« Hackers Target Online Brokers | Main | Can Spam Be Stopped? »

In what is starting to resemble nothing less than the gunfight at the OK Corral, the white hat firm of Authentium announced that they have created a new version of their product that circumvents PatchGaurd’s kernel protection technology. In an article at EWeek, The Palm Beach Gardens based company said that they have a new version of Authentium ESP Enterprise Platform that can bypass Patchguard without setting off desktop alarms. Expect the black hat hackers and internet nare-do-wells to soon follow.

In an attempt to stop hackers from attacking computers with rootkits, PatchGuard blocks any application from “hooking” Vista's kernel commands, a method also used by vendors for anti-tampering and behavior monitoring tools. But unlike McAfee and Symantec, which have demanded access to the kernel, Authentium has simply circumvented the feature. Whereas any program that attempts to modify the kernel will result in a blue screen computer stoppage, Authentium said they have been able to access the kernel without incurring a shut-down.

The loophole used to bypass PatchGuard is simply the result of Vista’s need to support older hardware. As Mike Rothman said on his Daily Incite blog, "This is the fundamental truth of Microsoft's problem. As long as they are constrained by requiring backwards compatibility, the problem is NOT going to get better and we are not going to make much progress."

Because hackers will quickly copy this method of defeating Patchguard, Corey O’Donnell, vice president of marketing at Authentium, said that was why his company is not waiting to see what Microsoft’s APIs will allow for. Said O’Donnell, "Good and bad guys have the same job, to identify holes in whatever software is delivered and beat it."

Posted by pschooff in Better Protection • Hackers • McAfee • Microsoft |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/883