Anti Rootkit Blog

Security company Authentium has revealed that it has cracked the Vista Kernel Protection called PatchGuard. Microsoft in their recently released half yearly security report said that PatchGuard was created to stop malware like rootkit’s from getting into the kernel where they can hide almost anything on the computer especially Keyloggers and Spyware.

 

“Kernel Patch Protection for x64 Windows: Kernel Patch Protection improves security and makes it more difficult for hackers to hide malware, such as rootkit’s, deep in the OS where antimalware technologies may have a more difficult time removing it. ”
Source: Microsoft Security Intelligence Report – January – June 2006

Helmuth Feericks, chief technology officer of Authentium told Reuters recently that his company had found a way to turn off Patchguard, install software and turn it back on again. Although no specific details have been given as to how they were able to turn off Patchguard, it does seem that other people like crafty hackers will soon find their own way and publish it.
The Authentium Blog shows an entry where PatchGuard Kernel Protection is described as “not very useable or useful”. The entry does not go into much detail because of a gag-order from Microsoft. It goes to show that if big Security companies see it as useless then we all will be targets of it’s uselessness.

It is ironic how Microsoft is currently only using PatchGuard on 64 bit Vista as an added security attraction for businesses who are the most likely users of this version of Vista. Ordinary everyday users of the 32 bit version will not have Patchguard protecting them and they could be lucky as this would have given them a false sense of security.

In recent weeks we have seen security companies like McAffee asking Microsoft for access to the Vista kernel so that they can provide HIPS ( Host Intrusion Prevention System ) applications to their 64 bit Vista customers.

Vista Kernel Protection is cracked and it will not be long then until we see Rootkit’s for 64 bit Vista.

Keep Safe

regards
Steo
www.antirootkit.com

This entry was posted on Thursday, October 26th, 2006 at 11:07 pm and is filed under Microsoft, News, Vista. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.