There's been much written about Microsoft's Vista Kernel Mode Security, especially the Kernel Patch Protection scheme for Windows Vista 64-bit, more commonly known as PatchGuard to the rest of us. Microsoft is selling these security enhancements as the best thing since sliced bread, telling us how much safer our 64-bit PCs will be. Controlling the kernel has little to do with protecting you from hackers and malware - it's about protecting Microsoft's new business modelThe security companies, on the other hand, are up in arms and claiming that Microsoft is locking them out of the kernel so that the Redmond giant can gain greater momentum in the security arena. I'm here to tell you that it has very little, if anything, to do with security - it's all to do with DRM and locking down your hardware.
Controlling the kernel has little to do with protecting you from hackers and malware - it's about protecting Microsoft's new business model.
See, the reality is that Microsoft is changing; software is only part of their business model. Microsoft aspires to be a big player in the media industry (here it is, as ever, following Apple's lead). It doesn't want to create content, but instead have resale and distribution rights. But there's a serious problem with this business model. Windows is far too easy to tweak so that it does your bidding. Hook into Windows at a low enough level with a few lines of code and that CD, DVD, or streamed video download can be captured and repackaged in any format you want. For the user who wants to capture a DVD to disc so that it can be replayed on a laptop, this kind of freedom is great. For a media company trying to grow the bottom line, it seems like financial suicide to allow your content to be run on such an insecure platform.
Enter Windows Vista 64-bit, complete with a ring-fenced kernel.
In order to create a protected path between software DRM components and the system hardware, Microsoft has to make sure that third-party code can't be allowed to insert itself within the media path, because this could intercept protected content and allow leakage. Make no mistake, Microsoft is positioning Windows Vista as a safe platform for the delivery of protected media content, not as a platform to protect you.
The system that Microsoft is using to protect the kernel is two-tiered:
- First, you have in-built defenses, such as PatchGuard, which actively defend the Windows kernel from alteration.
- Then, you have Windows Update. Is someone does manage to bypass the defense mechanisms in place, Microsoft will use the Windows Update mechanism to block up the hole.
Because software isn't clever enough to differentiate between an antivirus scanner which is trying to defend your system against malware and, say, some hack program designed to intercept a streamed movie, Microsoft has to block everyone from tampering with the kernel.
I've spoken to a number of security company representatives and they all tell me that unfettered access to the 64-bit kernel is vital if they are to offer the same level of security as they currently do for 32-bit versions of Windows. That alone is pretty serious and enough for me to give Vista 64-bit a wide berth. Not that I think Microsoft is going to make much headway pushing 64-bit versions for Vista - at least for a few years. The downsides far outweigh the benefits.
But when we are ready to move to a 64-bit platform, we're going to experience the most locked down, rigidly controlled version of Windows, ever.