Sophos comments on Vista security debate

October 23, 2006 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reassured customers that Sophos Anti-Virus will offer full protection against malware threats on Windows Vista as arguments rumble loudly in the security industry about access to Microsoft's kernel.

McAfee and Symantec, developers of competing anti-virus products to Sophos, have publicly complained that they are being "locked out" of the Vista OS kernel by PatchGuard - a feature designed to help prevent rootkits from meddling with system files. They claim that they need to be able to make changes inside Microsoft's kernel in order to be able to continue to innovate with the latest anti-malware technology, sometimes referred to as 'host intrusion prevention' or 'HIPS'. They claim that locking them out of the kernel is inherently anti-competitive.

Sophos is experiencing no problems with PatchGuard for Sophos's latest HIPS technology. Sophos Anti-Virus and its built-in HIPS will work just fine on both 32- and 64-bit versions of Windows Vista. Microsoft has so far provided all the interfaces that Sophos needs for providing this pre-execution HIPS as well as runtime HIPS.

"Symantec and McAfee may be struggling with HIPS because they haven't coded their solutions with 64-bit Vista in mind," said Richard Jacobs, CTO of Sophos. "We've taken a different approach to HIPS, by focusing more on catching bad behavior by analyzing code before it executes. Additionally, we are building our technology by making use of supported Microsoft interfaces rather than by trying to subvert the kernel by 'hooking' calls to it. That's why we're ready for 64-bit Vista, and others aren't."

Sophos believes that PatchGuard is a positive step by Microsoft to improve security in Windows Vista, and is not in itself anti-competitive provided that Microsoft delivers on its commitment to provide the same level of kernel support and integration to third party security vendors as it does to its own security product team.

"It's clearly the case that we and other vendors will now have some dependency on Microsoft to deliver kernel interfaces for new security innovations, which could slow us all down," continued Jacobs. "However this is more than compensated for by the additional security offered by a locked down kernel. Vista with PatchGuard is a step in the right direction for customers, and we believe that security vendors should embrace and work with PatchGuard rather than fight it."

Sophos experts remind customers that although Vista brings with it a number of positive improvements that make it more secure, it is by no means a 100% secure operating system.

"Business will be looking for security partners who work hand-in-hand with the Vista operating system to provide the highest level of protection," said Jacobs. "Our 20 year history of protecting against known and unknown threats, has helped us embrace innovation and engineer best-of-breed solutions to take advantage of OS progress delivering a comprehensive security platform."