Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have reassured
customers that Sophos Anti-Virus will offer full protection against
malware threats on Windows Vista as arguments rumble loudly in the
security industry about access to Microsoft's kernel.
McAfee and Symantec, developers of competing anti-virus products
to Sophos, have publicly complained that they are being "locked
out" of the Vista OS kernel by PatchGuard - a feature designed to
help prevent rootkits from meddling with system files. They claim
that they need to be able to make changes inside Microsoft's kernel
in order to be able to continue to innovate with the latest
anti-malware technology, sometimes referred to as 'host intrusion
prevention' or 'HIPS'. They claim that locking them out of the
kernel is inherently anti-competitive.
Sophos is experiencing no problems with PatchGuard for Sophos's latest HIPS
technology. Sophos Anti-Virus and its built-in HIPS will work
just fine on both 32- and 64-bit versions of Windows Vista.
Microsoft has so far provided all the interfaces that Sophos needs
for providing this pre-execution HIPS as well as runtime HIPS.
"Symantec and McAfee may be struggling with HIPS because they
haven't coded their solutions with 64-bit Vista in mind," said
Jacobs, CTO of Sophos. "We've taken a different approach to
HIPS, by focusing more on catching bad behavior by analyzing code
before it executes. Additionally, we are building our technology by
making use of supported Microsoft interfaces rather than by trying
to subvert the kernel by 'hooking' calls to it. That's why we're
ready for 64-bit Vista, and others aren't."
Sophos believes that PatchGuard is a positive step by Microsoft
to improve security in Windows Vista, and is not in itself
anti-competitive provided that Microsoft delivers on its commitment
to provide the same level of kernel support and integration to
third party security vendors as it does to its own security product
"It's clearly the case that we and other vendors will now have
some dependency on Microsoft to deliver kernel interfaces for new
security innovations, which could slow us all down," continued
Jacobs. "However this is more than compensated for by the
additional security offered by a locked down kernel. Vista with
PatchGuard is a step in the right direction for customers, and we
believe that security vendors should embrace and work with
PatchGuard rather than fight it."
Sophos experts remind customers that although Vista brings with
it a number of positive improvements that make it more secure, it
is by no means a 100% secure operating system.
"Business will be looking for security partners who work
hand-in-hand with the Vista operating system to provide the highest
level of protection," said Jacobs. "Our 20 year history of
protecting against known and unknown threats, has helped us embrace
and engineer best-of-breed solutions to take advantage of OS
progress delivering a comprehensive security platform."