Infosec: Antivirus Vendors Fret Over Microsoft’s Closing Windows

A number of antivirus vendors have raised concerns over Microsoft’s increasingly “closed” attitude to its Windows operating system.

When asked what was on his list of concerns for the year, Catalin Cosoi, chief security researcher at BitDefender pointed to Microsoft’s OS, saying “Windows is continuing the trend of providing less and less access to their kernel – they’ve been doing that with Windows 7 and they will do the same with Windows 8”.

“However, it is a product that is being launched this year, it is going to have flaws, it is going to have zero-day vulnerabilities,” Cosoi told TechWeekEurope, suggesting Microsoft’s closed attitude to its OS kernel would, to some extent, harm the security of Windows.

An Apple-esque move?

“I think they are going in the same direction as Apple and Android, they are trying to close down because that is how they consider they can make a safer environment.”

If a vendor does not open up access to an OS kernel, or restricts it, it can make it more difficult for third-party security providers to make workable antivirus applications.

Panda Security’s Luis Corrons pointed to “the deprecation of some networking technologies like TDI (Transport Driver Interface) or NDIS (Network Driver Interface Specification), in favour of the Windows Filtering Platform (WFP), so that vendors will need to adapt their firewalls for instance to work with WFP if they want to get certified”. TDI and NDIS are packet filtering technologies that Microsoft is hoping to phase out.

“It is true that Microsoft is becoming more restrictive than in the past. How far they go with the approach is not yet clear to us,” Corrons added.

Jacques Erasmus, chief information security officer at Webroot, said he thought issues with APIs in Windows 8 might give some vendors “problems” in making their software work effectively on the OS.

But Erasmus said most of the changes in Windows 8 “are for the better”. “For instance if your AV is expired, it will force you to actually have one installed, otherwise you won’t be able to log in,” he noted.

Windows 8 Metro apps also have a restricted security context, meaning users can alter the access they have to system resources.

Eugene Kaspersky, CEO of Kaspersky, said the fact that Windows was changing its APIs for gaining access to lower levels of Windows made life a little trickier for AV vendors, but it did not bother him as the Russian firm’s products would still work just as well on the next iteration of the OS. “It is a little problem, because the engineers have to change their minds a little bit, they have to adapt themselves to the new environment,” he said.

A Microsoft spokesperson noted how the the Windows maker was playing a big part in the security community, but did not comment on the issue of closing off access to the operating system’s kernel.

“Microsoft is committed to fostering collaboration and coordination among key players in the security and IT industry through a variety of ongoing programs such as the Microsoft Active Protections Program (MAPP), the Microsoft Vulnerability Research (MSVR) coordinated disclosure program, and many cross-industry legal and technical initiatives to help defend against ever-evolving online criminal threats,” the spokesperson told TechWeekEurope.

“We also participate in dozens of security conferences and symposia annually where we work closely with the security community. Together, we assess threats, share information and provide guidance to help protect customers and make a positive impact on the broader security ecosystem.”

Think you know security? Test yourself with our quiz!