisation?

The list goes on and on...

IE has never been embedded in the kernel. It has, however, been way too tightly linked to the shell (explorer.exe), which itself is a bad idea.

If it is such a bad idea than why does Gnome and KDE now do the same exact thing?

Also, IE has been de-integrated from the shell in Vista.

And you seriously believe those things were done specifically to "frustrate/plague their users"? What exactly would the motive be? A desire to make *less* money?

Activation is certainly not to make the install process easier for users. DRM does not, in any way, help users - at all, under any circumstances... that I can think of.

So, yes. Those points were designed to frustrate and plague the users. To the point in which piracy is forgone (and with it, product migration, and perhaps virtualization soon enough - without more licenses, of course); or, in the case of music, until the recording industry can force about enough legal changes and structural changes that it can leverage it's might in the digital world. 'e-Gouge' if you will.. maybe that's tooo 90's, probably iGouge now.

They'd make less money *if* there was not an essential monopoly. They make more because they can.

It's also unfair to blame MS. MS doesn't go out of it's way to frustrate/plague their users.

No, it just spends time it should be using to close holes on obfuscating APIs.

Truth. It is a little unfair to blame AV companies on Windows shortcomings. What if the new version of Windows fixes all these short comings though (I know thats a big if)?

The market appears to be moving more towards protecting users from thier own nievity and less from exploiting weaknesses in thier OS.

I for one want Windows to be more secure. Tough luck for companies who make their living off the OS being exploited.

My main concern is that Vista will be just as exploitable as any Windows before it and because MS wants to edge everybody out of the market, the users will suffer because MS won't do enough on to protect them.

Has nothing to do with obscurity. Microsoft has technology in Windows Server 2003 which prevents the kernel being tampered with. Its called patch guard and microsoft has an improved version in Vista.

As with rootkits anti-virus software could previously do anything they liked in the kernel. Microsoft refused to cave in to the certain antivirus companies after the EU meetings. They agreed to provide them with API's to do whatever they needed done in the kernel.

What Microsoft - actually Allchin - was basically saying is, "You can have access to the kernel in a controlled manner via an API, but you don't get carte blanche access to do anything in the kernel". These are special API's created for the AV companies.

So AV companies despite knowing what patch guard is and what was coming waited until the last moment to run of crying to the EU.

> If I wanted to be a jerk I could write a program that just randomly closes windows

Actually, that's trivial to do on most window systems including X11. Once you have access to the window system (eg. through an ill thought out xhost + then you can give up on security).